Hacking Haswell ThinkPads' Firmware

A cheap Craigslist laptop gets its BIOS hacked and Intel Management Engine neutered.

Written .
Updated with updated instructions.

A Brief History of Intel

The x86 ISA has been around since . In the past fifty-plus years, this CISC architecture has only gotten more and more complicated. It's gotten to the point where a separate computer needs to prepare the real computer to load an operating system. Starting around 2006, Intel's chipsets (and later, processors) included a separate autonomous subsystem known as the Intel Management Engine. This co-processor runs as long as the main computer is receiving power, even when the actual computer is turned off. More troubling, the code is obfuscated, which means that researchers are largely unable to examine it.

Over the years, other features would be integrated into the Intel ME: Intel Anti-Theft (now discontinued), Intel AMT, Intel vPro, Intel Boot Guard, Protected Audio/Video Path, Serial-over-LAN, Intel Platform Trust Technology, and others — still with the chip and its firmware largely invisible from independent security researchers.

While there is a strong business case for many of these technologies — save for PTT being required to implement an fTPM — the average home user will not need these, especially on this Lenovo ThinkPad T540p that I recently obtained; it has a fourth-generation Intel Core processor, which is not compatible with Windows 11, so I don't need to worry about having a TPM.

The FCC Is Also Involved

In the United States, manufacturers need to have their computers approved by the FCC if they contain any wireless radios (i.e., for Wi-Fi, Bluetooth, NFC, or cellular data). Each separate configuration needs to be certified. To save them time and money, many BIOSes contain an allow-list of permitted Wi-Fi and WWAN cards.

That's understandable, but with Wi-Fi 6 and Wi-Fi 6E out, Wi-Fi 5 — particularly the pre-wave2 stuff — is starting to get a little long in the tooth. Plus, shouldn't we have the freedom to modify our hardware to suit our needs?

A ThinkPad T440p with an unauthorized Wi-Fi card.
If you install an unauthorized wireless card, the system will refuse to boot. (Photo credit: Wolfgang)

About Software Freedom

With all respect to Richard Stallman, the hardware and software you buy should respect the four essentials freedoms of software: to run an app for any purpose, to study how an app works, to change it to make it do what you wish, and to redistribute and make copies to help others.

Thus, let me show you how you can modify your "Intel Inside" laptop or desktop to run whatever code you want it to run, so that it behaves how you want it to behave. (Since this is a firmware modification, it's far safer to show you how to modify yours, rather than give you a binary blob that might have unintended side effects.)

Preparation

You will need a ThinkPad based on the Intel Haswell platform, such as the T440p, T540p, W540, and W541. I'm showing you a T540p. For other models, you'll need to look at the motherboard and find your chips yourself. Before we start, go ahead and download the latest Intel ME and Lenovo UEFI firmwares. You won't be able to update these later without repeating all of these steps!

The Lenovo flashing software will keep modified software far away from the chips. Thus, you will need to purchase a chip programmer. Order a CH341A-based programmer.

While you wait for your new tool to arrive, expose your BIOS and ME chips. I've heard that it's right under the memory access door on the T440p. However, on my T540p, you'll need to completely remove the motherboard from the laptop. Because I wound up with many leftover screws, I won't explain how to do that. Instead, consult Lenovo's Hardware Maintenance Manual and follow their directions. Fortunately, this and the reassembly are the toughest parts of this liberation (as is removing the keyboard without breaking any keycaps).

Be sure to unplug the CMOS battery, too. We need all power removed from the motherboard.

When you get the motherboard free, you'll see two identically-shaped eight-pin chips over by the SIM card slot. The one closest to the business end of the slot is a 64 Mb Macronix 25L6473E chip that contains the Intel Management Engine, the Ethernet PXE option ROM, and other related things. The opposite chip is a 32 Mb Macronix 25L3273E chip that contains the UEFI BIOS partitions.

A flash programmer hooked up to the BIOS chip of a Lenovo ThinkPad T540p.
There's more than one way to flash a BIOS. Make sure your clip is attached properly and securely. Otherwise, you will probably turn your motherboard into a brick.

You should also make sure the flashrom tool is installed, and you have a working copy of Python 3. Your operating system's package manager can give you both of these.

Neutering the Intel Management Engine

The Intel ME cannot be removed entirely from any Intel Core platform, as it is required for initializing and booting the computer. However, the three-lettered American intelligence agencies were not okay with a hidden operating system running on their computers, so Intel came up with a special operating mode for the ME. As they stated in a press release:

In response to requests from customers with specialized requirements we sometimes explore the modification or disabling of certain features. In this case, the modifications were made at the request of equipment manufacturers in support of their customer's evaluation of the US government's "High Assurance Platform" program. These modifications underwent a limited validation cycle and are not an officially supported configuration.

I will let you, dear reader, take their warning at face value.

That being said, let's continue. Here is what needs to happen with this chip:

  1. Read the Intel ME ROM.
  2. Run me_cleaner to remove unneeded modules and enable the High Assurance Platform mode.
  3. Write back the neutered ROM image.

Let's get started. Position your flash reader clip on the Intel ME chip (the one closest to the SIM card reader), connect your flash reader to your computer, then run flashrom to read the chip:

flashrom --programmer ch341a_spi --chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E/MX25L6473F" --read upper.bin
Dump the Intel ME ROM.

(Tip: If you're not sure your programmer is attached firmly, read the chip a second time into upper2.bin and then diff the two files. If the files differ, make sure your clip is firmly connected and try again.)

