Forum RSS Feed Follow @ Twitter Follow @ Twitter

Thread Rating:
  • 9 Vote(s) - 3.89 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[REQUEST] Lenovo Thinkpad X230(i) (G2ETxxWW) Whitelist Removal
(05-13-2015, 03:31 AM)BDMaster Wrote: Here you go :

http://rghost.net/7jVWT6BBb

Let me know
Regards

Donate to me . . . look into my Signature Wink

Thank you BDMaster!

I flashed the chip, soldered it back to systemboard, and crossed my fingers. Everything works! Big Grin

Transfer speed comparison:

Before @ 144mbps:
   

After @ 866.7mbps:
   

Cheers! Big Grin
find
quote
I want to report success using your methods and files - indirectly. I also used a RasperryPi with a $5 SO8 clip and the flashrom tool.

I'm no x86 guru, but fully understood the rest of the procedure. The part I needed to work out was the actual BIOS modification:
  • I used PhoenixTool to compare the changes between JimmyZ's original upload and BDMaster's modified version of 2.63. I found the 7904 byte module that was changed to remove the whitelist.
  • Next, I analysed a software tool dump of my original Lenovo 2.59 bios and found the same 7904 byte module with the same MD5 as JimmyZ's - different filename though. Finally, I updated to Lenovo's standard 2.64 BIOS, dumped the result and found the same 7904 byte module with the same MD5 and same filename as JimmyZ's. Lenovo apparently doesn't change this code too often.
  • Using PhoenixTool, I merged BDMaster's modified module into my 2.64 dump.
The SO8 clip worked very well for in-circuit programming. I left VCC/3.3V disconnected, using just MISO, MOSI, CLK, CE and GND. These data lines have resistors between the flash chip and the Intel chipset, meaning you will have no problem driving the flash chip directly in-circuit.

The X230 will power up the LAN/flash 3.3V domain with the computer turned off if Wake-On-LAN is active and an AC source is plugged in. You need to activate WoL in the BIOS and (in my experience) plug in a live Ethernet cable. If the X230's RJ45 lights are on then the flash chip will be supplied with a safe 3.3V in the way that Lenovo intended.

PhoenixTool method: https://www.bios-mods.com/forum/Thread-S...0#pid62410
RaspberryPi flashrom: https://github.com/bibanon/Coreboot-Thin...spberry-Pi

The standard 8-pin SOP package from the MX datasheet quoted on the Coreboot page applies to the X230.
I tried flashrom SPI speeds of 512KHz and 2048KHz. Both worked 100% reliably.
find
quote
Nice work Wink
Many thanks for your report my friend !!!
Regards

Your Brain . . . . It's the best tool U can use ! Wink
Don't FLASH the Bios Mod if You get a Size Alert, You risk a Brick !!!
Donate to me for my work, click here BDM
find
quote
Sorry for off-topic.

I am trying to make a dump of X220 BIOS, but have not succeeded yet. I am using SO8 clip and using GZUt EZP XPro as a programmer (http://item.taobao.com/item.htm?spm=a230r.1.14.1.UFVm4f&id=39239453212&ns=1&_u=rmg8fi6d6f5&abbucket=12#detail).

On seller's page it is said that the programmer supports 3v chips, but I still want to ask whether I should using rst1024 method to power up the circuit?:

The X230 will power up the LAN/flash 3.3V domain with the computer turned off if Wake-On-LAN is active and an AC source is plugged in. You need to activate WoL in the BIOS and (in my experience) plug in a live ethernet cable. If the X230's RJ45 lights are on then the flash chip will be supplied with 3.3V.

Or, if I will try to do this there is a possibility that I burn the chip? (programmer supports 3v + 3.3v from circuit)

Thanks in advance.
find
quote
I don't think You can shortcircuit the Chip but I haven't tried as I have Always desolder Chips and
didn't get the RaspBerry SPI PGM !
Regards

Your Brain . . . . It's the best tool U can use ! Wink
Don't FLASH the Bios Mod if You get a Size Alert, You risk a Brick !!!
Donate to me for my work, click here BDM
find
quote
My recommendation: only connect GND and the data/clock lines from your programmer. Do not connect the laptop 3.3V to the programmer 3.3V/3V. Then, try the method with Wake-on-LAN, AC and live ethernet cable to supply the 3.3V. This worked for me and is the lowest risk option by far. You are only coupling weak data signals and not power. Any short circuit or mis-wiring with this set of signals is unlikely to damage anything.

