Lenovo x260 boot delay

[c0d3z3r0]

x260 working but ~25 sec boot delay latest UEFI/Bios R02ET63W (1.36)

me_cleaner parameters: -M /tmp/me -S -d -r -t

I have an idea what the problem could be. I had some delay problems on Lenovo P320. After updating ME before applying me_cleaner everything worked fine. Maybe there are big differences in BUP code. I have to verify this later this day.

So it may be a good idea to first update ME in general before using me_cleaner. Maybe there is a way of just replacing the BUP module or the whole FPTR partition with the latest one. There could be another option in me_cleaner for supplying an ME update image. @corna what do you think about that? Do you know if the ME updates are the same for all vendors or if the customize it like UEFI?

ME version: 11.0.0.1194 Latest ME version for x260: 11.8.........

me_cleaner log: Full image detected The ME/TXE region goes from 0x3000 to 0x700000 Found FPT header at 0x3010 Found 11 partition(s) Found FTPR header: FTPR partition spans from 0x1000 to 0xa8000 Found FTPR manifest at 0x1478 ME/TXE firmware version 11.0.0.1194 Public key match: Intel ME, firmware versions 11.x.x.x Reading partitions list... FTPR (0x00001000 - 0x0000a8000, 0x000a7000 total bytes): NOT removed FTUP (0x00110000 - 0x0001bc000, 0x000ac000 total bytes): removed DLMP ( no data here , 0x00000000 total bytes): nothing to remove PSVN (0x00000e00 - 0x000001000, 0x00000200 total bytes): removed IVBP (0x0010c000 - 0x000110000, 0x00004000 total bytes): removed MFS (0x000a8000 - 0x00010c000, 0x00064000 total bytes): removed NFTP (0x00110000 - 0x0001bc000, 0x000ac000 total bytes): removed ROMB ( no data here , 0x00000000 total bytes): nothing to remove FLOG (0x001bc000 - 0x0001bd000, 0x00001000 total bytes): removed UTOK (0x001bd000 - 0x0001bf000, 0x00002000 total bytes): removed ISHC ( no data here , 0x00000000 total bytes): nothing to remove Removing partition entries in FPT... Removing EFFS presence flag... Correcting checksum (0xec)... Reading FTPR modules list... FTPR.man (uncompressed, 0x001478 - 0x00207c): NOT removed, partition manif. rbe.met (uncompressed, 0x00207c - 0x002112): NOT removed, module metadata kernel.met (uncompressed, 0x002112 - 0x0021a0): NOT removed, module metadata syslib.met (uncompressed, 0x0021a0 - 0x002204): NOT removed, module metadata bup.met (uncompressed, 0x002204 - 0x00268c): NOT removed, module metadata pm.met (uncompressed, 0x00268c - 0x00273a): NOT removed, module metadata syncman.met (uncompressed, 0x00273a - 0x0027d0): NOT removed, module metadata vfs.met (uncompressed, 0x0027d0 - 0x003130): NOT removed, module metadata evtdisp.met (uncompressed, 0x003130 - 0x0032be): NOT removed, module metadata loadmgr.met (uncompressed, 0x0032be - 0x0033e6): NOT removed, module metadata