Hello Zoran,
I've run quite a lot of test recently and the results are in fact
inconclusive... Following is the (long) description of experiments I made
recently and in the past.
1. BIOS structure. T400 Bios does not fully looks like T420. It seems that
BIOS does not start at 0x50 more likely at 0x60 The MAC address can
be find 4 or 5 times in the image at: 0x22F48, 0x81FDD, 0x5F6000, 0x5F7000.
In fact it is in different places in different images, however last 2
locations 0x5F6000, 0x5F7000 are always the same. Looking around I find
nice info about the bios, made by people that by-pass whitelists in lenovo
bioses - You might find it interesting:
http://www.endeer.cz/bios.tools/
http://www.endeer.cz/bios.tools/bios.html
http://web.dodds.net/~vorlon/wiki/blog/Upgrading_a_ThinkPad_BIOS/
With phnxsplit I was able to get 60 different files out of the bios image
and it seems that the tool works right. I'm attaching a list of modules the
program found, description of "code characters" can be found in phnxfunc.c.
This tool compiles on Linux, but it need some simple patching because of
tons of compiler warnings.
2. Coreboot/libreboot. For testing I used precompiled libreboot image from
https://libreboot.org/release/stable/20160907/rom/grub/ made for T400. Can
be put on any machine (overwritting all flash chip) and it works equally
well. MAC adresses are at 0x1000 and 0x2000 in the image and can be changed
with ich9gen - I think that You know it well.
3. Moving bioses - this is strange. In the past when I just started working
on T400 I had one board with already installed coreboot and one with
original bios. Coreboot board had ati and intel graphics, while bios board
only intel. I decided to exchange flash chips and it worked. Now it really
sounds strange, but both boards booted OK and original bios correctly
detected that it is on dual graphics board and show right menu options.
Then after upgrading bios to the latest version (3.22) the board
experienced long booting problem. It happens and there are threads on
lenovo forums about it, so I assume that it nothing to do with the chip
exchange. I tried to fix by changing settings of TPM chip and after
enabling it the board did not boot at all - I left the board as spare parts
supply then.
Now I took it back and started to experiment: put the libreboot image -
works right, but any other original bios image and it does not boot.
On the other hand other board (with just intel graphics) works with any
original bios image - I've tried 2 different, again overwritting whole
chip.
It seems that the problem is not related to flash chip data but maybe to
RFID memory You mentioned, or TPM. I don't know what can I do about it -
maybe boot the machine with coreboot and then try to change some TPM
settings on Linux??
4. Further tests. I put back 2 T400 laptops with easily accessible
programming connectors, so now I can play with any images without
complicated disassembly. If there is anything I can check/post/try then let
mo know. My ultimate dream would be to have tp_smapi functionality in
coreboot, but it seems that this is a long way ahead. Anyway I am attaching
descriptor (0x0-0x1000) from original bios image.
Very Best Regards,
Michael Widlok
On Sun, Feb 5, 2017 at 6:00 PM, Zoran Stojsavljevic <
zoran.stojsavlje...@gmail.com> wrote:
> Hello Michael,
>
> Before doing any programming, I have here couple suggestions to you. You
> should investigate.
>
> Namely, this: http://thinkwiki.de/UEFI_BIOS_T420_BIOS_Structure
>
> Also, you should look upon the movie here: https://www.youtube.com/
> watch?v=DLwaKb6pLrc&feature=player_embedded
>
> Since I am not sure that T420 UEFI BIOS is the same structure as legacy
> BIOS T400 has (since I remember that T420 is UEFI, legacy/CSM was on - I
> had one at work since 2011 till 2014). But it is worth trying, nothing to
> lose.
>
> Knowing that T420 BIOS structure looks like (and I bet it is stored in
> only one 8MB flash, as my best bet):
>
> [image: Inline image 1]
>
> You should read your T400 Coreboot flash content, and try to see if it
> complies with the given above structure. If it does, you are All Cool.
> Namely, you should try to read GbE region, and see where the MAC address
> (which you find using Linux command: ifconfig -a). If you appear to find
> the spot, you are 100% sure you are All Good, since then you'll read
> another BIOS content, and after you will have lot of possibilities for
> experiments:
> [1] You can reprogram the BIOS from original BIOS to your Coreboot flash
> rewriting last 0x30 bytes;
> [2] You can rewrite original MAC address to another BIOS, and try to boot;
> [3] You can compare/combine regions, and see what'll happen?!
> [4] You name it!
>
> I have no idea if you tampered with ME... And no idea if ME for each
> LENOVO specimen keeps some unique data from/for the platform.
>
> But I am eager to hear/read what did you find investigating about T400
> structure, does it looks the same as T420