Fortunately, we won't need to edit this file on our own. Download a copy of me_cleaner from GitHub. This will set the ME into the High Assurance Platform/AltMeDisable mode, so that once the bring-up phase is complete and the POST begins, the ME will safely hang:

git clone https://github.com/corna/me_cleaner.git
python me_cleaner/me_cleaner.py --soft-disable --relocate --truncate --output-file upper-cleaned.bin upper.bin
Use me_cleaner to remove all but the bring-up and ROM code from the ME. Using --relocate --truncate will free up space on the chip if you're feeling more adventurous than me.

That was easy, right? Now, let's write back our cleaned image. This step will take a while, so don't panic. flashrom will be reading, writing, and verifying each block.

flashrom --programmer ch341a_spi --chip MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E/MX256473F" --write upper-cleaned.bin

Write back the cleaned image to the Intel ME chip.

I don't know about you, but I had to specify the --chip switch in order for it to recognize this particular ROM.

Congratulations! You can attach the screen, keyboard, and charging port to the motherboard and boot it up now, if you'd like to test. When you go into the BIOS, you'll see that the listed ME Version is now blank.

If that's all you wanted to do, you can stop reading and start re-assembling the laptop.


Removing the PCIe Allow-list and Unlocking More Firmware Options

While we have this thing open, we might as well upgrade it to Wi-Fi 6. Hop on eBay and pick yourself up a newer WLAN card, such as the Intel AX200 (Wi-Fi 6) or AX210 (Wi-Fi 6E). While those have their own proprietary firmwares, they are rock-solid under .

Before we begin this step, here is another reminder to download and install the latest firmware updates from Lenovo. (For the T540p, BIOS version 2.39 is the latest.)

Position your flash reader on the UEFI BIOS chip — the one furthest from the SIM card slot — then dump it:

flashrom --programmer ch341a_spi --chip "MX25L3273E" --read lower.bin
Read the UEFI BIOS chip.

Just like with the Intel ME, there are pre-made tools to unlock the BIOS.

# Download and install UEFITool. It's in Ubuntu's repositories, but if that's not an option, grab it from GitHub; then, configure, build, and install it. Make sure the UEFIPatch binary is in your PATH.
apt install uefitool || git clone https://github.com/LongSoft/UEFITool.git

# Download and edit our firmware patches.
wget https://raw.githubusercontent.com/digmorepaka/thinkpad-firmware-patches/master/xx40_xx50_patches_v7.txt
$EDITOR xx40_xx50_patches_v7.txt
Download the tools and information we need to patch the BIOS.

Read through the patch file. Comment or uncomment any lines that apply or don't apply to your ThinkPad's make and model. Uncomment lines pertaining to your model, and comment ones that don't; otherwise, at best, your patch will be ineffective, or at worst, your computer will beep or not boot (but you can reverse this by repeating these instructions with an unadulterated copy of your BIOS). Save and exit when done, and we'll create a patched image.

# Patch the BIOS image.
UEFIPatch lower.bin xx40_xx50_patches_v7.txt -o lower-patched.bin
Apply our changes!

While the ThinkPad will work if we flash this file back, it will beep like a madman. We need to sign the BIOS with an RSA key. Fortunately, there is no PKI enforcement, so any key will do, even one that we generate on the fly. Let's bring in another tool:

# Download and install this tool and its dependency.
git clone https://github.com/thrimbor/thinkpad-uefi-sign.git
pip3 install pycryptodome

python3 thinkpad-uefi-sign/sign.py lower-patched.bin --output lower-patched-signed.bin
Download and run the tools needed to sign your new UEFI image.

That was almost too easy. Let's write it back to the chip. Again, this will take a while, so go do something else for a few minutes.

flashrom --programmer ch341a_spi --chip "MX25L3273E" --write lower-patched-signed.bin
Write the patched and signed UEFI ROM back to the BIOS chip.

Now, reassemble your laptop and start it up! You'll get an error about the CMOS checksum being and the date/time being invalid. That was because we disconnected the backup battery, not because we decided to rewrite the firmware. If you go into the BIOS, you'll see a plethora of new settings under the new Advanced menu.

Note that this Advanced menu takes the place of the Date/Time menu, so we'll have to boot our operating system and set the clock there.

In Conclusion

You've done it! The spyware located inside the Intel Management Engine is now inoperable. On top of this, you've modified your firmware to let you upgrade and tweak this laptop as much as you want. Hopefully this makes your older ThinkPad last even longer!

Much credit goes to Wolfgang, for his excellent write-up about doing all this to a ThinkPad T440p. I'd also like to thank the developers of the various tools that we've used.

Links

Positive Technologies: Disabling Intel ME 11 via undocumented mode
https://PTSecurity.com/ww-en/analytics/disabling-intel-me-11-via-undocumented-mode/
Free Software Foundation: What is Free Software?
https://GNU.org/philosophy/free-sw.html
me_cleaner
https://GitHub.com/corna/me_cleaner
UEFITool
https://GitHub.com/LongSoft/UEFITool
Patch file for Haswell ThinkPads (also, that's quite the domain name)
https://raw.githubusercontent.com/digmorepaka/thinkpad-firmware-patches/master/xx40_xx50_patches_v7.txt
thinkpad-uefi-sign
https://GitHub.com/thrimbor/thinkpad-uefi-sign
Wolfgang's Blog: Removing the Wi-Fi whitelist on Haswell Thinkpads (T440p, W540, T540, etc.)
https://notthebe.ee/Removing-the-Wi-Fi-Whiteslit-on-Haswell-Thinkpads-T440p-W540-T540-etc.html