busdrv.met (uncompressed, 0x0033e6 - 0x003796): NOT removed, module metadata gpio.met (uncompressed, 0x003796 - 0x0038a2): NOT removed, module metadata prtc.met (uncompressed, 0x0038a2 - 0x003a52): NOT removed, module metadata policy.met (uncompressed, 0x003a52 - 0x003c1c): NOT removed, module metadata crypto.met (uncompressed, 0x003c1c - 0x003da6): NOT removed, module metadata heci.met (uncompressed, 0x003da6 - 0x003f42): NOT removed, module metadata storage.met (uncompressed, 0x003f42 - 0x004226): NOT removed, module metadata pmdrv.met (uncompressed, 0x004226 - 0x00434a): NOT removed, module metadata maestro.met (uncompressed, 0x00434a - 0x004432): NOT removed, module metadata fpf.met (uncompressed, 0x004432 - 0x004526): NOT removed, module metadata hci.met (uncompressed, 0x004526 - 0x0046d0): NOT removed, module metadata fwupdate.met (uncompressed, 0x0046d0 - 0x0047d8): NOT removed, module metadata ptt.met (uncompressed, 0x0047d8 - 0x0048ca): NOT removed, module metadata touch_fw.met (uncompressed, 0x0048ca - 0x004a00): NOT removed, module metadata rbe (Huffman , 0x004a00 - 0x006f80): NOT removed, essential kernel (Huffman , 0x006f80 - 0x015c40): NOT removed, essential syslib (Huffman , 0x015c40 - 0x028840): NOT removed, essential bup (Huffman , 0x028840 - 0x04f740): NOT removed, essential pm (LZMA/uncomp., 0x04f740 - 0x0520c0): removed syncman (LZMA/uncomp., 0x0520c0 - 0x052600): removed vfs (LZMA/uncomp., 0x052600 - 0x05a240): removed evtdisp (LZMA/uncomp., 0x05a240 - 0x05bcc0): removed loadmgr (LZMA/uncomp., 0x05bcc0 - 0x05eac0): removed busdrv (LZMA/uncomp., 0x05eac0 - 0x061780): removed gpio (LZMA/uncomp., 0x061780 - 0x062c00): removed prtc (LZMA/uncomp., 0x062c00 - 0x0639c0): removed policy (LZMA/uncomp., 0x0639c0 - 0x069f80): removed crypto (LZMA/uncomp., 0x069f80 - 0x079b80): removed heci (LZMA/uncomp., 0x079b80 - 0x07dc00): removed storage (LZMA/uncomp., 0x07dc00 - 0x082380): removed pmdrv (LZMA/uncomp., 0x082380 - 0x083b40): removed maestro (LZMA/uncomp., 0x083b40 - 0x086840): removed fpf (LZMA/uncomp., 0x086840 - 0x0881c0): removed hci (LZMA/uncomp., 0x0881c0 - 0x088a40): removed fwupdate (LZMA/uncomp., 0x088a40 - 0x08d480): removed ptt (LZMA/uncomp., 0x08d480 - 0x0a1400): removed touch_fw (LZMA/uncomp., 0x0a1400 - 0x0a8000): removed Relocating FTPR from 0x1000 - 0xa8000 to 0x400 - 0xa7400... Adjusting FPT entry... Moving data... The ME minimum size should be 339968 bytes (0x53000 bytes) The ME region can be reduced up to: 00003000:00055fff me Setting the HAP bit in PCHSTRP0 to disable Intel ME... Removing ME/TXE R/W access to the other flash regions... Extracting and truncating the ME image to "/tmp/me"... Checking the FTPR RSA signature of the extracted ME image... VALID Checking the FTPR RSA signature... VALID Done! Good luck!

