I use UEFITool 25 when I did the setup module edit. So, you updated microcode 306D4 and it boots, or not?
If not, you probably need to fix FIT first, or it needs edited differently, some Phoenix must be edited in special way when you do the ucode changes (Speaking in general, not editing your BIOS right now so not sure what applies here.)
Intel Boot Agent could be updated, as well as GOP module, and EFI Intel PXE module too + NVME Mod could be done as well
I’m guessing on the microcode because of the region its in, since I changed the logo there I think microcode will be fine. Wasn’t in a hurry because linux loads its own intel microcode so I won’t even feel it. I will look at the ones you listed but from what I see the gop module posted here is older than the one in my bios. I will definitely try the boot agent/nvme/pxe like you suggested and see what happens since I will open the laptop up tonight again to install some stuff. Then I’ll report back.
------
I added the microcode easily, just have to test it. But most of the modules I’m finding here are for ami bios and not phoenix. Also laptop only has PCIe in the wifi slot and only plain sata in wwan slot.
-------
Microcode worked perfectly but I’m coming up short on modules to try that aren’t ami bios. Can’t find 306D3 either anywhere. Maybe its possible to rip it out of linux/windows microcode updates, not sure.
So some further info is found. Seems that this was considered a “vulnerability” by lenovo. https://support.lenovo.com/gb/en/solutions/len-20527
In theory:
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<1.33>
UEFI: 1.33 / ECP: 1.16
- [Important] Security fix addresses LEN-22660 TianoCore EDK II BIOS Vulnerabilities.
Refer to Lenovo's Security Advisory page for additional information.
(https://support.lenovo.com/us/en/solutions/LEN-22660)
-[Important] Added Hyper Threading enable/disable option to ThinkPad Setup for virtualized
system users in order to address LEN-24163 L1 Terminal Fault Side Channel
Vulnerabilities (CVE-2018-3646). Refer to Lenovo's Security Advisory page for
additional information.(https://support.lenovo.com/us/en/solutions/LEN-24163)
(Note) Disabling Hyper Threading may increase system power consumption
during sleep.
- (Fix) Fixed an issue where BIOS silent update might fail with system account.
<1.32>
UEFI: 1.32 / ECP: 1.16
-[Important] Security fix addresses LEN-22133 Speculative Execution Side Channel Variants 4
and 3a (CVE-2018-3639, CVE-2018-3640). Refer to Lenovofs Security Advisory page
for additional information. (https://support.lenovo.com/product_security/home)
- (Fix) Fixed an issue where BIOS POST might display the error message
"Boot Manager recover from an error."
1.32 bios should still be possible to mod. I will check how this goes on T440 and ensure I do not upgrade to EDK II BIOS vulnerability fixed version.
So great success on the T440P.
I backed up the original bios first. Then I upgraded to 2.50.
First I took the entire laptop apart and copied the 8mb chip. It was run through ME cleaner and the hap bit was set. This survives through bios updates so you won’t have to take the entire computer apart again.
I started by removing some modules to get rid of spyware:
2
3
smart connect - ?? can't find it
Computrace - computrace in module name
Intel AT technology -ATAMUI ATpolicyInit ATam
Next I used UBU and updated the intel network firmware. It did not work on microcode, I had to manually hex edit EFISystemNVdata for that and logo.
Now to the juicy parts.
I patched: File_DXE_driver_32442D09-1D11-4E27-8AAB-90FE6ACB0489_SystemFormBrowserCoreDxe_body
Same way as I had before and the advanced menu appeared. This hack is good now 100%
I'm not sure if the whitelist was removed or is still active, but I copied pre-patched module to
File_DXE_driver_79E0EDD7-9D1D-4F41-AE1A-F896169E5216_LenovoWmaPolicyDxe_body
The system boots but it beeps! So then I followed the signing procedure from InsanelyMac, except I signed the entire FFS and not just the volume.
Beeps are gone and maybe only thing left is to do intel gop driver or some other things like that.
I’m assuming this is the guide you’re referring to? https://www.insanelymac.com/forum/topic/…eeps-on-lenovo/
Like you said, finding the SHA-1 hash of the volume and replacing it was easy. But I couldn’t find the RSA public key (the guide says: "This key starts with 12 04 and ends with 01 03 FF and is after the TCPABBLK block.") Edit: I see now that you’re saying the whole thing is signed with the Boot Guard key.
In the BIOS, in the security chip settings, under "Security Reporting Options" there is an option that says "CMOS Reporting", which can’t be disabled. I’m wondering if maybe that is staying enabled even after the TPM is "disabled"? Otherwise, it seems strange why the system would boot anyway, because my understanding is that Intel Boot Guard would prevent the system from booting altogether, as opposed to the TPM which apparently just beeps?
Edit Below
Hi there,
You mention nvme for the x250? Im curious as how you would go about it? The guide on here thoroughly explains AMI but unfortunately not Phoenix. Apart from adding a compatible DXE driver with Phoenix tools I’m unsure what else I would need to do in order for it work. I found mentions of "nvme" in the modules; PlatformHiiAdvancedDxe, FitDiagnostics, SystemBootManagerDxe. Any help would be much appreciated.
Thanks!
No PCIE lines in the x250 except in the wifi slot. So you lose that if you want nvme and there are not a lot of lanes. Only SATA in the wwan.
The system boots because bootguard isn’t disturbed. The same key is used for BG as for the TPM so you can’t “fix” the TPM on xx50 and up models. At least the beeps go away. People have modded up to T480 now using proper non-secured bios. Maybe they also patched the lenovo security check that causes the black screen but I’m not sure, I just downgraded. Info is only on discord. T440P can be re-signed because of no bootguard and the key can be freely replaced… and has to since it keeps beeping every boot.
There is also some microcode mods now to remove TDP limits but alas none of my cooling systems support much beyond extending turbo time.
Salutations comrades. I have gotten someone to mod my x250 bios to have an advanced tab but they won’t reveal what was required to do so. I’m looking for some compatriots to help compare the original bios and the modded to discover the method employed and open source it. @Lost_N_BIOS @NSAfarm
Phoenix Tool plus folders comparison function of Total Commander and you got it.
Thanks, you got a link for a free version