Hi, I am working to remove the whitelist of my Thinkpad X1 Extreme Gen 2.
I have an SPI programmer and have dumped my current bios several times using different software and the hashes match.
Currently the measured boot is disabled, and verified boot is enabled. I also disabled rollback prevention and security chip(TPM), device guard in the bios
However I have several questions that I am still confused:
1. If I patched the whitelist using IDA along UEFITool on my working bios dump(assuming I’m doing the patches in the right way), will ME/Boot Guard cause my system to refuse to boot?
2. In case I did previous step wrong, like after I found out the system won’t boot due to my wrong patch, will my laptop go back to normal after flashing my previous proofed working dump?'
3. Do I need to use a factory bios(like the one on update website) along with my working bios to manually compose a new bios for flashing? Or I could just mod the one I dumped?
Could you please help with my questions? Thanks!
Below is the output of meinfowin -verbose on my X1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
Intel (R) MEInfo Version: 12.0.64.1551
Copyright (C) 2005 - 2020, Intel Corporation. All rights reserved.
Windows OS Version : 10.0
LPC Device Id: A30E.
Platform: Cannonlake Platform
General FW Information
FW Status Register1: 0x95000245
FW Status Register2: 0x80110106
FW Status Register3: 0x00000030
FW Status Register4: 0x00004004
FW Status Register5: 0x00001F01
FW Status Register6: 0xC4400AC9
CurrentState: Normal
ManufacturingMode: Disabled
FlashPartition: Valid
OperationalState: CM0 with UMA
InitComplete: Complete
BUPLoadState: Success
ErrorCode: No Error
ModeOfOperation: Normal
SPI Flash Log: Present
Phase: Maestro
PhaseStatus: UNKNOWN
ME File System Corrupted: No
FPF and ME Config Status: Committed
FW Capabilities value is 0x7DF6D145
Feature enablement is 0x5DF6D145
Platform type is 0x42001491
Found an Intel vPro Wireless device
Platform Type Mobile
FW Type Production
Last ME Reset Reason Unknown
BIOS boot State Post Boot
Slot 1 Board Manufacturer 0x000017AA
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
Capability Licensing Service Enabled
Local FWUpdate Enabled
OEM ID 4C656E6F-766F-0000-0000-000000000000
Integrated Sensor Hub Initial Power State Disabled
Intel(R) PTT Supported Yes
Intel(R) PTT initial power-up state Disabled
OEM Tag 0x00
TLS Enabled
Intel(R) ME code versions:
BIOS Version N2OET44W (1.31 )
MEBx Version 12.0.0.0010
GbE Version 0.4
Vendor ID 8086
FW Version 12.0.64.1551 H Corporate
LMS Version 2012.14.0.1520
MEI Driver Version 1952.14.0.1470
Wireless Hardware Version 2.1.77
Wireless Driver Version 21.80.2.1
IUPs Information
PMC FW Version 300.2.11.1024
OEM FW Version 1.0.0.0001
LOCL FW Version 12.0.64.1551
WCOD FW Version 12.0.64.1551
PCH Information
PCH Version 12
PCH Device ID A30E
PCH Step Data B2
PCH SKU Type Production PRQ Revenue
PCH Replacement State Disabled
PCH Replacement Counter 0
PCH Unlocked State Disabled
Flash Information
SPI Flash ID 1 C22019
SPI Flash ID 2 Not Available
Host Read Access to ME Enabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
FW Capabilities 0x7DF6D145
Intel(R) Active Management Technology - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED
