SSD or usb? SSD impossible…
usb
DISKPART> list disk
N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- — —
Disco 0 Online 931 Gbytes 1024 Kbytes *
Disco 1 Online 977 Mbytes 1408 Kbytes *
DISKPART> select disk 1
Il disco attualmente selezionato è il disco 1.
DISKPART> list par
Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 976 Mb 64 Kb
DISKPART> detail disk
SanDisk Cruzer Micro USB Device
ID disco: {9798385F-A3F5-4FD9-A3E1-7F70A9A77DB4}
Tipo: USB
Stato: Online
Percorso: 0
Destinazione: 0
ID LUN: 0
Percorso: UNAVAILABLE
Stato corrente di sola lettura: No
Sola lettura: No
Disco di avvio: No
Disco file di paging: No
Disco file ibernazione: No
Disco file dettagli arresto anomalo: No
Disco cluster: No
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- — ----------- ----- ---------- ------- --------- --------
Volume 3 D H1CN FAT32 Rimovibile 976 Mb Integro
pretty long enough to feel fatigue in my fingers, maybe 2-3 min
Ok seem all ok for diskpart,
Sorry, maybe I underestimated the time to keep FN+R pressed, but thank @shinasoba , for putting the real time.
Unrelated
Btw, bello il Diskpart in italiano
I held it down like a damn for a while, no try again tonight. in my opinion the motherboard is blown. the fans don’t even turn on startup. ehehehhehe grazie bello
Just for curiosity, can you try to boot without the ram stick?
The first stage of the boot process (Sec and PEI) are done from cache-as-Ram, so you might get some beep or fan spin, I don’t know what expect from this type of boot, but maybe we get some useful info
I tried to start everything unplugged too. nothing at all.
Now, I have to go.
One think that you can try, is remove the two battery, and leave removed from 30+ min, and then retry.
PS: Once inserted the battery, you should plug the charger otherwise the battery is still electronically disconnected (Same option as Disconnect Battery in BIOS),
У меня сегодня была точно такая же проблема. Постоянные перезагрузки с надписью self healing bios recovery progressing. Это началось после установки вольтажа памяти на 1.35 и изменения множителя с 24 на 25. Ничего не помогало. В итоге, я вернул 2 стоковые плашки оперативки леново и смог загрузиться в windows. С 1 плашкой памяти не работало.
Edit by Fernando:
@extasy
Please write by using latin letters. This is a pure English language Forum, where each visitor - no matter where he/she lives - should be able to read and understand all contributions.
Ok test
Help!
lenovo legion 7 16ithg6. Bios H1CN44WW unlocked.
I did an undervolting of 80 millivolts and the laptop started to reboot constantly every 20 seconds. Black screen, keyboard backlight is on. It is not possible to load the BIOS from the USB flash drive. I reset the СMOS battery power, removed NVME, but it was unsuccessful.
Any ideas?
Try repeatedly tapping f9 while booting to access the NOVO menu. That lets you do various setup and system reset functions. might help
I am about to try setting each of the memory settings manually to see what happens. I did find a section the relates to DDR4 training that is disabled by default. I dont remember what section i found it in though. That could be what is needed for the memory overclock setting to make use of any auto settings that remain.
By default, the laptop is just using the jedec settings that are flashed onto the ram sticks and not doing any training unlike the default on a desktop board.
you can potentially use the paid version of thaiphoon burner to modify the spd settings on the ram sticks to allow for a "Ram overclock" with tighter timings. the laptop will just read the new settings from the stick
I don’t think that the bios has anything hidden or otherwise that supports xmp settings
Before trying emergency flash, have you completely turned off, maybe disconnecting and reconnecting battery?
Btw, if nothing work, the only solution that work for sure is a flash programmer…
Amazing work! Registered just to say that what you did was awesome.
I’ve been playing with GHIDRA to try and see if I can replicate your process of discovering this method, though I’m still quite new and can’t figure out how you did it.
