Lenovo M93p Fan white List Removal.

Yes the Board has the ME Jumper. And the S3 Bug does work but with older BIOS only.

I read somewhere that BIOS older than 2014 don’t even have BIOS Lock. So theoretically I would be able to just Downgrade to an older BIOS from 2013 and then be able to flash from within Windows.

For Thinkpad Laptops, there is a project that exploits this: https://github.com/n4ru/1vyrain

Which BIOS fixes this vulnerability can be found here: https://support.lenovo.com/in/de/product…%3Fp&source=psa

For Thinkcentre M93p its BIOS Version: FBKTA5A

So older BIOS Versions have the S3 Bug.

But the script does not support Thinkcentre Boards.

Without an automation script like 1vyrain, I don’t feel comfortable to exploit the S3 Bug right now, as this is my production system right now and I need it daily and cant risk it getting it bricked. I’ll have more PC’s available in a few weeks time and then might try tinkering with it. But I first need some useful usecase to start tinkering with the BIOS.

Remember when you fixed the BIOS for me and after that I was able to flash from within Windows?

Can you remember which BIOS version you used that you linked in this Post of yours: Lenovo M92p Q77 Tower BIOS Bricked - Recovery with CH341A Programmer SUCCESS.

I can’t figure out, why I was able to flash with FPTW after using that BIOS.

I remember that after I flashed that BIOS with the hardware programmer, I could write bios with FPTW. But after that I used FTPW to flash the latest Stock BIOS and then I think I forgot that flashing the Stock BIOS would also LOCK the FD again and after that I could not flash with FTPW anymore due to BIOS LOCK.

But you also wrote that you didn’t unlock the FD in that file. But I think I unlocked the FD myself. I remember setting the FD Unlock Bits in hex editor myself using the tutorial you linked.

Is it correct that with even the ME Jumper set, the BIOS Lock will be inplace and we would need to set the FD Bits first to be able to unlock the BIOS and write it.

I remember that after flashing the Stock BIOS again, I was not able to flash any Modded BIOS wether the ME Jumper was set or not.

The ME Jumper is not the Problem but what scares me is to have to use the hardware flasher, because the BIOS chips are so thin and it is so difficult to get a grip on them with the SOP CLip.

I’m 100% sure that I was able to Flash BIOS with FPTW , but I’m unsure why. Was it because you or I unlocked the FD, or because you used an older BIOS version that had no BIOS Lock? Or Was it because The BIOS that you used had the S3 Bug?

Having a script like 1virain also for Thinkcentres will make thinks much easier.

WHat do you make about what I wrote about not having “BIOS Lock” variable inside the Setup module? How can we disable BIOS Lock in this BIOS then? Is the method described for Asus not possible with this BIOS?



EDIT: I also noticed that the Setup IFR has:

0x3D74E Suppress If {0A 82}
0x3D750 QuestionId: 0x102 equals value 0x1 {12 06 02 01 01 00}
0x3D756 One Of: ME Flash Descriptor Override, VarStoreInfo (VarOffset/VarName): 0x90, VarStore: 0x1, QuestionId: 0x43E, Size: 1, Min: 0x0, Max 0x0, Step: 0x0 {05 A6 FD 02 FE 02 3E 04 01 00 90 00 14 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x3D77C Default: DefaultId: 0x0, Value (8 bit): 0x0 {5B 0D 00 00 00 00 00 00 00 00 00 00 00}
0x3D789 One Of Option: Disable, Value (8 bit): 0x0 {09 0E FF 02 00 00 00 00 00 00 00 00 00 00}
0x3D797 One Of Option: Enable, Value (8 bit): 0x1 {09 0E 00 03 00 00 01 00 00 00 00 00 00 00}
0x3D7A5 End One Of {29 02}


So we might be able to change FD via EFI Shell.