[REQUEST] Lenovo X220 (8DETxxWW) Whitelist Removal

[skx]

Hi skx. Yes, the installation tool that Lenovo provides with their bootable CD iso image here and Windows BIOS update utility here (WINUPTP.EXE) is what prevents rolling back the BIOS to a previous version. The installation tool included with the modified BIOS does not prevent rolling back.

Amazing, thanks for clarifying, so I am indeed good to keep rolling back as I never used their official Windows bios update tool. I thought the roll back prevention was included in the actual running bios, but they did it in their windows update application.

If you want to flash the modified BIOS without installing Windows or bothering with the modifications to use Linux, there's a procedure described here that allows you to do it from a bootable Windows PE USB.

Never heard of of Windows PE, already quickly looked into it and I will indeed use this to flash the custom bios.

Hope this helps!

It sure did, johnmcdonnel Thanks a lot, and have a wonderful day!

[Remmerboy]

Hi
nice work on modifying bios.
but i'm getting bsod when running flash.bat for no whitelist only of a file called winflash64.sys

update
the bsod message is "Page Fault In Nonpaged Area" and i have run memtest84 to see if it was my ram. no errors found on ram

second update
reinstalled windows and run the program right after install. no problem. it must be a config somewhere in windows that messes with bios update

[lapbios]

Flashed 1.46 on X220 (Lenovo official 1.46 previously flashed) and "Advanced" menu shows, X220 is apparently behaving normally since. However at end of flashing (flash.bat) a message had appeared quickly three or more times in succession "Verifying BIOS Fail! Reflashing". Eventually the process finished without any particular confirmation message of success or otherwise.

Does this indicate something unrecoverable went wrong, or does it indicate the flash was eventually successful?

Thanks

[kyvlle]

I installed the 1.46 full-mod BIOS on a X220 Tablet (i7), using flash.bat. Now it seems to have lost the SLIC table for Windows activation. Any ideas on how to get it back?

Running SLIC ToolKit, it now says SLIC Status: Invalidated

What sort of info would you need to help troubleshoot?

On a side note, the boot logo also disappeared. But that's the least of my worries right now.

EDIT: Clearing the NVRAM restored the original boot logo.
A member on another forum helped with a custom patch that restored the SLIC. So all good now. (There's 2x5 beeps on boot, but I can live with that or turn off TPM.)

[lart]

Looks like there is a DOS based bootable CD available from Lenovo as well. It appears that it uses pflash.exe, which contains at least these strings:

PFLASH v1.4.83.0 (20110105) ©Phoenix Technologies Ltd. 2009 All Rights Reserved$
Usage: PFLASH [/cvar] FileName$
FileName : New BIOS Name For Flash Programming$
/secure : Security Flash$
/cvar : Clear varibles$
/bbl : Update recovery volume$
/nosmi : Flash BIOS without SMI$
/hide : Flash BIOS without PFAE and GUI$
Example : PFLASH 965gf.fd$
: PFLASH /secure CAPSULE.cap$

Simply replacing the original file with modified version didn't work, apparently there is a checksum verification somewhere in there. Probably running the pflash.exe directly would bypass this, as well as version comparison. (I flashed with original 1.46, would be nice to reflash with modified version)

I will keep on working with the DOS image and its contents; it would be really nice to get this working - or has someone already seen the trouble?

....

pflash /exit /sa 8det76ww\$01cb000.fl1 --> "Fail to authenticate image!(Fail: UNSUPPORTED)"

$ sha256sum 8det76ww/\$01cb000.fl1
3fd47f1ba7cdbd6b577f32d640d65a8a4d74299632cca581a7e0993b5859ef4b 8det76ww/$01cb000.fl1

Is this some kind of checksum issue or am I just lucky I haven't bricked the x220 yet?

....

I called it quits, dug out a windows machine and created the winpe usb stick linked in the instructions on some post in this thread- link here to help other lazy people: http://x220.mcdonnelltech.com/bios/

That software installs nicely with Wine, and if you look where it installed itself, you will find an ISO image; worth taking a look at, could be handy for things like this.

