GM45 Thinkpad Internal flashing research: Difference between revisions

From coreboot
Jump to navigation Jump to search
Line 15: Line 15:


== Approaches ==
== Approaches ==
* The bootblock is read-only, and sets the PR registers protections. There might be a way to ask it nicely to remove such protections, to be able to reflash it with coreboot.
* The bootblock is read-only, and sets the PR registers protections. There might be a way to ask it nicely to remove such protections, to be able to reflash coreboot.
* Some unofficial BIOS updates (that removes the WiFi whitelist limitation) exists and are rumored to disable PR registers protections.
* Some unofficial BIOS updates (that removes the WiFi whitelist limitation) exists and are rumored to disable PR registers protections.

Revision as of 15:22, 1 March 2017

Introduction

The goal is to be able to flash internally the x200 with Flashrom.

Anti-reflashing mechanisms

The Lenovo X200 uses the following mechanisms to prevent internal reflashing:

  • Flash descriptor: Set the flash descriptor read-only, locks the ME, and platform regions.
  • PR registers: Sets the BIOS bootblock read-only and prevent access to the platform region
  • The BUC.TS register is locked.

Non-working approaches

  • If we remove the flash descriptor read-only protection we are able to easily reflash coreboot, but:
    • The flash descriptor restrictions may be able to be lifted by using the GPIO33, but accessing that pin is very difficult and has huge probability of breaking the board.
    • Finding a command to send to the ME to unlock it is very unlikely, as it is only supposed to work when the management engine is in manufacture-mode. The Me is not in manufacture-mode on production laptops.
    • Find a way to disable or crash the ME would probably have no effect at all on flash protections

Approaches

  • The bootblock is read-only, and sets the PR registers protections. There might be a way to ask it nicely to remove such protections, to be able to reflash coreboot.
  • Some unofficial BIOS updates (that removes the WiFi whitelist limitation) exists and are rumored to disable PR registers protections.