mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-07 05:28:46 +00:00
5420b8392e
Signed-off-by: Thierry Laurion <insurgo@riseup.net> |
||
---|---|---|
.. | ||
.gitignore | ||
download_clean_me_manually.sh | ||
download_clean_me.sh | ||
extract.sh | ||
gbe.bin | ||
hashes.txt | ||
ifd.bin | ||
me_cleaner.py | ||
optiplex_7010_9010.sh | ||
README | ||
README_vbios | ||
vbios_t530.sh | ||
vbios_w530.sh |
The ME blobs dumped in this directory come from the following link: https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/downloads/DS032435 This provides latest ME version 8.1.72.3002, for which only BUP and ROMP regions will be kept as non-removable: Here is what Lenovo provides as a Summary of Changes: Version 8.1.72.3002 (G1RG24WW) (Fix) Fixed the following security vulnerabilites: CVE-2017-5711, CVE-2017-5712, CVE-2017-13077, CVE-2017-13078, CVE-2017-13080. 1.0.0:Automatically extract and neuter me.bin download_clean_me.sh : Downloads latest ME from lenovo verify checksum, extract ME, neuters ME, relocate and trim it and place it into me.bin sha256sum: c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 blobs/xx30/me.bin 1.0.1: Extract blobs from rom original and updated to 2.76 BIOS version: extract.sh: takes backup, unlocks ifd, apply me_cleaner to neuter, relocate, trim it, modify BIOS and ME region of IFD and place output files into this dir. sha256sum: will vary depending of IFD and ME extracted where IFD regions of BIOS and ME should be consistent. 1.1: Manually generating blobs -------------------- Manually generate me.bin: You can arrive to the same result of the following me.bin by doing the following manually: wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O ~/heads/blobs/xx30/me.bin app/ME8_5M_Production.bin sha256sums: f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153 g1rg24ww.exe 821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa app/ME8_5M_Production.bin c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 blobs/xx30/me.bin ifd.bin was extracted from sacrificed X230 (dead motherboard) fron an external flashrom backup (no way found to be able to extract it from Lenovo firmware upgrades as of now): python ~/me_cleaner/me_cleaner.py -S -r -t -d -O /tmp/discarded.bin -D ~/heads/blobs/xx30/ifd.bin -M /tmp/temporary_me.bin dead_serving_a_purpose_x230_bottom_spi_backup.rom sha256sum: c96d19bbf5356b2b827e1ef52d79d0010884bfc889eab48835e4af9a634d129b ifd.bin ls -al blobs/xx30/*.bin -rw-r--r-- 1 user user 8192 Oct 25 14:07 gbe.bin -rw-r--r-- 1 user user 4096 Oct 28 16:19 ifd.bin -rw-r--r-- 1 user user 98304 Oct 28 16:15 me.bin Manually regenerate gbe.bin: blobs/x230/gbe.bin is generated per bincfg from the following coreboot patch: https://review.coreboot.org/c/coreboot/+/44510 And then by following those instructions: # Use this target to generate GbE for X220/x230 gen-gbe-82579LM: cd build/coreboot-*/util/bincfg/ make ./bincfg gbe-82579LM.spec gbe-82579LM.set gbe1.bin # duplicate binary as per spec cat gbe1.bin gbe1.bin > ../../../../blobs/xx30/gbe.bin rm -f gbe1.bin cd - sha256sum: 9f72818e23290fb661e7899c953de2eb4cea96ff067b36348b3d061fd13366e5 blobs/xx30/gbe.bin ------------------------ Notes: as specified in first link, this ME can be deployed to: Helix (Type 3xxx) T430, T430i, T430s, T430si, T431s T530, T530i W530 X1 Carbon (Type 34xx), X1 Helix (Type 3xxx), X1 Helix (Type 3xxx) 3G X230, X230i, X230 Tablet, X230i Tablet, X230s