[citizen4]

ValdikSS and johnmcdonnell,
I like your latest BIOS very much. I appreciate very much the effort you put into building a nice X220 BIOS.

I had an additional request.

Since I heared about Intel ME I do not trust it. How can we still trust that the Intel ME part in the new Lenovo BIOS just does what we want it to do? I did everything I could to disable all Intel ME components in the BIOS settings but in Windows the "Intel Management and Security Status" 2007-2010 still gives the messages:
- Intel Active Management Technology (Intel AMT): turned on (How can that still be the case?)
- Intel Remote PC Assist Technology (Intel RPAT): Not supported (Can we trust that statement, is all possible trouble really permanently solved?)
- Intel Antithefttechnology (Intel AT): Turned on (How can that be since I permanently disabled that in BIOS)
I disabled the possibility to update the Bios from within Windows but Lenovo asked for my password and updated the BIOS anyway, so how much can we trust the BIOs settings or that intel that ME is disabled?

From what I can find out there is no solution yet for the 30 minutes shutdown bug when Intel ME is completely removed. But there is something called me_cleaner which can do three things: (1) remove most parts of intel ME, (2) shrink the ME portion of bios and (3) enable A HAP bit for a High Assurance Platform setting which is supposed to mean that the remaining Intel ME components "do not misbehave".
see https://github.com/corna/me_cleaner/wiki...isable-bit
They claim that can be moved into a user flashable BIOS, if a ventor (like Lenovo) provides a flashing software (Like Lenovo does and I presume you use for your custom BIOS) it could be flashed from windows (or alternatively a windows PE bootdisk). That would be very nice since I am not a IT specialist but would like to get rid of Intel ME.

Would it be posible to incorporate that in a new custom BIOS for the X220?

I hope to hear from you guys about this

[Kalan1]

Can anyone confirm which bios is working with X220 tablet? I need to remove whitelist to get a new wifi adapter Intel 7260.

Thanks

[johnmcdonnell]

Can anyone confirm which bios is working with X220 tablet? I need to remove whitelist to get a new wifi adapter Intel 7260.

The BIOS posted by ValdikSS here works with all X220 models including tablets.

[illuxio]

Flashed 1.46 on X220 (Lenovo official 1.46 previously flashed) and "Advanced" menu shows, X220 is apparently behaving normally since. However at end of flashing (flash.bat) a message had appeared quickly three or more times in succession "Verifying BIOS Fail! Reflashing". Eventually the process finished without any particular confirmation message of success or otherwise.

Does this indicate something unrecoverable went wrong, or does it indicate the flash was eventually successful?

I had the same issue. Seems to me that it works normal as expected except that suspending does not work any longer. Can it be that this is related to this issue?

[pcs]

There is a new BIOS available for the X220, version 1.46 - https://support.lenovo.com/pl/en/downloads/ds018805. The changes are related to the Spectre (v3a and v4) security risk. May I ask for the unlock of this BIOS version? Many thanks

This package contains 2 BIOS modifications for Lenovo ThinkPad X220 laptop.

** Lenovo X220 v1.46 Modified Bios (no whitelist only) **

- Whitelist removal only
- Re-signed with custom key to get rid of 5 beeps on boot

** Lenovo X220 v1.46 Modified Bios (full-blown) **

- Whitelist removal
- Unlocked AES-NI on "no-encryption" machines
- Unlocked hidden advanced menu
- Unlocked memory speed (supports DDR3 1600 and 1866)
- Disabled package c-state lock at MSR 0xE2 (for Hackintosh)
- Re-signed with custom key to get rid of 5 beeps on boot


https://files.catbox.moe/9dt19z.7z
https://my.mixtape.moe/hduebg.7z
https://a.safe.moe/fAhaWog.7z
http://dl.asis.io/AGrynCdp.7z
https://u.teknik.io/ZwJOA.7z

this is my first time updating and flashing my bios and I know it can brick my machine so I want to make sure I'm doing this right.

my x220 is currently at 1.42.  Do I have to update to 1.43 > 1.44 > 1.45 > 1.46 in that order then update to 1.46 custom bios?