-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


"Hacking Haswell ThinkPads' Firmware"
 by Colin Cogle

Published Sunday, January 2, 2022.
Last updated Tuesday, February 15, 2022.

ABSTRACT
A cheap Craigslist laptop gets its BIOS hacked and Intel Management
Engine neutered.


A BRIEF HISTORY OF INTEL
The x86 ISA has been around since the late 1970's. In the past fifty-plus years,
this CISC architecture has only gotten more and more complicated. It's gotten to
the point where a separate computer needs to prepare the *real* computer to load
an operating system.  Starting around 2006, Intel's chipsets (and later, proces-
sors) included a separate "autonomous subsystem" known as the Intel Management
Engine. This co-processor runs as long as the main computer is receiving power,
even when the actual computer is turned off.  More troubling, the code is obfus-
cated, which means that security researchers are largely unable to examine it.

Over the years, other features would be integrated into the ME: Anti-Theft (now
discontinued), Intel AMT, Intel vPro, Intel Boot Guard, Protected Audio/Video
Path, Serial-over-LAN, Intel Platform Trust Technology, and others -- still with
the chip and its firmware largely invisible from independent security research-
ers.

While there is a strong business case for many of these technologies -- save for
PTT being required to implement an fTPM -- the average home user will not need
these, especially on this Lenovo ThinkPad T540p that I recently obtained; it has
a fourth-generation Intel Core processor, which is not compatible with Windows
11, so I don't need to worry about having a TPM.


THE FCC IS ALSO INVOLVED
In the United States, manufacturers need to have their computers approved by the
FCC if they contain any wireless radios (i.e., for Wi-Fi, Bluetooth, NFC, or
cellular data).  Each separate configuration needs to be certified. To save time
and money, many BIOSes contain an allow-list of permitted Wi-Fi and WWAN cards.

That's understandable, but with Wi-Fi 6 and Wi-Fi 6E out, Wi-Fi 5 -- particular-
ly the pre-wave2 stuff -- is starting to get a little long in the tooth.  Plus,
shouldn't we have the freedom to modify our hardware to suit our needs?


ABOUT SOFTWARE FREEDOM
With all respect to Richard Stallman and the Free Software Foundation, the hard-
ware and software you buy should respect the four essential freedoms: to run an
app for any purpose, to study how an app works, to change it to make it do what
you wish, and to re-distribute and make copies to help others.

Thus, let me show you how you can modify your "Intel Inside" laptop or desktop
to run whatever code you want it to run, so that it behaves how *you* want it
to behave.  (Since this is a firmware modification, it's far safer to show you
how to modify yours, rather than give you a binary blob that might have uninten-
ded side effects.)


PREPARATION
You will need a ThinkPad based on the Intel Haswell platform, such as the T440p,
T540p, W540, or W541. I'll be describing a T540p. For other models, you'll need
to look at the motherboard and find your chips yourself.  Before we start, go
ahead and download the latest Intel ME and Lenovo UEFI firmwares.  You won't be
able to update these later without repeating all of these steps!

The Lenovo flashing software will keep modified software far away from the
chips. Thus, you will need to purchase a chip programmer. Order a CH341A-based
programmer.

While you wait for your new tool to arrive, expose your BIOS and ME chips. I've
heard that it's right under the memory access door on the T440p. However, on my
T540p, you'll need to completely remove the motherboard from the laptop. Because
I wound up with many leftover screws, I won't explain how to do that.  Instead,
consult Lenovo's Hardware Maintenance Manual and follow their directions.

Fortunately, this and the reassembly are the toughest parts of this liberation
(as is removing the keyboard without breaking any keycaps).

Be sure to unplug the CMOS battery, too. We need all power removed from the
motherboard.

When you get the motherboard free, you'll see two identically-shaped eight-pin
chips over by the SIM card slot.  The one closest to the business end of that
slot is an 64 Mb Macronix 25L6473E chip that contains the Intel Management Engine,
the Ethernet PXE option ROM, and other related things.  The opposite chip is a
32 Mb Macronix 25L3273E chip that contains the UEFI BIOS partitions.

You should also make sure the `flashrom` tool is installed, and you have a
working copy of Python 3.  Your operating system's package manager can give you
both of these.


