12-09-2018, 02:38 PM (This post was last modified: 12-09-2018, 02:38 PM by propernorf.)
(12-01-2018, 03:39 AM)Tetonne Wrote: did any one success with whitelist bios 1.52 on lenovo T420?
=> solution on windows 10 with WinFlash64.sys
Mind sharing instructions ? I have a T420 with 1.52 bios, downloaded the files and ran WINUPTP.EXE but it says that I have the latest bios and don't need to update.
Posts: 5
Threads: 0
Joined: Dec 2018
Reputation:
0
(12-01-2018, 03:39 AM)Tetonne Wrote: did any one success with whitelist bios 1.52 on lenovo T420?
=> solution on windows 10 with WinFlash64.sys
Mind sharing instructions ? I have a T420 with 1.52 bios, downloaded the files and ran WINUPTP.EXE but it says that I have the latest bios and don't need to update.
Figured it out already. downgraded to 1.46 old bios and then re-flashed 1.52 moded bios from command prompt.
Code:
WINUPTP.EXE /S
Posts: 5
Threads: 0
Joined: Dec 2018
Reputation:
0
(08-17-2018, 01:48 PM)zmb Wrote: Here are the modded bios 1.52. Modded only the part responsible for checking the whitelist. Use it at your own risk, it worked on my pc but I have no option to check it on another t420.
Here are some additional modifications to the bios modded some time ago (I think everything that people usually want):
- No whitelist
- AES-NI lock removed
- MSR 0xE2 unlocked
- Added advanced menu
- Memory lock to 1333 removed (now supports DDR3 1600 and 1866)
- Intel vbios updated from 2089->2170
- Re-signed with custom key to get rid of 5 beeps on boot (Does anybody have these beeps? If you get the error 1901: or some nonsense about security after this, you need to reset bios settings to defaults)
In the folder mod, there are bioses with different number of modification. It is possible to know what modification is applied from the name of the file: NWL - no whitelist, NWL_ADV - no whitelist + advanced menu etc. if you need to apply specific bios from the list, you need rename it to $01C8000.FL1 and place it to the folder 83ET82WW.
When the newer version of the bios will be available (if at all) you could try change yourself. There is an easy way to apply modifications to the new bios version without disassemblers or any such fancy tools.
For this you need one external tool: UEFItool
This tool could be used to extract some specific module from the bios image (*.FL1 - file) and then to replace it with the modified one. Each module is a program, which performs some functions. For example the whitelist check is done in the module "LenovoWmaPolicyDxe.efi"
The idea is that for the minor bios changes the modules in the bios-image of different versions are the same. And it is possible to replace the original module in the newer version of the bios with patched module from the older one. (see pic1)
For example if I extract the "LenovoWmaPolicyDxe.efi" from 1.51 bios and from 1.52 and compare them in binary mode, then I will see that the modules are the same. (command for binary compare: fc /b file1 file2 - see pic2)
This means, that I could take the patched module from the v1.52 ("LenovoWmaPolicyDxe_modded.efi") and replace the original module in the v1.51. This way I would get the whitelist free version of the bios v1.51.
The example above may be true for the next version of the bios v1.53 and for other models of thinkpads as well.
Of course If the extracted module is not the same and the binary compare shows differences, then bad luck and it is better not to touch it.
Posts: 4
Threads: 0
Joined: Nov 2018
Reputation:
0
Hi zmb.
I'm under Windows 10. i made the genuine 1.52 update. I't ok
can i use http://rgho.st/private/7DYcBR7MF/7572e9d...8da07b25e0 on w10?
can you please provide the step by step how to
i rename $01C8000_NWL_ADV_0xE2_AES-NI_RAM_VBIOS.FL1.rom to $01C8000.FL1 (put it in 83ET82WW folder)
how do i do that 2. Then run WINUPTP.EXE /S from this folder, WINUPTP.EXE seems to be unknown
must i do an Windows 7 install to mod my bios?
![[-]](https://www.bios-mods.com/forum/images/black/collapse.png "[-]")
![[Valid RSS]](valid-rss.png "Validate my RSS feed")