Tools to check and cryptographically sign UEFI firmware images found in ThinkPads. This will resolve the issue where your ThinkPad lets out two groups of five beeps before continuing to boot (the error indicating an invalid signature).
These tools are written in Python 3 and rely on the "pycryptodome" library. Depending on your operating system you may have packages provided for that, or have to install Python 3 manually and install pycryptodome with pip install pycryptodome
. If you're on Windows, you can find ready-to-run binaries here.
./sign.py input_image.bin -o signed_image.bin
If you're using the Windows binaries, make sure to use sign.exe
instead.
If you see IMAGE SIGNED!
, the signing procedure was successful.
./verify.py signed_image.bin
If you're using the Windows binaries, make sure to use verify.exe
instead.
If you see SIGNATURES CORRECT!
, the verification was successful. If you see SIGNATURES INCORRECT!
, the signature couldn't be verified, and your image needs to get signed to not make your ThinkPad beep.
As always, make sure that your original firmware dump is good and always have a backup!
USE AT YOUR OWN RISK!