patches not being reversible

[nullquine]

hello, I would like to share my experience, I am not entirely convinced it is the intended behavior:

once you create a patch with the keyboard patch enabled, it is not reversible by another one which has this patch disabled.

It makes sense but some might find it troublesome as did I, I mistakenly applied a modification with the keyboard patch enabled and now I cannot revert it.

maybe add this highlight to the readme

[hamishcoleman]

It is reversible with a build that has the keyboard patch disabled. Perhaps you experienced an issue with the second flash update.

If you can share the build report, I can at least check that things built as expected for you.

[nullquine]

kormoran@Theseus:~/git/thinkpad-ec$ make patch_enable_battery clean
sed -E 's/CONFIG_BATTERY.+/CONFIG_BATTERY = y/'  --in-place .config
rm -f .d/generated.deps \
            patched.*.iso patched.*.img *.FL2 *.FL2.orig *.img.enc \
            *.img.enc.orig *.img.orig *.bat *.report \
            *.img \
            *.txt.orig
rm -rf *.iso.extract *.iso.orig.extract
kormoran@Theseus:~/git/thinkpad-ec$ make patch_disable_keyboard clean
Generated dependancies from descriptions
sed -E 's/CONFIG_KEYBOARD.+/CONFIG_KEYBOARD = n/'  --in-place .config
rm -f .d/generated.deps \
            patched.*.iso patched.*.img *.FL2 *.FL2.orig *.img.enc \
            *.img.enc.orig *.img.orig *.bat *.report \
            *.img \
            *.txt.orig
rm -rf *.iso.extract *.iso.orig.extract
kormoran@Theseus:~/git/thinkpad-ec$ make patched.x230.img
Generated dependancies from descriptions
./scripts/ISO_copyFL2 from_iso g2uj31us.iso.orig x230.G2HT35WW.s01D3000.FL2.orig 01D3000.FL2
./scripts/FL2_copyIMG from_fl2 x230.G2HT35WW.s01D3000.FL2.orig x230.G2HT35WW.img.enc.tmp
IMG at offset 0x500000 size 0x30000 (FL1::PFH_header x230.G2HT35WW.s01D3000.FL2.orig)
mec-tools/mec_encrypt -d x230.G2HT35WW.img.enc.tmp x230.G2HT35WW.img.orig.tmp
mec-tools/mec_csum_flasher -c x230.G2HT35WW.img.orig.tmp >/dev/null
mec-tools/mec_csum_boot -c x230.G2HT35WW.img.orig.tmp >/dev/null
./scripts/hexpatch.pl --rm_on_fail --fail_on_missing --report x230.G2HT35WW.img.report x230.G2HT35WW.img x230.G2HT35WW.img.d/006_battery_validate.patch
Attempting to patch x230.G2HT35WW.img
Applying x230.G2HT35WW.img.d/006_battery_validate.patch -7294,7 +7294,7
./scripts/xx30.encrypt x230.G2HT35WW.img x230.G2HT35WW.img.enc.tmp
+ cd mec-tools
+ ./mec_repack ../x230.G2HT35WW.img ../x230.G2HT35WW.img.enc.tmp
building ../x230.G2HT35WW.img.enc.tmp from ../x230.G2HT35WW.img
b4b73a78 b4b73a78 OK
f02cdcf8 f02cdcf8 OK
3ff064dd 203e469e FIXED
40da02e2 40da02e2 OK
64c4 0962 FIXED
98e8 7041 FIXED

reverifying
7041 7041 OK
0962 0962 OK
b4b73a78 b4b73a78 OK
f02cdcf8 f02cdcf8 OK
203e469e 203e469e OK
40da02e2 40da02e2 OK
./scripts/FL2_copyIMG to_fl2 x230.G2HT35WW.s01D3000.FL2.tmp x230.G2HT35WW.img.enc.tmp
IMG at offset 0x500000 size 0x30000 (FL1::PFH_header x230.G2HT35WW.s01D3000.FL2.tmp)
./scripts/ISO_copyFL2 to_iso g2uj31us.iso.tmp x230.G2HT35WW.s01D3000.FL2.tmp 01D3000.FL2
mcopy -t -m -o -i g2uj31us.iso.tmp@@71680 g2uj31us.iso.report.tmp ::report.txt
mcopy -t -m -o -i g2uj31us.iso.tmp@@71680 g2uj31us.iso.bat.tmp ::AUTOEXEC.BAT
mdel -i g2uj31us.iso.tmp@@71680 ::EFI/Boot/BootX64.efi
mattrib -i g2uj31us.iso.tmp@@71680 -r ::FLASH/README.TXT
mdel -i g2uj31us.iso.tmp@@71680 ::FLASH/README.TXT
cp g2uj31us.iso patched.x230.iso
cp g2uj31us.iso.report patched.x230.iso.report

Your build has completed with the following details:

Built ISO: 087899f913d6a7d58b5cd500d7a30ccf94232caf  patched.x230.iso
Based on code from: x230 BIOS 2.75 (G2ETB5WW) EC 1.14 (G2HT35WW)
Buildinfo: v1-401-g429ab5 (20220510) patched.x230.img
Built FL2: 611c88f62add31aa4cdbedeec50e9583af509cbe  x230.G2HT35WW.s01D3000.FL2

Patches applied:
x230.G2HT35WW.img.d/006_battery_validate.patch

./scripts/geteltorito -o patched.x230.img.tmp patched.x230.iso
Booting catalog starts at sector: 20 
Manufacturer of CD: NERO BURNING ROM
Image architecture: x86
Boot media type is: harddisk
El Torito image starts at sector 27 and has 65536 sector(s) of 512 Bytes

Image has been written to file "patched.x230.img.tmp".
./scripts/fix_mbr patched.x230.img.tmp
INFO: Original Lenovo ISO contains a zero in MBR bootcode - attempting fix

Your build has completed with the following details:

Built ISO: 087899f913d6a7d58b5cd500d7a30ccf94232caf  patched.x230.iso
Based on code from: x230 BIOS 2.75 (G2ETB5WW) EC 1.14 (G2HT35WW)
Buildinfo: v1-401-g429ab5 (20220510) patched.x230.img
Built FL2: 611c88f62add31aa4cdbedeec50e9583af509cbe  x230.G2HT35WW.s01D3000.FL2

Patches applied:
x230.G2HT35WW.img.d/006_battery_validate.patch

Please let me know what else is needed or if I made a mistake

also, I forgot to mention, there was nothing apparently wrong with the second patch applied. The only thing that comes to my mind is the possibility that because it is the same version (1.14) the BIOS does not recognize it as an update thus it does not stage it for flashing.

[hamishcoleman]

Well, your built FL2 hash matches the one I get.

We are directly calling the flashing tool - bypassing the usual version number checks.

There are a number of people who have reported that the final flash step sometimes doesnt happen - the readme has a list of the known conditions, so I can only suggest that you have go through and try all that

[nullquine]

Hereby I want to sincerely apologize, it was an user error from me:

I use a docking station, so for charging I just dock my laptop. I just rebooted my laptop with the charger plugged into it directly and it flashed the EC FW. I missed this crucial detail and was also under the impression the DOS flasher itself also checks the power source, which is not the case.

Thank you for your patience and your help, now it works perfectly.

[hamishcoleman]

You are welcome! Glad it worked in the end.

We have ended up with a lot of folklore for making the flash complete, as we are essentially reverse engineering the lenovo process.

[nullquine]

Thank you for your hard work, it is insane :)