Service Advertisement & Discovery - PRESENT/ENABLED
Persistent RTC and Memory - PRESENT/ENABLED
End Of Manufacturing
Post Manufacturing NVAR Config Enabled Yes
HW Binding Enabled
End of Manufacturing Enable Yes
Intel(R) Active Management Technology -
Intel(R) AMT State Enabled
MAC Address --hidden--
IPv4 Address 0.0.0.0
IPv6 Enablement Disabled
Configuration State Not Started
Provisioning Mode PKI
M3 Autotest Enabled
Link Status Link Down
Wireless Micro-code ID in Firmware 0x2723
Wireless LAN in Firmware Intel(R) Wi-Fi 6 AX200
Wireless Hardware ID 0x2723
Wireless LAN Hardware Intel(R) Wi-Fi 6 AX200
Localized Language English
C-link Status Enabled
System UUID --hidden--
Wireless MAC Address --hidden--
Wireless IPv4 Address 0.0.0.0
Wireless Micro-code Mismatch No
AMT Global State Enabled
Privacy/Security Level Default
Intel(R) Protected Audio Video Path
Keybox Not Provisioned
Attestation KeyBox Not Available
EPID Group ID 0x28E6
Re-key needed False
PAVP Supported Yes
Security Version Numbers
Minimum Allowed Anti Rollback SVN 9
Image Anti Rollback SVN 9
Trusted Computing Base SVN 1
FW Supported FPFs
FPF UEP ME FW
*In Use
--- --- -----
Enforcement Policy 0x03 0x03 0x03
EK Revoke State Not Revoked Not Revoked Not Revoked # Not Revoked=0, Revoked=1
PTT Enabled Enabled Enabled # Disabled=0, Enabled=1
OEM ID 0x00 0x00 0x00
OEM Key Manifest Present Present Present Present # Not Present=0, Present=1
OEM Platform ID 0x00 0x00 0x00
OEM Secure Boot Policy 0x69 0x69 0x69
CPU Debugging Enabled Enabled Enabled # Enabled=0, Disabled=1
BSP Initialization Enabled Enabled Enabled # Enabled=0, Disabled=1
Protect BIOS Environment Enabled Enabled Enabled # Disabled=0, Enabled=1
Measured Boot Disabled Disabled Disabled # Disabled=0, Enabled=1
Verified Boot Enabled Enabled Enabled # Disabled=0, Enabled=1
Key Manifest ID 0x01 0x01 0x01
Persistent PRTC Backup Power Enabled Enabled Enabled # Enabled=0, Disabled=1
RPMB Migration Done Disabled Disabled Disabled # Disabled=0, Enabled=1
SOC Config Lock Done Not Done Done # Not Done=0, Done=1
SPI Boot Source Enabled Enabled Enabled # Enabled=0, Disabled=1
TXT Supported Enabled Enabled Enabled # Disabled=0, Enabled=1
ACM SVN FPF 0x02
BSMM SVN FPF 0x00
KM SVN FPF 0x00
OEM Public Key Hash FPF 2B4D5D79BD7EE3C192412A4501D88FB2066C853FF7B1060765395D671B15D30C
OEM Public Key Hash UEP 2B4D5D79BD7EE3C192412A4501D88FB2066C853FF7B1060765395D671B15D30C
OEM Public Key Hash ME FW 2B4D5D79BD7EE3C192412A4501D88FB2066C853FF7B1060765395D671B15D30C
PTT Lockout Override Counter FPF 0x00
PS C:\Users\cgli\Downloads\Temp\Intel CSME System Tools v12 r24\Intel CSME System Tools v12 r24\MEInfo\WIN64> .\MEInfoWin64.exe -fwsts
Intel (R) MEInfo Version: 12.0.64.1551
Copyright (C) 2005 - 2020, Intel Corporation. All rights reserved.
General FW Information
FW Status Register1: 0x95000245
FW Status Register2: 0x60000506
FW Status Register3: 0x00000030
FW Status Register4: 0x00004004
FW Status Register5: 0x00001F01
FW Status Register6: 0xC4400AC9
CurrentState: Normal
ManufacturingMode: Disabled
FlashPartition: Valid
OperationalState: CM0 with UMA
InitComplete: Complete
BUPLoadState: Success
ErrorCode: No Error
ModeOfOperation: Normal
SPI Flash Log: Present
Phase: HOSTCOMM Module
PhaseStatus: UNKNOWN
ME File System Corrupted: No
FPF and ME Config Status: Committed