Lenovo Thinkpad T410 / Nozomi-1 / Core i7-620M (Westmere Arrandale)

[rigey400]

Status report for the T410 Thinkpad. Core i7-620M CPU, me_cleaner v1.2 (current) OS: Debian Stable, also tested with Arch and OpenSuSE but not every single combo.

• Stock ROM: me_cleaner works but has a ~40-60s boot delay
• Coreboot + SeaBIOS: doesn't work.

Details: initial delay refers to a period of 40s or more after pressing the power button in which the screen does not yet turn on (stays black without background light) and it seems like nothing happens, except one of the Wifi LEDs lights up around halfway. After that the Thinpad logo splashscreen appears and it behaves like it would without me_cleaner. This happens on every boot, not just the first one. survives 30min means that the laptop has been running the OS with an uptime of 35 minutes or more and did not shut down unexpectedly.

• Stock ROM, me_cleaner -s: initial delay, survives 30min. intelmetool -m says PCI NOT FOUND
• Stock ROM, me_cleaner -S: initial delay, survives 30min. intelmetool -m says PCI NOT FOUND
• Stock ROM, me_cleaner: initial delay, survives 30min. intelmetool -m reports problem (good).
• Coreboot + SeaBIOS, me_cleaner -s: doesn't boot (screen stays black, nothing happens)
• Coreboot + SeaBIOS, me_cleaner -S: doesn't boot (screen stays black, nothing happens)
• Coreboot + SeaBIOS, me_cleaner: boots instantly, survives 30min. intelmetool -m output looks like the ME has not actually been disabled (bad).

For that last combo (Coreboot + SeaBIOS, me_cleaner with no args), fan control is not working so the laptop overheats and it's difficult to actually let it run for 30min+.

Detailed intelmetool output for that last combo:

MEI found: [8086:3b64] 5 Series/3400 Series Chipset HECI Controller

ME Status   : 0x182
ME Status 2 : 0x10240000

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Clean Moff->Mx wake
ME: Progress Phase State    : Sending DID Ack to BIOS

ME: Extend SHA-256: 5b14a7a77a8b98b882b080420c8a6cbbfa3a64ebb0845cfaee8f04aa3f7c7c5b

ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed

I interpret that output as a failure to neutralize the IME. It looks unlike any of:

• https://gist.github.com/corna/6d8a24fdaca1afd0ae2a84ecde4573dd
• https://gist.github.com/corna/d637a7c3279f41e9be65b43b673d54d3

intelmetool output for Stock ROM, me_cleaner -s and me_cleaner -S:

Can't find ME PCI device

intelmetool output for Stock ROM, me_cleaner (no args):

MEI found: [8086:3b64] 5 Series/3400 Series Chipset HECI Controller

ME Status   : 0x3042
ME Status 2 : 0x16320000

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : Image Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : M0 kernel load

ME: Extend SHA-256: 5b14a7a77a8b98b882b080420c8a6cbbfa3a64ebb0845cfaee8f04aa3f7c7c5b

ME: has a broken implementation on your board with this firmware
ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed

I have omitted the "Bad news" message in the intelmetool outputs which is the first line printed everytime: Bad news, you have a `QM57 Chipset LPC Interface Controller` so you have ME hardware on board and you can't control or disable it, continuing...

Additional info for Coreboot: me_cleaner was used on the finished coreboot.rom, not using the Coreboot built-in me_cleaner because that doesn't give you an option to remove the -S commandline argument for me_cleaner. The same image would boot fine without running me_cleaner over it. CONFIG_HIDE_MEI_ON_ERROR was not set. CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS was not set. Selecting the built-in me_cleaner option in the Coreboot menuconfig instead of running me_cleaner over the finished image gives the same result as running me_cleaner -S on the finished coreboot.rom (doesn't boot). Coreboot image includes VBIOS for iGPU and dGPU, in addition to all the extra regions (flashdescriptor, bios, intel_me and gbe) from ifdtool.

The situation is probably the same as for the X201, see https://github.com/corna/me_cleaner/issues/24 and https://github.com/corna/me_cleaner/issues/347

[rigey400]

@ilikenwf I was unable to reproduce this comment https://github.com/corna/me_cleaner/issues/24#issuecomment-338514533 can you tell me what you did to make the T410 boot with me_cleaner -S? Also was this with stock or coreboot rom?