NEUTERING THE INTEL MANAGEMENT ENGINE
The Intel ME cannot be removed entirely from any Intel Core platform, as it is
required for initializing and booting the computer. However, the three-lettered
American intelligence agencies were not okay with a hidden operating system run-
ning on their computers, so Intel came up with a special operating mode for the
ME.  As they stated in a press release to Positive Technologies:

  "In response to requests from customers with specialized requirements we
   sometimes explore the modification or disabling of certain features. In
   this case, the modifications were made at the request of equipment manufac-
   turers in support of their customer's evaluation of the U.S. government's
   'High Assurance Platform' program. These modifications underwent a limited
   validation cycle and are not an officially supported configuration."

I will let you, dear reader, take their warning at face value.

That being said, let's continue. Here is what needs to happen with this chip:

1. Read the Intel ME ROM.
2. Run me_cleaner to remove unneeded modules and enable the High Assurance
  Platform mode.
3. Write back the neutered ROM image.

Let's get started. Position your flash reader clip on the Intel ME chip (the
one closest to the SIM card slot), connect your flash reader to your computer,
then run flashrom to read the chip:

# flashrom --chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E/MX25L6473F" \
   --programmer ch341a_spi --read upper.bin

(Tip: If you're not sure your programmer is attached firmly, read the chip a
second time into upper2.bin and then diff the two files. If the files differ,
make sure your clip is firmly connected and try again.)

Fortunately, we won't need to edit this file on our own.  Download a copy of
me_cleaner from Nicola Corna's GitHub.  This will set the ME into the High As-
surance Platform/AltMeDisable mode, so that once the bring-up phase is complete
and the POST begins, the ME will safely hang:

$ git clone https://github.com/corna/me_cleaner.git
$ python me_cleaner/me_cleaner.py --soft-disable --relocate --truncate \
   --output-file upper-cleaned.bin upper.bin

That was easy, right?  Now, let's write back our cleaned image. This step will
take a while, so don't panic.  flashrom will be reading, writing, and verifying
each block.

#  flashrom --chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E/MX25L6473F" \
    --programmer ch341a_spi --write upper-cleaned.bin

Congratulations!  You can attach the screen, keyboard, and charging port to the
motherboard and boot it up now, if you'd like to test.  When you go into the
BIOS, you'll see that the listed "ME Version" is now blank.

If that's all you wanted to do, you can stop reading and start re-assembling
the laptop.


REMOVING THE PCIe ALLOW-LIST AND UNLOCKING MORE FIRMWARE OPTIONS
While we have this thing open, we might as well upgrade it to Wi-Fi 6.  Hop on
eBay and pick yourself up a newer WLAN card, such as the Intel AX200 (Wi-Fi 6)
or AX210 (Wi-Fi 6E). While those have their own proprietary firmwares, they are
rock-solid under Linux.

Before we begin this step, here is another reminder to download and install the
latest firmware updates from Lenovo.  (For the T540p, BIOS version 2.39 is the
latest.)

Position your flash reader on the UEFI BIOS chip -- the one furthest from the
SIM card slot -- then dump it:

#  flashrom --programmer ch341a_spi --chip "MX25L3273E" --read lower.bin

[Image] https://colincogle.name/blog/thinkpad-liberation/flashprogrammer.jpg

Just like with the Intel ME, there are pre-made tools to unlock the BIOS.
Download and install LongSoft's UEFITool.  You can use your distribution's
repositories, or grab it from GitHub.  If you do the latter, configure, build,
and install it somewhere in your $PATH.

# apt install uefitool || git clone https://github.com/LongSoft/UEFITool.git

Download and edit our firmware patches:

$  wget https://raw.githubusercontent.com/digmorepaka/thinkpad-firmware-patches/master/xx40_xx50_patches_v7.txt
$  $EDITOR xx40_xx50_patches_v7.txt

Read through the patch file. Comment or uncomment any lines that apply or don't
apply to your ThinkPad's make and model.  Save and exit when done, and we'll
create a patched BIOS image.