The main reason I'd choose not to drop an external 3.3V across the SPI flash in place is that it results in powering up other chips in the laptop that run off the same supply rail - mostly Ethernet related things in this case. This will:
A) Consume more current than you (or the programmer tool) might expect
B) Risk some expensive and impossible-to-replace BGA chips with your poorly regulated external 3.3V supply

If you do use an external 3.3V, be sure to disconnect the laptop battery and AC supply.
find
quote
(06-04-2015, 05:44 AM)rst1024 Wrote: My recommendation: only connect GND and the data/clock lines from your programmer. Do not connect the laptop 3.3V to the programmer 3.3V/3V. Then, try the method with Wake-on-LAN, AC and live ethernet cable to supply the 3.3V. This worked for me and is the lowest risk option by far. You are only coupling weak data signals and not power. Any short circuit or mis-wiring with this set of signals is unlikely to damage anything.

The main reason I'd choose not to drop an external 3.3V across the SPI flash in place is that it results in powering up other chips in the laptop that run off the same supply rail - mostly Ethernet related things in this case. This will:
A) Consume more current than you (or the programmer tool) might expect
B) Risk some expensive and impossible-to-replace BGA chips with your poorly regulated external 3.3V supply

If you do use an external 3.3V, be sure to disconnect the laptop battery and AC supply.

Many thanks for reply and preventing me doing stupid steps. I have got this http://item.taobao.com/item.htm?spm=a230r.1.14.1.UFVm4f&id=39239453212&ns=1&_u=rmg8fi6d6f5&abbucket=12#detail programmer. As I said before, I did not manage to make a dump of BIOS yet, so I have two more questions:

1. Does removing BIOS battery before making dump make any difference?
2. If I remove BIOS battery will I lost my BIOS settings and Fingerprint data?
find
quote
No need to remove the BIOS/CMOS (coin cell type) battery. It's a very separate power supply and function to the BIOS program flash chips. I don't know where settings and fingerprints are stored.

Do you really need to do all of this for an X220 though? I thought that the Intel protection function that requires hardware flash was only enabled on Lenovo Xx30's and later?

If so, you should be able both to dump and reprogram using software tools. You may have to truncate/offet a dump file before reprogramming, but it'll be standard X220 stuff that is discussed elsewhere. Even on Xx30's, the command line dump tools still work OK, only the reprogram fails.
find
quote
(06-04-2015, 06:48 AM)rst1024 Wrote: No need to remove the BIOS/CMOS (coin cell type) battery. It's a very separate power supply and function to the BIOS program flash chips. I don't know where settings and fingerprints are stored.

Do you really need to do all of this for an X220 though? I thought that the Intel protection function that requires hardware flash was only enabled on Lenovo Xx30's and later?

If so, you should be able both to dump and reprogram using software tools. You may have to truncate/offet a dump file before reprogramming, but it'll be standard X220 stuff that is discussed elsewhere. Even on Xx30's, the command line dump tools still work OK, only the reprogram fails.

Wait-wait, let me explain. I have a nasty problem every time I flash BIOS-MOD - 5-5 beeps on the system start up. As much as I understand, every X220 with TPM on board have RSA signature, RSA key and Check-sums in the BIOS. Every X220 has it own pack of RSA key and signature, as well as check-sums, so if you need to get rid of this 5-5 beeps, you should make a dump with a SPI programmer. Not with software flasher. Am I wrong?
find
quote
I don't know those details - sorry.

I'd speculate that if the beeps are due to an RSA signature failure, you will have limited options:

1. Figure out how to RSA-sign your modified BIOS as if it had come from Lenovo. If you do this, you'll be a hero: it'd probably allow X230's to software-flash modified BIOS images too, assuming the same keys are used across models.
2. Modify the firmware to suppress the beeps. This check is probably somewhere in the Intel ME firmware rather than the X86 BIOS. Although Embedded Controller beep is mixed with the PCH (Intel) beep channel (either can beep the speaker), I'm guessing that the Hitachi/Renesas H8S EC CPU doesn't have access to the 4Mb BIOS image in order to run checks.
3. Make up a small circuit hack to mute the beep channel for X seconds after power up.
4. Remove a resistor somewhere, permanently disabling the beep channel, but allowing normal audio through.
5. Learn to live with the beeps!

Maybe (2) is possible for somebody here? This page (http://www.coreboot.org/Board:lenovo/x230) suggests that the ME flash area isn't software readable, which is probably why you're looking at this hardware path now.

Good luck in any case. I think reading the flash chips will be the easiest part.
find
quote


Forum Jump:


Users browsing this thread: 11 Guest(s)
Expand chat
Expand chat
Expand chat

To join us in the community live chat, please register or log-in