Since my new laptop which is base on hm170 but do not contain nvme efi modlle after i insert it by mmtools5 and flash it into bios,when reboot the message show" boot guard verified DXE that is failsystem will shutdownpress any key" that i can do anything except prees kry to shut down. Some one could help me how to insert new modlle on Hm170 platform? Thanks!
You can’t do any BIOS modification on this platform without having a private key from Dell to sign the modified BIOS.
The only means to disable BootGuard (if implemented correctly) involves chipset resoldering and deep BIOS modifications.
Please write to Dell’s support and ask for a BIOS update with NVMe support.
OK THANKS
@CodeRush
How could people like Victor Voinea from allservice.ro modify/inject dxe modules into latest Lenovo Thinkpads such as T460/T470 with enabled BG?
Would appreciate if you could point me in the right direction.
Found a backdoor, probably. Right direction is reverse engineering of Lenovo’s chain of trust, because BootGuard is only a first link in the chain, and there may be other much weaker ones.