[skochinsky]

All ME firmwares are the same for all OEMs. Only Apple gets somewhat personalized ("slim") builds AFAIK.

[corna]

Generally you should update the ME firmware before using me_cleaner.

Single modules can't be replaced (the list of the hashes is signed), you can only replace whole partitions. However it doesn't make much sense, as using me_cleaner on the new image leads to the same result (only the ftpr partition is kept).

I don't know the format of the ME images, but I doubt it's unsigned.

[c0d3z3r0]

@skochinsky Looks like there is a difference between some images. I compared Lenovo x260 Corporate image and Lenovo P320 Corporate image, both at v11.8.50.3425. Maybe this is because of different CPUs (i5 vs Xeon).

However, the format of the ME update image and dumped image is exactly the same. The only thing I don't know yet is if there is any OEM data (I don't think so even when there seem to be differences). That means one could replace the ME image in the dump before applying me_cleaner so there is no need to go through the uncomfortable "need-to-install-windows-for-me-update process" on a Linux machine.

I'll try that...

[c0d3z3r0]

Oops. Replaced ME image with UEFItool, applied me_cleaner and flashed the image. x260 turns on shortly as normal for 3 secs, then turns off completely and cannot be enabled anymore. Removing all batteries did not help. Flashing back the backup image did not work also.

Any ideas? o.o

[corna]

Have you already tried to restore the original dump?

[corna]

Looks like there is a difference between some images.

Remember that ME has an internal file system (MFS/EFFS), so even two dumps of the same machine can be different. You should check which partitions are not identical.

[c0d3z3r0]

Yep, already restored the backup but no sound, no light, no nothing...

Am 20.01.2018 um 16:10 schrieb Nicola Corna notifications@github.com:

Have you already tried to restore the original dump?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[c0d3z3r0]

What is really strange is that it turned "on" for some seconds and now seems completely dead... A bad image should not cause any hardware damage so this must be a software problem anyhow.

[corna]

Have you already removed the RTC battery for ~10 minutes to clear the CMOS?

[c0d3z3r0]

Yes, all batteries (main, rtc) were disconnected over night

Am 20.01.2018 um 21:59 schrieb Nicola Corna notifications@github.com:

Have you already removed the RTC battery for ~10 minutes to clear the CMOS?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[c0d3z3r0]

The only thing working is the 3 times led blinking when attaching the ac... hmm could this problem be EC (embedded controller) related?

[c0d3z3r0]

I opened my x260 again. When pressing the power button the fan twitches shortly. This can be repeated after some seconds waitinh...

[c0d3z3r0]

x260 working again after repeatedly flashing the original image and having all batteries (again) detach for some hours. I countinue my tests with ME update via image

[corna]

Well, that's weird... At least it came back

[c0d3z3r0]

Looks like ME cannot be updated by simply replacing the image... I'll try to compare them and find the differences that prevents that

[c0d3z3r0]

I now was able to update ME by simply replacing the image with ifdtool. The system boots fine but something seems to be wrong. The UEFI/BIOS does not show any version number for ME anymore and there is a boot delay just like me_cleaner would have been applied. Updating ME this way does not seem to work correctly.

I found a way for updating ME without a full installation of windows: https://www.flamingspork.com/blog/2017/11/22/updating-windows-management-engine-firmware-on-a-lenovo-without-a-windows-install/ Just don't use the x86 iso as described but the x64 one. All the wine stuff can be skipped by using innoextract, cabextract and wimtools on Linux.

[Maremagnum]

@c0d3z3r0 how did you flash the x260? I was just trying to flash one yesterday but after disassembling the mainboard and looking under the black tape that covers it.. i found the rom chips on board are smd (one infineon and another winbond), so there is no way to tap/connect the pins in them easily without desoldering :/

I feel for this model they actively tried for people to not touch the bios/me, since in the x270 the chips are dip8 and way easier to find.. suspicious..

[c0d3z3r0]

@Maremagnum yep, I ordered a SOIC clip from china and waited weeks for it. When I finally received it and opened my x260 I was like o.O WTF!?

AFAIK x260 is the only one with WSON chip on the bottom side of the mainboard... all others - older and newer ones - have SOIC on the top.

I soldered 8 wires to the chip... just one tip: solder them horizontal, not like in the image. The broke all the time until I resoldered them horizontal.

Another method would be replacing the WSON with an SOIC chip. Both fit on the solder pads.

[c0d3z3r0]

@corna Intel ME v11.0.0.1194 works, v11.8.50.3425 does not work with me_cleaner. Only -s works, -S + normal module removal does not work. Any ideas?

Update: The original dump was corrupt. I restored, updated and verified the dump multiple times again. Now it works until the next reboot with -S -d -t but not at all with -r. -s survives multiple reboots.

Update 2: There was a broken wire (/WP) causing some testing issues. New test results: -> x260 with ME 11.8.50.3425 works with -k or - s parameter applied -> x260 with ME 11.8.50.3426 works ONLY with -s parameter applied

The boot delay still exists.

