💾 Archived View for colincogle.name › blog › thinkpad-liberation captured on 2023-12-28 at 15:18:34. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-06-03)

-=-=-=-=-=-=-

Colin Cogle's Blog

"Hacking Haswell ThinkPads' Firmware"

by Colin Cogle

Written Sunday, January 2, 2022.

Last updated Tuesday, February 15, 2022.

A Brief History of Intel

The x86 ISA has been around since the late 1970's. In the past fifty-plus years, this CISC architecture has only gotten more and more complicated. It's gotten to the point where a separate computer needs to prepare the *real* computer to load an operating system. Starting around 2006, Intel's chipsets (and later, processors) included a separate "autonomous subsystem" known as the Intel Management Engine. This co-processor runs as long as the main computer is receiving power, even when the actual computer is turned off. More troubling, the code is obfuscated, which means that security researchers are largely unable to examine it.

Over the years, other features would be integrated into the Intel ME: Intel Anti-Theft (now discontinued), Intel AMT, Intel vPro, Intel Boot Guard, Protected Audio/Video Path, Serial-over-LAN, Intel Platform Trust Technology, and others  — still with the chip and its firmware largely invisible from independent security researchers.

While there is a strong business case for many of these technologies  — save for PTT being required to implement an fTPM  — the average home user will not need these, especially on this Lenovo ThinkPad T540p that I recently obtained; it has a fourth-generation Intel Core processor, which is not compatible with Windows 11, so I don't need to worry about having a TPM.

The FCC Is Also Involved

In the United States, manufacturers need to have their computers approved by the FCC if they contain any wireless radios (i.e., for Wi-Fi, Bluetooth, NFC, or cellular data). Each separate configuration needs to be certified. To save them time and money, many BIOSes contain an allow-list of permitted Wi-Fi and WWAN cards.

That's understandable, but with Wi-Fi 6 and Wi-Fi 6E out, Wi-Fi 5  — particularly the pre-wave2 stuff  — is starting to get a little long in the tooth. Plus, shouldn't we have the freedom to modify our hardware to suit our needs?

A ThinkPad T440p with an unauthorized Wi-Fi card showing that if you install an unauthorized wireless card, the system will refuse to boot. (Photo credit: Wolfgang)

About Software Freedom

With all respect to Richard Stallman, the hardware and software you buy should respect the four essentials freedoms of software: to run an app for any purpose, to study how an app works, to change it to make it do what you wish, and to redistribute and make copies to help others.

Thus, let me show you how you can modify your "Intel Inside" laptop or desktop to run whatever code you want it to run, so that it behaves how you want it to behave. (Since this is a firmware modification, it's far safer to show you how to modify yours, rather than give you a binary blob that might have unintended side effects.)

Preparation

You will need a ThinkPad based on the Intel Haswell platform, such as the T440p, T540p, W540, and W541. I'm working on a T540p. For other models, you'll need to look at the motherboard and find your chips yourself. Before we start, go ahead and download the latest Intel ME and Lenovo UEFI firmwares. You won't be able to update these later without repeating all of these steps!

The Lenovo flashing software will keep modified software far away from the chips. Thus, you will need to purchase a chip programmer. Order a CH341A-based programmer.

While you wait for your new tool to arrive, expose your BIOS and ME chips. I've heard that it's right under the memory access door on the T440p. However, on my T540p, you'll need to completely remove the motherboard from the laptop. Because I wound up with many leftover screws, I won't explain how to do that. Instead, consult Lenovo's Hardware Maintenance Manual and follow their directions. Fortunately, this and the reassembly are the toughest parts of this liberation (as is removing the keyboard without breaking any keycaps).

Be sure to unplug the CMOS battery, too. We need all power removed from the motherboard.

When you get the motherboard free, you'll see two identically-shaped eight-pin chips over by the SIM card slot. The one closest to the business end of the slot is a 64 Mb Macronix 25L6473E chip that contains the Intel Management Engine, the Ethernet PXE option ROM, and other related things. The opposite chip is a 32 Mb Macronix 25L3273E chip that contains the UEFI BIOS partitions.

A flash programmer hooked up to the BIOS chip of a Lenovo ThinkPad T540p.

You should also make sure the `flashrom` tool is installed, and you have a working copy of Python 3. Your operating system's package manager can give you both of these.

Neutering the Intel Management Engine

The Intel ME cannot be removed entirely from any Intel Core platform, as it is required for initializing and booting the computer. However, the three-lettered American intelligence agencies were not okay with a hidden operating system running on their computers, so Intel came up with a special operating mode for the ME. As they stated in a press release:

In response to requests from customers with specialized requirements we sometimes explore the modification or disabling of certain features. In this case, the modifications were made at the request of equipment manufacturers in support of their customer's evaluation of the US government's "High Assurance Platform" program. These modifications underwent a limited validation cycle and are not an officially supported configuration.

Positive Technology - "Disabling Intel ME 11 via undocumented mode"

I will let you, dear reader, take their warning at face value.

