Re: [coreboot] Back to original BIOS

2017-02-08 Thread Igor Skochinsky via coreboot 
Title: Re: [coreboot] Back to original BIOS


P.S.





Hello Michal,

The T400 BIOS is in a Pre-UEFI Phoenix FFV format. You can use phoenix_extract.py[1] to extract modules from it.

To go back to Lenovo BIOS you can try the following:

1) download an update from lenovo (e.g. 7uuj49us.exe)
2) unpack it with innounp



2b) apparently innoextract [2] can be used on non-Windows platforms

[2]: http://constexpr.org/innoextract/





3a) take the FL2 file (e.g. $01B8100.FL2),  cut out from 0x20 to 0x40 and use the resulting image to replace coreboot in the BIOS region (end of flash).
3b) take the FL1 file  (e.g. $01B8100.FL1), unpack it with bcpvd from [1] and flash the result (it's a complete flash image with descriptor and ME) after cutting it at 0x40
4) according to the descriptor in unpacked FL1 , the GbE region is at 001F6000 - 001F7FFF, so that's the most likely place for storing the MAC address. I'm not sure why your desc.rom lists 5F6000 - 005F7FFF... I think that's outside the flash chip.

[1]: https://github.com/coreboot/bios_extract

-- 
WBR,
 Igor                            mailto:rox...@skynet.be





-- 
WBR,
 Igor                            mailto:skochin...@mail.ru


-- 
coreboot mailing list: coreboot@coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Back to original BIOS

2017-02-08 Thread Igor Skochinsky via coreboot 
Title: Re: [coreboot] Back to original BIOS


Hello Michal,

The T400 BIOS is in a Pre-UEFI Phoenix FFV format. You can use phoenix_extract.py[1] to extract modules from it.

To go back to Lenovo BIOS you can try the following:

1) download an update from lenovo (e.g. 7uuj49us.exe)
2) unpack it with innounp
3a) take the FL2 file (e.g. $01B8100.FL2),  cut out from 0x20 to 0x40 and use the resulting image to replace coreboot in the BIOS region (end of flash).
3b) take the FL1 file  (e.g. $01B8100.FL1), unpack it with bcpvd from [1] and flash the result (it's a complete flash image with descriptor and ME) after cutting it at 0x40
4) according to the descriptor in unpacked FL1 , the GbE region is at 001F6000 - 001F7FFF, so that's the most likely place for storing the MAC address. I'm not sure why your desc.rom lists 5F6000 - 005F7FFF... I think that's outside the flash chip.

[1]: https://github.com/coreboot/bios_extract

-- 
WBR,
 Igor                            mailto:rox...@skynet.be


-- 
coreboot mailing list: coreboot@coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot

[coreboot] ASUS KGPE-D16 Automated Test Failure [master]

2017-02-08 Thread Raptor Engineering Automated Coreboot Test Stand 
The ASUS KGPE-D16 fails verification for branch master as of commit 
0254c2d99fc7a5858be4826c576ca743d005b213

The following tests failed:
BOOT_FAILURE

Commits since last successful test:
0254c2d southbridge/intel/common/firmware: allow locking ME without HAVE_ME_BIN
7d14af8 soc/intel/apollolake: dump CSE status

See attached log for details

This message was automatically generated from Raptor Engineering's ASUS 
KGPE-D16 test stand
Want to test on your own equipment?  Check out 
https://www.raptorengineering.com/content/REACTS/intro.html

Raptor Engineering also offers coreboot consulting services!  Please visit 
https://www.raptorengineering.com for more information

Please contact Timothy Pearson at Raptor Engineering 
 regarding any issues stemming from this 
notification


1486568758-3-automaster.log.bz2
Description: application/bzip2
-- 
coreboot mailing list: coreboot@coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Back to original BIOS

2017-02-08 Thread Michal Widlok 
Hello Zoran,

I've run quite a lot of test recently and the results are in fact
inconclusive... Following is the (long) description of experiments I made
recently and in the past.