I can’t wait to see your guide in the future!
The guide will take a bit of more time, as I’m getting busier now.
But If you want, here some hint:
* Know a bit of how assembly work, knowing all x86 ISA is not required(you can right click on an instruction and use Processor Manual to open the Manual to the instruction specific page), but a quick understanding of how PUSH, POP and similar work is helpfull and how function call are made is very useful
* Learn various type of calling convention of X86, for example _stdCall _thisCall, _fastcall, as are the way of passing parameter to function, most of the time, ghidra pick the correct one, but sometime might be usefull, correct manually
* Learn How UEFI work (UEFI Spec for reference, and beyond Bios are good resource, never used the latter, for lack of time)
* you need at least know the structure of a basic DXE module
* What hare Protocol, and how they are refered,
* Knowing what a HOB is nice to have, but not required here
* How HII work, can be useful as you approach the end if you want to be sure of what you have found, or otherwise you test it and see the overcome
* You will learn that the entry point always take two argument the first is a EFI_IMAGE_HANDLE, and the Second is a EFI_SYSTEM_TABLE
Now that you know that the second argument is EFI_SYSTEM_TABLE, in the first function call, you will most likely find the definition of two global data the EFI_RUNTIME_SERVICE and EFI_BOOT_SERVICES, both referenced from the EFI_SYSTEM_TABLE
* defined this two, with the correct data type the code will became more and more readabe, as many function pointer now will be resolved, and will have a proper name.
Then remember that string are your friend, and sometime starting from the easy thing is a good solution, and sometime, like this case you can be lucky:
So Open UEFI Tool:
Search for String Advanced -> No really usefull result most are inside the IFR.
Search for Hidden : 4 Result:
*1 match in BDSDXE
*2 match into SetupUtility
*1 Mach inside DebugPageDxe
From this you discard BdsDxe as it probably didn’t help us
Remain SetupUtility and DebugPageDxe, extract both the PE32 and open in a HEX editor or use the string command (Remember some string can be Unicode) to fetch all the string.
From The SetupUtility you get string like, Don’t expose TPM when hidden, that are completely useless, but from DebugPageDxe you’ll find
"Press F2 key, it will Enter into BIOS Setup and show Hidden Page. Press ESC key, it will normal boot."
This sound interesting, so you load the DebugPageDxe Into ghidra and start resolving the structure etc.
Then you locate the string and trace backward:
Then you will find in some part this
var = GetBool(something, some_number); // Get Bool is a name that I gave to the function, and internally it locate the PCD protocol and call PCD->GetBool
if(var)
{
print("Press F2 key, it will Enter into BIOS Setup and show Hidden Page. Press ESC key, it will normal boot.")
}
in some other part of the code you wil find
var = GetBool(something, some_number); //some_number are the same as before
if(var)
{
gRS->SetVariable("cE!"…)
}
From then you discovery that the variable cE! do something, now you have two option, the lazy way, create manually and see what happen, or search for other reference to this.
Searching for other refernce you will find just another, and if you reverse this, you will find the code that will case the advance to show…
Side note, instead of manually resolving the UEFI structure, you could use tool like EFISeek for ghidra or EFIXplore for IDAPro, but these failded so many time on me, that I’m doing manually or using my script.
Thanks for the details. I have worked on ARM microcontrollers (cortex-m) and familiar with ARM assembly, but x86, UEFI and GHIDRA are all new to me which is why I got confused.
I will read up on these and report back.
just noticed that rgb on the rear vents and right vent are not lighting up regardless of with/without icue, didn’t notice it for the last two days coz i turn rgb off
it could be the consequences of messing up bios 
Just registered to say thank you! This is great and exactly what I’d been looking for for a while.
Can confirm the unlock works on:
Legion 5 15ARH05H - CPU: 4800H, GPU: RTX 2060, BIOS: FSCN20WW.
Thank you very much again for sharing!