Hello Taiidan,
Tuesday, March 7, 2017, 6:23:37 AM, you wrote:
Tgc>Uhh thanks but that's kinda missing the point of this - that I Tgc>don't want binaries from random people on the internet.
Alas, the 8duj28us.exe update and a few others I checked do not seem to contain the ME region or the descriptor. There is 8duj28us.exe with the ME update but it requires an already running ME to be applied. You could in theory extract the partitions from it and assemble into a valid ME region by constructing an FPT but that's not trivial. I would suggest you to just take the descriptor and ME region from "random people on the internet". The descriptor does not contain any code and the ME firmware is signed by Intel so it can't be backdoored by randos (there are much easier ways to hack people than stealing keys from Intel).
Tgc>I need to know how to extract it from the bios update files, not the bios already on the EEPROM.
Tgc>On 03/06/2017 11:35 PM, Matt DeVillier wrote: Tgc>>I have the IFD and ME from an x220 that I recently flashed with coreboot Tgc>>for a customer, extracted from their stock firmware, and verified working Tgc>>with the coreboot ROM I subsequently flashed. Can zip and send via email, Tgc>>or whatever you prefer
Tgc>?On Mon, Mar 6, 2017 at 10:23 PM, Taiidan@gmx.com Taiidan@gmx.com wrote:
Tgc>?On 03/05/2017 05:20 AM, Arthur Heymans wrote:
Tgc>?"Taiidan@gmx.com" Taiidan@gmx.com writes: Tgc>?Well I managed to download the latest BIOS from the lenovo site, which Tgc>?includes an ME update now the issue is that I can't seem to figure out Tgc>?how to extract it from the .FL1 and .FL2 files.
Tgc>?Those might have a length too long to fit a flash so you need to trim Tgc>?those down before using ifdtool on those (If they contain and ifd of Tgc>?course) Tgc>?so depending on size of rom Tgc>?dd if=FL1(or 2)file of=vendor_bios.rom bs=1 count=xM
Tgc>?and then ifdtool -x vendor_bios.rom
Tgc>?It didn't work after that still "no flash descriptor found in this Tgc>?image"
Tgc>?These are the files and the flash chip on the board is 8M Tgc>?8523776 '$01CB000.FL1' Tgc>?8523776 '$01CB000.FL2' Tgc>?8523776 '$01CB100.FL2' Tgc>?All of them have different hashes, but I do not know what makes them Tgc>?different (maybe it is for various board revisions?)
Tgc>?I would also like to know as to how I can re-flash the EC firmware if Tgc>?that could potentially cause problems, I of course do not know if it Tgc>?has DMA.
Tgc>?Only existing tool to flash EC is using vendor tool. Tgc>?EC are only accessed trough port mapped IO (or on newer ones also via Tgc>?memory mapped IO). EC itself does not have DMA afaik.
Tgc>?-- Tgc>?coreboot mailing list: coreboot@coreboot.org Tgc>?https://www.coreboot.org/mailman/listinfo/coreboot