1. BIOS structure. T400 Bios does not fully looks like T420. It seems that
BIOS does not start at 0x50 more likely at 0x60 The MAC address can
be find 4 or 5 times in the image at: 0x22F48, 0x81FDD, 0x5F6000, 0x5F7000.
In fact it is in different places in different images, however last 2
locations 0x5F6000, 0x5F7000 are always the same. Looking around I find
nice info about the bios, made by people that by-pass whitelists in lenovo
bioses - You might find it interesting:
http://www.endeer.cz/bios.tools/
http://www.endeer.cz/bios.tools/bios.html
http://web.dodds.net/~vorlon/wiki/blog/Upgrading_a_ThinkPad_BIOS/
With phnxsplit I was able to get 60 different files out of the bios image
and it seems that the tool works right. I'm attaching a list of modules the
program found, description of "code characters" can be found in phnxfunc.c.
This tool compiles on Linux, but it need some simple patching because of
tons of compiler warnings.

2. Coreboot/libreboot. For testing I used precompiled libreboot image from
https://libreboot.org/release/stable/20160907/rom/grub/ made for T400. Can
be put on any machine (overwritting all flash chip) and it works equally
well. MAC adresses are at 0x1000 and 0x2000 in the image and can be changed
with ich9gen - I think that You know it well.

3. Moving bioses - this is strange. In the past when I just started working
on T400 I had one board with already installed coreboot and one with
original bios. Coreboot board had ati and intel graphics, while bios board
only intel. I decided to exchange flash chips and it worked. Now it really
sounds strange, but both boards booted OK and original bios correctly
detected that it is on dual graphics board and show right menu options.
Then after upgrading bios to the latest version (3.22) the board
experienced long booting problem. It happens and there are threads on
lenovo forums about it, so I assume that it nothing to do with the chip
exchange. I tried to fix by changing settings of TPM chip and after
enabling it the board did not boot at all - I left the board as spare parts
supply then.
Now I took it back and started to experiment: put the libreboot image -
works right, but any other original bios image and it does not boot.
On the other hand other board (with just intel graphics) works with any
original bios image - I've tried 2 different, again overwritting whole
chip.
It seems that the problem is not related to flash chip data but maybe to
RFID memory You mentioned, or TPM. I don't know what can I do about it -
maybe boot the machine with coreboot and then try to change some TPM
settings on Linux??

4. Further tests. I put back 2 T400 laptops with easily accessible
programming connectors, so now I can play with any images without
complicated disassembly. If there is anything I can check/post/try then let
mo know. My ultimate dream would be to have tp_smapi functionality in
coreboot, but it seems that this is a long way ahead. Anyway I am attaching
descriptor (0x0-0x1000) from original bios image.

Very Best Regards,
Michael Widlok

On Sun, Feb 5, 2017 at 6:00 PM, Zoran Stojsavljevic <
zoran.stojsavlje...@gmail.com> wrote:

> Hello Michael,
>
> Before doing any programming, I have here couple suggestions to you. You
> should investigate.
>
> Namely, this: http://thinkwiki.de/UEFI_BIOS_T420_BIOS_Structure
>
> Also, you should look upon the movie here: https://www.youtube.com/
> watch?v=DLwaKb6pLrc=player_embedded
>
> Since I am not sure that T420 UEFI BIOS is the same structure as legacy
> BIOS T400 has (since I remember that T420 is UEFI, legacy/CSM was on - I
> had one at work since 2011 till 2014). But it is worth trying, nothing to
> lose.
>
> Knowing that T420 BIOS structure looks like (and I bet it is stored in
> only one 8MB flash, as my best bet):
>
> [image: Inline image 1]
>
> You should read your T400 Coreboot flash content, and try to see if it
> complies with the given above structure. If it does, you are All Cool.
> Namely, you should try to read GbE region, and see where the MAC address
> (which you find using Linux command: ifconfig -a). If you appear to find
> the spot, you are 100% sure you are All Good, since then you'll read
> another BIOS content, and after you will have lot of possibilities for
> experiments:
> [1] You can reprogram the BIOS from original BIOS to your Coreboot flash
> rewriting last 0x30 bytes;
> [2] You can rewrite original MAC address to another BIOS, and try to boot;
> [3] You can compare/combine regions, and see what'll happen?!
> [4] You name it!
>
> I have no idea if you tampered with ME... And no idea if ME for each
> LENOVO specimen keeps some unique data from/for the platform.
>
> But I am eager to hear/read what did you find investigating about T400
> structure, does it looks the same as T420, and