I checked in another BIOS modding forum regarding my topic and someone said microcode couldn’t be added to this existing BIOS to support the CPU but didn’t explain why, so trying my luck here.
The current BIOS only supports 12th Gen CPUs but Lenovo is releasing a P3 line which is very similar hardware that supports the 13th gen line. Is it possible to add this CPU support to my BIOS?
All I was able to find so far were .CAP files of both my BIOS and the unreleased P3 workstation, and managed to use AMI BIOS Guard Extractor to get an ALL.bin, not sure if this is the BIOS? If it is, not sure how it can be flashed back once modded.
Anyways, after extracting this BIN I opened both the old and new generation one with UEFITool NE and could see the CPUID support but am not sure where to go from here.
Would anyone here know if this is possiible, adding support for the 13th gen CPU to my BIOS CAP file or tell me what I need to do to make this possible?
Other than that its Lenovo own design/restrictions… their in the business to sell and make money!
Good luck
EDIT: Sorry, cant help you with that.
Depending how your thinking about the method for flashing a mod file on a LENOVO system with bootguard… and dont ask me how to bypass security checks and best method or safest one without bricking the system board…, working on a current dump from the bios_region could be a better option, using Intel FPT tool from MEI package according your chipset ME FW version. Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15) - Special Topics / Intel Management Engine - Win-Raid Forum (level1techs.com)
The AMI BIOS Guard Extractor is correct for that operation you’ve done.
Thats it, you should wait for others users contribution on your request.
EDIT: Dump tools on the linked thread, the rest i cant assist you as already told before.
I have already read that thread however I am confused how to go from the CAP file downloaded from lenovo to a proper
BIN I can modify and flash, do you have any assistance on that?
I was able to get a BIN using the method explained in my first post but am not sure if this is the proper way to get a BIOS as its from a CAP file and how I can even use it?
Anyone else willing to help? I have Intel ME Version 16.1.25 build 2124 but that thread has CSME v15 only, not sure where to start to dump my bios_region.
Thank you, didnt even know there was another thread! I tried every version until I found v11 worked but with some errors, and it didn’t feel right. I’ll see what else I can figure out from here.
From what I understand correctly, I should be downloading the ME firmware from my OEM and running it through ME Analyzer which I did and got the below: https://i.imgur.com/dzCQkI4.png
If the firmware.bin they provide says ADP/RPP at the bottom that means it supports Raptor Lake 13th gen processors already?
It seems like the PMC, PCHC, and USB C sections of ME Analyzer only have ADP at the bottom of them for chipset support: https://i.imgur.com/AQzamiu.png
I managed to dump my complete BIOS (I think) using “FPTW64 -d spi.bin”. After opening it in UEFI Tool NE alpha I get this in the parsing section: https://i.imgur.com/p04IUpn.png
Are these errors going to cause issues when I try and flash the BIOS if I manage to modify/get help to modify it?
I’ve been doing some heavy research into this and found some instructions on how to enable the HAP bit and enable Flash Descriptor write access to ultimately disable ME.
However, is this even necessary to do that if I dump using ‘fptw64 -bios -d bios.bin’ to get a dump of my bios? If I could mod the bios then flash that back using fptw64 I shouldn’t even need to mess with ME correct?
As i said before, it is advisable only to work if possibel with the bios_region for mods.
Since this is the region we need, theres nothing to mess with FD for ME access.
So FD grants read access: fpt -bios -d bios_region, will retrieve a dump of bios region
If FD grants write access, this previous dump: fpt -bios -f bios_region.
If these 2 operations were successful, then we know that FPT can write/flash the modded bios_region you dumped and performed the mods.
AGAIN, i warn you as i warn all users, fpt will write the mod, being this correct or not, if for some reason the motherboard didnt liked the mod, we will have a bricked system and needs a recover procedure form the OEM (Lenovo) if possible… because when the motherboard is bricked… we can say its dead. Final resource, will have to be SPI programmed, do i make myself clear enough on this subject?
This is ONLY a user choice to proceed in this “adventures”… as i did just now to my motherboard updating mCODES with fpt, taking the risk of not seeing your post and to give this answer.
Updating the ME FW is a side operation, that usually an OEM package will perform it safe, but if manual done, then it requires the so called access to read/write again.
PS… No BROS here my friend… those are you’re every day buddies.
As of now, I have Read access to FD, RW access to BIOS, and read access to ME.
If fptw will flash the bios with modifications regardless of if its good or not, then I basically only have one shot and can’t mess up it sounds like?
Is there anyone here who can assist with the microcode part? I will use that documentation you sent earlier, I just want to try and have the best chance at making it work if possible.
I ordered a replacement motherboard just in case but would like to get some help if anyone is willing. I love to learn this kind of stuff so I am definitely willing, I just want to make sure I’m not doing something stupid and preventable.
Basically just someone I can bounce ideas and show screenshots to as I am making microcode changes in this thread and say “Hey does this look okay so far?” Not asking for one on one time, just for input on if what I am changing is making sense.
You’ll have to follow the guide i previous linked, if there’s available space for inserting new mcodes, all should be good, if not then give up from this ideia.
You can share here the results… i cannot and no one can, assure that after flashed its a bricked motherboard or not, this is something that users must understand regarding this kind of questions, specially in “branded” systems with their own securities and secrets not public shared.
We all take risks and we all have success and fails, simple as that.
@MeatWar Sounds good, I will start this tomorrow. One last question before I do; if there isn’t enough space for additional mcodes, is it possible to replace the existing microcode instead of adding/inserting onto it since I won’t need the 12th gen CPU support?
…Can i ask you why, after all my explanations on the subject, still messing with the ME FW/ME_region? If im not mistaken you need to exchange/add cpu mcodes ONLY correct? Unless you’re trying a manual ME FW update to the latest version outside Lenovo packages…, so whats the status of bios_region access R/W?
EDIT:
fpt -d (makes a full dump of all possible blocks accessible) of all combined spi regions
fpt -bios -d (makes a dump ONLY of the bios_region, if accessible for read)
fpt -me -d (ME_region, if accessible for read)
fpt -fd -d (FD_region, if accessible for read)
fpt -gbe -d (GBE_region, if accessible for read)
learn the tool switches…
fpt -i (Will present you spi info/details from Regions and their Master Access)
So what dumps did you performed, tested as i instructed you in previous posts?
I couldn’t do fptw64 -BIOS -f myBIOS.bin after dumping it (successfully) with fptw64 -BIOS -d myBIOS.bin. Doesn’t this mean BIOS region is locked and I need to set the AltMEDisable bit so I can write to BIOS?
Yes… i though by now that this was already clear enough in all my words…
or even in the related guides that already linked… and should be read to learn, or else ill be here writing to you all that is already in the guides and you dont care to read or learn… being very patient to you… usually i start to ignore users that disregard what is pointed to read/learn, we cant help users if they dont learn the basics.
EDIT: So dump now the bios_region, mod it and flash it back.
Do all the possible dumps for safe keeping.