After some more testing I found out that - at least on my x260 (but not on my P320) - the FTPR module touch_fw is required with ME 11.8.50.3425! That's why -k and -s work as they do not remove modules. @corna Do you know what that touch_fw module does?

Update 3: *11.8.50.3426 does not need touch_fw but instead the partition FTUP must be kept. What is FTUP?

Full results of my tests:

Parameters	11.0.0.1194	11.6.10.1196	11.7.4.3314	11.8.50.3425	11.8.50.3426
-s	Y			N	N
-S	Y	Y		N	N
-S -d	Y	Y	Y	N	N
-S -r	Y			N	N
-S -t -d -r	Y		N	N	N
-S -k				Y	N
-S (+keep touch_fw)				Y	N
-S -k -r				N	N
-S -r (+keep touch_fw)				N	N
-S -k -w FTUP					Y
-S -w FTUP					Y
-S -w FTUP -d					Y
-S -w FTUP -r					N

[c0d3z3r0]

@skochinsky Do you have an idea what FTUP and touch_fw do?

[skochinsky]

Not 100% sure but touch_fwsounds like "touchscreen controller firmware". Not sure why it could be required for boot, but apparently it is on your system...

FTUP seems to be a backup copy of NFTP+WCOD and contains some non-critical modules like amt, cls, dal, ish, nfc, wifi firmware and so on.

[c0d3z3r0]

Hmm, interesting. If this is correct, touch_fw should not be required at all on my system since I don't have a touch screen...

The thing I do not understand is why FTUP is needed on newer versions but not on e.g. 11.7.4.3314.

[resetcoder]

Hello,

I flashed an x260 and I'd just share some information and a question.

First of all: Cleaning and flashing was successful for the first time, everything worked well, just the ~30s startup delay is what I'm having, too. I've just noticed it seems like the bios is working hard on something in the background and/or the system clock is very very low during startup, because in the bios all the screen displaying and the keyboard sensing is laggy (like on an old XT computer, or worse), but during the boot it gets fast and normal, the laptop is having good performance.

Other thing is: few months after the flashing I've got the same problem, first the laptop didn't turn on, had only the 3 times power button blinking, after disassembling and reassembling it worked again. Few weeks later it didn't turn on at all, only the blinking, nothing else. Disassembling didn't help, but I thought there must be a contact failure somewhere, so after checking all the connectors I decided to resolder the flash, and voila, it turned on and works as before, so if the symptoms are this, it worth a check of the flash solderings.

Question: could anyone find a solution for the ~30s startup delay?

[c0d3z3r0]

Ah, interesting.. I didn‘t check the soldering of the flash itself.. Is it WSON or SOIC-8 for you?

I did not found a solution for the delay, yet. What ME Version do you have?

Am 31.05.2018 um 05:58 schrieb resetcoder notifications@github.com:

Hello,

I flashed anothet x260 and I'd just share some information and as a question.

First of all: Cleaning and flashing was successful for the first time, everything worked well, just the ~30s startup delay is what I'm having, too. I've just noticed it seems like the bios is working hard on something in the background and/or the system clock is very very low during startup, because in the bios all the screen displaying and the keyboard sensing is laggy (like on an old XT computer, or worse), but during the boot it gets fast and normal, the laptop is having good performance.

Other thing is: few months after the flashing I've got the same problem, first the laptop didn't turn on, had only the 3 times power button blinking, after disassembling and reassembling it worked again. Few weeks later it didn't turn on at all, only the blinking, nothing else. Disassembling didn't help, but I thought there must be a contact failure somewhere, so after checking all the connectors I decided to resolder the flash, and voila, it turned on and works as before, so if the symptoms are this, it worth a check of the flash solderings.

Question: could anyone find a solution for the ~30s startup delay?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[resetcoder]

Ah, interesting.. I didn‘t check the soldering of the flash itself.. Is it WSON or SOIC-8 for you?

I did not found a solution for the delay, yet. What ME Version do you have?

It has WSON packaging. Reflowing the solderings completely fixed it.