That being said, let's continue. Here is what needs to happen with this chip:

1. Read the Intel ME ROM.

2. Run me_cleaner to remove unneeded modules and enable the High Assurance Platform mode.

3. Write back the neutered ROM image.

Let's get started. Position your flash reader clip on the Intel ME chip (the one closest to the SIM card reader), connect your flash reader to your computer, then run flashrom to read the chip:

flashrom --programmer ch341a_spi --chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E/MX25L6473F" --read upper.bin

(Tip: If you're not sure your programmer is attached firmly, read the chip a second time into upper2.bin and then diff the two files. If the files differ, make sure your clip is firmly connected and try again.)

Fortunately, we won't need to edit this file on our own. Download a copy of me_cleaner from GitHub. This will set the ME into the High Assurance Platform/AltMeDisable mode, so that once the bring-up phase is complete and the POST begins, the ME will safely hang:

git clone https://github.com/corna/me_cleaner.git
python me_cleaner/me_cleaner.py --soft-disable --relocate --truncate --output-file upper-cleaned.bin upper.bin

That was easy, right? Now, let's write back our cleaned image. This step will take a while, so don't panic. flashrom will be reading, writing, and verifying each block.

flashrom --programmer ch341a_spi --chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E/MX25L6473F" --write upper-cleaned.bin

Congratulations! You can attach the screen, keyboard, and charging port to the motherboard and boot it up now, if you'd like to test. When you go into the BIOS, you'll see that the listed "ME Version" is now blank.

If that's all you wanted to do, you can stop reading and start re-assembling the laptop.

Removing the PCIe Allow-list and Unlocking More Firmware Options

While we have this thing open, we might as well upgrade it to Wi-Fi 6. Hop on eBay and pick yourself up a newer WLAN card, such as the Intel AX200 (Wi-Fi 6) or AX210 (Wi-Fi 6E). While those have their own proprietary firmwares, they are rock-solid under Linux.

Before we begin this step, here is another reminder to download and install the latest firmware updates from Lenovo. (For the T540p, BIOS version 2.39 is the latest.)

Position your flash reader on the UEFI BIOS chip  — the one furthest from the SIM card slot  — then dump it:

flashrom --programmer ch341a_spi --chip "MX25L3273E" --read lower.bin

Just like with the Intel ME, there are pre-made tools to unlock the BIOS.

# Download and install UEFITool.
# It's in Ubuntu's repositories, but if that's not an option, grab it from
# GitHub; then, configure, build, and install it. Make sure the UEFIPatch
# binary is in your PATH.
apt install uefitool || git clone https://github.com/LongSoft/UEFITool.git

# Download and edit our firmware patches.
wget https://raw.githubusercontent.com/digmorepaka/thinkpad-firmware-patches/master/xx40_xx50_patches_v7.txt
$EDITOR xx40_xx50_patches_v7.txt

Read through the patch file. Comment or uncomment any lines that apply or don't apply to your ThinkPad's make and model. Uncomment lines pertaining to your model, and comment ones that don't; otherwise, at best, your patch will be ineffective, or at worst, your computer will beep or not boot (but you can reverse this by repeating these instructions with an unadulterated copy of your BIOS). Save and exit when done, and we'll create a patched image.

UEFIPatch lower.bin xx40_xx50_patches_v7.txt -o lower-patched.bin

While the ThinkPad will work if we flash this file back, it will beep like a madman. We need to sign the BIOS with an RSA key. Fortunately, there is no PKI enforcement, so any key will do, even one that we generate on the fly. Let's bring in another open-source tool:

# Download and install this tool and its dependency.
git clone https://github.com/thrimbor/thinkpad-uefi-sign.git
pip3 install pycryptodome

python3 thinkpad-uefi-sign/sign.py lower-patched.bin --output lower-patched-signed.bin

That was almost too easy. Let's write it back to the chip. Again, this will take a while, so go do something else for a few minutes.

flashrom --programmer ch341a_spi --chip "MX25L3273E" --write lower-patched-signed.bin

Now, reassemble your laptop and start it up! You'll get an error about the CMOS checksum being and the date/time being invalid. That was because we disconnected the backup battery, not because we decided to rewrite the firmware. If you go into the BIOS, you'll see a plethora of new settings under the new Advanced menu.

Note that this Advanced menu takes the place of the Date/Time menu, so we'll have to boot our operating system and set the clock there.

In Conclusion

You've done it! The spyware located inside the Intel Management Engine is now inoperable. On top of this, you've modified your firmware to let you upgrade and tweak this laptop as much as you want. Hopefully this makes your older ThinkPad last even longer!

Much credit goes to Wolfgang, for his excellent write-up about doing all this to a ThinkPad T440p.

https://notthebe.ee/Removing-the-Wi-Fi-Whiteslit-on-Haswell-Thinkpads-T440p-W540-T540-etc.html

I'd also like to thank the developers of the various tools that we've used:

https://GitHub.com/corna/me_cleaner

https://GitHub.com/LongSoft/UEFITool

https://GitHub.com/thrimbor/thinkpad-uefi-sign

=================================================================

Previous Blog: "PowerShell 7 for Programmers"

Next Blog: "A File Format to Aid in Security Vulnerability Disclosure"

=================================================================

"Hacking Haswell ThinkPads' Firmware" by Colin Cogle is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA).

https://creativecommons.org/licenses/by-sa/4.0/?ref=chooser-v1