$  UEFIPatch lower.bin xx40_xx50_patches_v7.txt -o lower-patched.bin

While the ThinkPad will work if we flash this file back, it will beep like a
madman.  We need to sign the BIOS with an RSA key. Fortunately, there is no PKI
enforcement, so any key will do, even one that we generate on the fly.  Let's
bring in another open-source tool (Schmidt):

$ git clone https://github.com/thrimbor/thinkpad-uefi-sign.git
# pip3 install pycryptodome
$ python3 thinkpad-uefi-sign/sign.py lower-patched.bin \
                                     --output lower-patched-signed.bin

That was almost too easy.  Let's write it back to the chip. Again, this will
take a while, so go do something else for a few minutes.

# flashrom --programmer ch341a_spi --chip "MX25L3273E" \
          --write lower-patched-signed.bin

Now, reassemble your laptop and start it up! You'll get an error about the CMOS
checksum being and the date/time being invalid. That was because we disconnected
the backup battery, not because we decided to rewrite the firmware.  If you go
into the BIOS, you'll see a plethora of new settings under the new Advanced
menu!

Note that this Advanced menu takes the place of the Date/Time menu, so we'll
have to boot our operating system and set the clock there.


IN CONCLUSION
You've done it!  The spyware located inside the Intel Management Engine is now
inoperable. On top of this, you've modified your firmware to let you upgrade and
tweak this laptop as much as you want. Hopefully this makes your older ThinkPad
last even longer!  A thank-you to the developers of the open-source tools that
we've used, as well as Wolfgang for his excellent write-up and video that inspi-
red all this.

=== WORKS CITED ===
Corna, Nicola. "GitHub - corna/me_cleaner: Tool for Partial Deblobbing of Intel
   ME/TXE Firmware Images."  GitHub, 7 Oct. 2018, github.com/corna/me_cleaner.
Ermolov, Mark, and Maxim Goryachy.  "Disabling Intel ME 11 via Undocumented
   Mode."  Positive Technologies, 28 Aug. 2017,  www.ptsecurity.com/ww-en/
   analytics/disabling-intel-me-11-via-undocumented-mode.
Free Software Foundation.  "What Is Free Software?"  GNU Operating System,
   Free Software Foundation, 11 Oct. 2021, www.gnu.org/philosophy/free-sw.html.
LongSoft.  "GitHub - LongSoft/UEFITool: UEFI Firmware Image Viewer and Editor."
   GitHub, 22 Nov. 2020, github.com/LongSoft/UEFITool.
"Removing Wi-Fi Whitelist on Haswell Thinkpads (T440p, T540, W540) and Unlocking
   Advanced BIOS Settings."  YouTube, uploaded by Wolfgang’s Channel, 17 June
   2020, www.youtube.com/watch?v=ce7kqUEccUM.
Schmidt, Stefan.  "GitHub - thrimbor/thinkpad-uefi-sign." GitHub, 26 June 2020,
   github.com/thrimbor/thinkpad-uefi-sign.
Wolfgang.  "Removing the Wi-Fi Whitelist on Haswell Thinkpads (T440p, W540,
   T540, Etc.)."  Wolfgang’s Blog, 17 June 2020, notthebe.ee/Removing-the-Wi-
   Fi-Whiteslit-on-Haswell-Thinkpads-T440p-W540-T540-etc.html.

========================================================================
"Hacking Haswell ThinkPads' Firmware" by Colin Cogle is licensed under
Creative Commons Attribution-ShareAlike 4.0 International CC-BY-SA.
You can find this article on the web at: https://colincogle.name/T540p
========================================================================

- -----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQ7NZ6ap/Bjr/sGU4FSrfh98PoTfwUCYgxupwAKCRBSrfh98PoT
f0W5AQDA8ejx5j8mok7h8T+IlSuMEQOQ2ekjqxESABDo7n30EAD/RzhPmHx34Fjg
9gvhoX56x6zdTpbhjQtewZW9/iSzwgs=
=Qe+t
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQ7NZ6ap/Bjr/sGU4FSrfh98PoTfwUCYjNefAAKCRBSrfh98PoT
fwlrAP9PH1MZQUFjTXdPgItB6AMGdo4x05K7h+o281fN06asMgD+MZFtRb9r291s
+SKEu7u44VId+HX7niORVmezWMvtygI=
=gCAO
-----END PGP SIGNATURE-----

You are viewing proxied material from colincogle.name. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.