Not working on Lenovo Thinkpad T440p (i5-4300M, QM87 Express LPC)

[dhaninugraha]

Hi Nicola,

I recently acquired a former business-unit Lenovo Thinkpad T440p with a borked ME -- evident by the unit abruptly shutting down every 30 minutes, MEInfoWin kept erroring out and attempts to install Intel Management Engine software always failed.

The machine has separate chips for BIOS and ME, so I dumped the ME image and applied me_cleaner (with the -S option), but still got the abrupt shutdown.

Removing CMOS battery did not help, as did fptw -greset followed by a CMOS battery removal.

Out of curiosity, I booted a live Ubuntu USB on the machine and ran intelmetool -s, and this is the output I got:

Does this mean I'm screwed? Should I just repair/clean the BIOS/ME image, reflash them and go on with my life?

Many thanks in advance.

EDIT: I can provide dumps from both chips as well as the cleaned ME dump I flashed, if required.

[moral-panic]

Have same laptop t440p

Juts download: https://downloadcenter.intel.com/download/27150/INTEL-SA-00086-Detection-Tool

I got all bios update and i have:

This system is not vulnerable. It has already been patched

Not sure why/how this is relevant.

The INTEL-SA-00086 Detection Tool looks for SA-00086 related vulnerabilities and, if found, will in most cases, recommend a manufacturer's firmware upgrade that patches these vulnerabilities. INTEL-SA-00086 was Intel's response to the outcry when ME became public knowledge. It was the bone they threw to the world to placate and satisfy the public. It does patch certain holes that need to be patched, yet it in no way does a patched firmware render a system "not vulnerable". "less vulnerable" is more accurate. The very nature of ME presents a grave and egregious security vulnerability that cannot be patched with firmware, hence the significance of me_cleaner.

[corna]

Since it has the 30 minutes problem before applying me_cleaner, it seems that the ME partition on your chip had been corrupted somehow previously. me_cleaner is unable to restore a broken partition.

Your best chance is to download a clean ME firmware image (like from here), dump the content of both the chips with flashrom, concatenate them, replace the broken ME firmware with ifdtool -i me:valid_me_firmware.bin dump.bin and flash back the result (split in the two parts).

[corna]

If it works, then you can go with the usual me_cleaner procedure.

[null-von-sushi]

Not sure if it helps you, but I have a T440p (the one with nvidia graphics, in case it matters (probably not)) and I took a backup of the original ME image for the T440p with a CH341A. I can upload them if you want. You could just flash that to (hopefully) make your ThinkPad work again, then run me_cleaner on it yourself?

[KylesDigitalLab]

Not sure if it helps you, but I have a T440p (the one with nvidia graphics, in case it matters (probably not)) and I took a backup of the original ME image for the T440p with a CH341A. I can upload them if you want. You could just flash that to (hopefully) make your ThinkPad work again, then run me_cleaner on it yourself?

Do you still have that, I need it.

[null-von-sushi]

Sorry man, I do not :(

[TrustExecutor]

Not sure if it helps you, but I have a T440p (the one with nvidia graphics, in case it matters (probably not)) and I took a backup of the original ME image for the T440p with a CH341A. I can upload them if you want. You could just flash that to (hopefully) make your ThinkPad work again, then run me_cleaner on it yourself?

Do you still have that, I need it.

Here ya go, if you still need it. Its from a T440p with dGPU.

SHA256sums: 883d6ec2645e388a95ca52e24e73ad872a56136875c59a25ba9ac7111b2afdce original_dump4MB.bin 25ac0c4daa304cf61a95fb0534bfe6819672b8648e6b781b14a72f8ca9ca54ec original_dump8MB.bin

T440p_flash_images.zip