GM45 Thinkpad Internal flashing research: Difference between revisions

Latest revision as of 15:51, 1 March 2017

Introduction

The goal is to be able to flash the Lenovo GM45/GS45 Thinkpads like the Thinkpad X200 Internally(without the need of an external flasher), with flashrom, after having booted the default boot firmware.

Anti-reflashing mechanisms

The Lenovo X200 uses the following mechanisms to prevent internal reflashing:

Flash descriptor: Set the flash descriptor read-only, locks the ME, and platform regions.
PR registers: Sets the BIOS bootblock read-only and prevent access to the platform region
The BUC.TS register is locked.

Non-working approaches

If we remove the flash descriptor read-only protection we are able to easily reflash coreboot, but:
- The flash descriptor restrictions may be able to be lifted by using the GPIO33, but accessing that pin is very difficult and has huge probability of breaking the board.
- Finding a command to send to the ME to unlock it is very unlikely, as it is only supposed to work when the management engine is in manufacture-mode. The Me is not in manufacture-mode on production laptops.
- Find a way to disable or crash the ME would probably have no effect at all on flash protections
Executing code in SMM would have no impact as it woun't permit to remove flash read-only protections.

Approaches

When the computer boots, the bootblock sets the PR registers, which has the effect of making itself read-only. If there are conditions in which the bootblock doesn't set the PR registers, finding, understanding, and using them would allow us to reflash coreboot internally when booted from the default boot firmware.

There are several approaches that could help finding them:

There are modded boot firmwares that aim to disable the WiFi card whitelist: While they only update some sections of the flash image, they also come with some unused bootblock and flash descriptor that respectively don't set the PR register and that disable the Management Engine:
- Comparing them with the original boot firmware might lead to interesting results.
It might be possible to run the bootblock with SerialICE to find what it does.

@@ Line 1: / Line 1: @@
-== BIOS reagion ==
+== Introduction ==
-Here is [http://paste.flashrom.org/view.php?id=2717 a log] of flashrom on the flash chip of an X200T
+The goal is to be able to flash the Lenovo GM45/GS45 Thinkpads like the Thinkpad X200 Internally(without the need of an external flasher), with flashrom, after having booted the default boot firmware.
-In the log, we can see that the BIOS region is set read-write in the flash descriptor:
-       Descr. BIOS ME GbE Platf.
- BIOS    r     rw      rw   rw
- ME      r         rw  rw
- GbE                   rw
-The issue is that the BIOS region is still partially locked:
+== Anti-reflashing mechanisms ==
-x74: 0x9fff07e0 PR0: Warning: 0x007e0000-0x01ffffff is read-only.
+The Lenovo X200 uses the following mechanisms to prevent internal reflashing:
+* Flash descriptor: Set the flash descriptor read-only, locks the ME, and platform regions.
+* PR registers: Sets the BIOS bootblock read-only and prevent access to the platform region
+* The BUC.TS register is locked.
-The flash descriptor probably cannot be reflashed easily from the x86 CPU.
+== Non-working approaches ==
+* If we remove the flash descriptor read-only protection we are able to easily reflash coreboot, but:
+** The flash descriptor restrictions may be able to be lifted by using the GPIO33, but accessing that pin is very difficult and has huge probability of breaking the board.
+** Finding a command to send to the ME to unlock it is very unlikely, as it is only supposed to work when the management engine is in manufacture-mode. The Me is not in manufacture-mode on production laptops.
+** Find a way to disable or crash the ME would probably have no effect at all on flash protections
+* Executing code in SMM would have no impact as it woun't permit to remove flash read-only protections.
-== ME reagion ==
+== Approaches ==
-If we remove the RAM DIMM from slot0, the BIOS outputs an error message on the screen that asks to put the DIMM back and refuses to boot. I guess it's related to what mysteries_intel.txt (inside flashrom source ) was mentioning.
+When the computer boots, the bootblock sets the PR registers, which has the effect of making itself read-only.
+If there are conditions in which the bootblock doesn't set the PR registers, finding, understanding, and using them would allow us to reflash coreboot internally when booted from the default boot firmware.
-So I guess that either:
+There are several approaches that could help finding them:
-* The BIOS can only be partially flashed at all.
+* There are modded boot firmwares that aim to disable the WiFi card whitelist: While they only update some sections of the flash image, they also come with some unused bootblock and flash descriptor that respectively don't set the PR register and that disable the Management Engine:
-* The BIOS can be flashed by the vendor tools which probably reboots the computer when doing it. In that case the code doing the PR0 Locking could be located after the PR0 locked reagion.
+** Comparing them with the original boot firmware might lead to interesting results.
+* It might be possible to run the bootblock with SerialICE to find what it does.
-== Ideas ==
-* Try to see if, by remapping the GPU GTT we could get arround the PR registers issue.
-* Using suspend to RAM will probably result in the PR region being unmapped between when it resumes at 0xFFFF0000 and when it re-enables that region lock.
-* Look if SMM/SMI region is locked. And look what happen to it at resume.
-* The ME could also be disabled at boot by removing one of the RAM DIMM (I don't remember which one), but then the BIOS checks for that, outputs an error message, and interrupt the boot. I also wonder how that could be used.