Thanks. We only need to edit the lower section of the BIOS then When/IF we can get a mod going in properly
I hope so, I’ve got a week of my life into this project and at this point failure is not an option. Pic related.
Hopefully it’s not RSA or signature checked, if so, nothing we can do. If it is, then your only option to boot from NVME in that case will be Clover or Duet method, unless you want to look at other NVME models.
I’m not sure, but I think maybe Samsung 951 can boot on non-NVME BIOS, but we’d have to have @Fernando confirm that or not
I tested out a Clover solution a few days back and that worked fine, and the boot times on this system are already atrocious, so I’m not worried about that. At this point it’s just a matter of principle that it boot right to the WD NVMe drive if possible.
I’m certainly not a cryptologist, and I’m sure this is far outside the scope of what is worth pursuing, but it seems like since we have access to 7 different BIOS versions for this system reverse engineering the key and applying a new signature would be within the realm of possibilty.
I hear that, many don’t like Clover or DUET, but if it’s only option you may have to go that route. But yes, lets see what we can do!
Signature would be key hashed and applied across all volumes one by one, no way we could crack it with all the BIOS versions in the world.
So, did you finish the dump and try a new edit yet? Send me the dump once you get so I can do an edit and send you way, so you can then compare and see if your edit = same.
I will be removing the Boot Agent GE though, not IDE, so if you want to compare your edit to mine via hex, you’d have to make same edit.
AFAIK the only NVMe SSD, which doesn’t need an EFI NVMe module within the BIOS to be bootable, is the Samsung 950 Pro.
Yep, here it is:
http://s000.tinyupload.com/?file_id=43892561294995070025
MD5: D7FA098AF6C50F5121F5FB22295BCF8D
@monkeyyninja - So, did you test edit/program it now, if yes what’s the verdict?
Here is mod to try if you want, this has Boot Agent GE removed at lower volume, NVME inserted, UEFITool 25.0 used
http://s000.tinyupload.com/index.php?fil…446684812535083
I couldn’t ever get any of my mods to work, I’ll give yours a shot today.
-----------------
Unfortunately this BIOS looks to be locked down tight and the supplied BIOS failed in the same ways my attempts did. No matter what changes are made the system refuses to boot and eventually performs a fail-over to the alternate BIOS. Looks like IBM really didn’t want anyone making unsanctioned changes to their machines.
A few notes to anyone who reads this thread to update their own system in the future, IBM included an on-board port for flashing the BIOS. I traced each necessary pin on the BIOS chip to a white connector nearby. Purchasing a bare connector that fits that socket would be far easier than messing with a test clip. Also, the IMM gives more detailed error logs about why the system won’t boot, and in my case each one was related to security/signature issues.
Hopefully in the future someone can figure out how to bypass this, but with how many layers of bullshittery IBM/Lenovo stacked on top of their firmware that seems unlikely.
LOST_N_BIOS, thanks again for your help, it’s too bad we couldn’t get this working. Clover it is, then.
@monkeyyninja - bummer to hear! Are these BIOS chips removable? I wondered if you removed the backup if it would do the same or not? What is you leave service mode jumper in place after programming, does it auto-recover then too?
There may be a way to bypass the security/signature check, or to disable it etc, but I’m not aware of it. If you come across info on how to, let me know and if needed I can do the edits.
If there is a service jumper, may be labelled ME, FD, FDO, Service, Management etc - then leaving that in place may allow flash in of mod BIOS, and if there is and it allows it, it may remain OK once removed too (not sure, more things to try if possible, look the board over for a 2 or 3 pin header)
There are a few undocumented jumpers around the board, and one of them does mention UEFI recovery. I’m going to take a break from this for a few days to regain my sanity, but I’ll give them a go and dive into the IMM deeper next weekend. Already got Clover back up and running for the time being.
I would assume recovery is for that purpose, unrelated to what I mentioned. I hear that! Once you get back on this, send me images of all the jumpers and surrounding areas, if you are not sure, so I can see all the labels.
At least you have clover setup going now, but it would be nice if we could get around this for you and others too if it’s eventually possible. But yeah, up to you how much more time you want to put into this, and when etc.
Hey, thank you for starting to look into the IBM UEFI. I have a bit different goal but a very similar set of problems - trying to get the bifurcation working. Waiting for the 16pin clip to arrive. Any pointers as to where to look? It seems my BIOS update platform file was also partial, so trying to get a full version off the chip directly.