Open ThinkerPadder opened 2 years ago
digmorepaka
commented
2 years ago T440 uses the same version of iME as T440s, same parameters apply.
There is no path to coreboot for a T440 unless one of these requirements is met:
ES/QS/bootguardless retail CPU is soldered onto your board
You find a bootguard bypass
ThinkerPadder
commented
2 years ago I'm not too familiar with this advanced terminology (such as ES, QS), could you please point me to somewhere where I could learn more about these things?
So forgetting Coreboot, you're saying that the ME cleaner would work the same on a T440 as on a T440s?
Assuming that is certainly the case, now the question is, how to flash ME cleaner to a T440 BIOS chip without desoldering? I've never done this sort of thing before, I'm not even sure which pins to connect to on a Raspberry Pi.
Thank you for your answer, it is much appreciated.
czeej
commented
2 years ago I have a T440, it works.. Partially. Not good for the chip set but. more then Skylake. Several modules cannot be removed from ME. I used external programmer. I have a pie setup there is a good video on how to connect the pins. You'll need a bread board as well. Or get a Ch341a but you'll need a 3.1v power supply or fix it. So you must white list, Currently truncating and relocate does not work on ME cleaner with a white list. To regain the space, is first step. Would have to be manually. To make room for coreboot.
Second issue, boot guard. I assume it has something to do with the partitions needed to boot. Intel Boot Guard must utilize some commands or data from ME to function. now, I am speculating but if you include the binary from the remaining modules. Included that in coreboot. it might just boot coreboot and accept it as a payload basically in a way sign coreboot with a boot guard key. Won't disable bootguard but might be able to get around it.
Upon doing a full ME clean it will brick the machine. What I started with Full image detected Found FPT header at 0x3010 Found 29 partition(s) Found FTPR header: FTPR partition spans from 0x160000 to 0x210000 ME/TXE firmware version 9.5.65.3000 (generation 2) Public key match: Intel ME, firmware versions 9.5.x.x, 10.x.x.x The AltMeDisable bit is NOT SET Checking the FTPR RSA signature... VALID
What I'm running Full image detected Found FPT header at 0x3010 Found 3 partition(s) Found FTPR header: FTPR partition spans from 0x160000 to 0x210000 ME/TXE firmware version 9.5.65.3000 (generation 2) Public key match: Intel ME, firmware versions 9.5.x.x, 10.x.x.x The AltMeDisable bit is SET Checking the FTPR RSA signature... VALID I am on that machine now.
ThinkerPadder
commented
2 years ago @czeej could you please kindly simplify that and format it into steps for the sake of me, a noob and complete beginner regarding me_cleaner, better understanding this?
I hope that is not too much to ask, sorry for my inexperience!
Here are some questions regarding what I did understand:
Thank you!
czeej
commented
2 years ago You shouldn't need to desolder if you use a soip 8 clip. You attach the wires to the bread board then the clip to the board. watch?v=aRUxfxp9dJ8 (there is video on youtube) I'd just download it with youtube-dl and keep it for reference. Just in case it ever disappears. The CH341a programmer uses a 5v rail to supply power which is not recommended. Simply dump two back ups. Diff the dumps to make sure your reads are good. Run me_cleaner, flash the modified image. See the me_cleaner status issue board (the first page first post). I have a post regarding the T440 and what works.
ThinkerPadder
commented
2 years ago @czeej I like how he's making a video about removing backdoors and proceeds to boot into one of the most 'Alphabet Boys' (quoting Mental Outlaw) compromised operating systems in existence, Windows 10. Haha.
/
Now for some questions (again, please forgive me for my noobiness -_-):
I've heard the term 'dumping' alot when researching me_cleaner, Coreboot etc: What exactly does 'dumping' (file dumping?) do in this case? I assume that the files dumped to one of the PC's drives, another PC/Ras Pi where the CH341a is attached, or to a chip on the motherboard? I'm not sure.
Is this all automated or do I have to pick a manual dumping 'point'?
02.
Does this 3.1v PSU come with the CH341a or does it need to be purchased separately? I found some reference to 3.3v in my research but nothing relating to 3.1v.
/
btw, I notice now that the chip doesn't need to be desoldered since it doesn't have to be the one on the breadboard, the CH341a can take that position: I was confused with that earlier.
I saw your status issue board post :)
Many thanks again for your assistance! If it weren't for you, I would have probably given up.
czeej
commented
2 years ago Remember to make two dumps before writing anything! diff the two and make sure the clip and everything is working properly. diff fulldump1.bin fulldump2.bin if no output they are the same. Then verify the image with me_cleaner.py -c fulldump.bin Make sure it's not a corrupted read. keep your backup. Then run me_cleaner ./me_cleaner.py -S -w (with your two partitions you need) -O cleaned.bin then flashrom -p ch341a -w cleaned.bin boot and good luck :)
ThinkerPadder
commented
2 years ago Thanks for all this insight! I think that's all I will need to know for now. I'll let you know of my progress.
btw, I am curious about the custom BIOS you mentioned on the status issue board. Please kindly let me know of any progress on that. 😃
Hello,
I know that me_cleaner works well with the ThinkPad T440 P and possibly the T440 S, but I am not sure about the standard T440.
If anyone knows anything about T440 me_cleaner compatibility, your knowledge would be greatly appreciated.
By the way, is there such thing as Coreboot or a Coreboot equivalent for the T440?
Thank you for any information!