Lenovo G505S hacking
Lenovo G505S is the latest most powerful laptop from the Supported Motherboards list of coreboot open source BIOS ( FAQ about coreboot ) which does not contain the Intel ME / AMD PSP hardware backdoors inside its' CPU. That makes this laptop very unique and valuable to any hardware/software hacker, and hopefully this page could be of a great interest - and maybe even useful! - to you, the visitor of DangerousPrototypes
The software of this laptop is already 98% open source and free-as-in-freedom ; this page will describe the hacking efforts to liberate the remaining 2% as well as to make this laptop truly future-proof by collecting the described spare parts and upgrading its' various components
1) Fill this page with a lot of truly valuable information (a bit unexpected? ;)
2) Create a new "Lenovo G505S spare parts" page ( maybe would come up with a better title )
3) Describe the great-to-have software patches on top of the mainline code of coreboot open-source BIOS ( hopefully we'll get our changes merged and these descriptions would not be needed )
Unofficial coreboot patches
AMD microcode updates
Go to coreboot's configuration menu and check that " Chipset ---> Include CPU microcode in CBFS " option is set to " Do not include microcode updates " - because this microcode updating procedure is broken, and stupid: why load "old" then update to "new" when you could load "new" from the beginning? Hidden ./coreboot/.config file should contain
# CONFIG_CPU_MICROCODE_CBFS_GENERATE is not set # CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set CONFIG_CPU_MICROCODE_CBFS_NONE=y
Instead, let's take a look at
These scripts will help you to securely and conveniently apply the two changes to update AMD microcodes by patching the hardcoded arrays of hex values at some .c source code files. Updated microcode is required to improve system stability - in particular, to fix Xen hardware virtualization freezes e.g. while running Qubes 4 - as well as to patch some security vulnerabilities like piledriver+ NMI CPU userland to root exploit (if G505S's A10-5750M is affected) and maybe some Spectre-related vulnerabilities.
#!/bin/sh ### ### https://review.coreboot.org/c/coreboot/+/28425 ### AMD microcodes: scripts for applying the unofficial (not-merged-yet) updates ### rm -f ./*_ucode_patches.sh rm -f ./sha256sums_correct.txt rm -f ./*.diff && rm -f ./patch\?zip wget https://review.coreboot.org/changes/28425/revisions/5/patch?zip unzip ./patch\?zip && rm -f ./patch\?zip sha256sum_correct="6f84c17436a1b33d9834878003250b053dc4f0ce8235d04ef023d5d9276501b1 ./2b158e9.diff" sha256sum_my=$(sha256sum ./2b158e9.diff) printf \\n%s\\n%s\\n "=== sha256sum should be:" "$sha256sum_correct" if [ "$sha256sum_my" = "$sha256sum_correct" ] ; then echo "^^^ this is correct, will extract a microcode patching patch now..." patch -p1 < ./2b158e9.diff else echo "^^^ ! MISMATCH ! Check sha256sum manually: sha256sum ./2b158e9.diff" fi
Save all 4 files of this change to
Allow the execution of 3 scripts by doing
chmod +x ./*_ucode_patches.sh
to download the patches and extract them,
to compare their checksums with
0dcd889f1a90899b8c5852c41311a38cc6cb61622eabb5bdeec2aa96f62eecaa ./7c771be.diff 69dce983976e38d577b797bd802ad21cdcb1c559705c664d91ec1d0fbde9854f ./d5107a0.diff
and finally, if everything is good,
This will install the following AMD ucode patches:
28273: src/vendorcode/amd/agesa/f15tn: Update microcode to version 0x600111F 2018-03-05 - for CPU IDs 0x610F01/0x610F31 (replaces the very outdated 0x600110F [2012-01-11])
28370: src/vendorcode/amd/agesa/f16kb: Update microcode to version 0x7000110 2018-02-09 - for CPU ID 0x700F01 (replaces the very outdated 0x700010B [2013-07-09])
AMD GPU AtomBIOS blobs
This page is currently under construction and may be significantly changed without further notice ;)
awokd's info dump:
Caveats: Sleep mode does not work under Qubes. Good to disable both XHCI options in Coreboot menu or the left side ports won't work at all. Disabled they sort of function as USB 2.0 (or 1.1?) ports, but you may have to use irqpoll (on sys-usb kernel options if using Qubes).
After flashing with coreboot, you can use the following command for internal flashes:
sudo flashrom -p internal:laptop=force_I_want_a_brick,amd_imc_force=yes -w coreboot.rom
A10-5750M processor is cpu fam 21/0x15, mod 19/0x13, step 1 raw 00610f31
If your model has a secondary GPU, need to add xen-pciback.hide=(02:00.0) to boot options (02:00.0 is an example, check first) to use with Qubes.
To locate the firmware in the OEM image, use UEFITool and search for your BIOS version in reverse byte order, like for version 0x06001119, search for 0x19110006.