Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Unlocking AES-NI on certain Lenovo notebooks models with UEFI (Insyde) firmware (sold in countries with encryption hardware restrictions):
- 1. Use recent phoenixtool 185b3 to unpack the firmware (.fl1 file). Check "No SLIC" and "Allow user to modify other modules"
- 2. Find this code (located in F7731B4C-58A2-4DF4-8980-5645D39ECE58 / PowerManagement2.efi module):
- 00000000000033D7: B9 3C 01 00 00 mov ecx,13Ch
- 00000000000033DC: E8 47 18 00 00 call 0000000000004C28
- 00000000000033E1: A8 01 test al,1
- 00000000000033E3: 75 2E jne 0000000000003413
- 00000000000033E5: 0F B7 15 F4 11 00 movzx edx,word ptr [000045E0h]
- 00
- 00000000000033EC: 66 0F BA E2 09 bt dx,9
- 00000000000033F1: 72 0B jb 00000000000033FE
- 00000000000033F3: F6 C2 04 test dl,4
- 00000000000033F6: 75 06 jne 00000000000033FE
- 00000000000033F8: 48 83 C8 03 or rax,3
- 00000000000033FC: EB 08 jmp 0000000000003406
- 00000000000033FE: 48 83 E0 FD and rax,0FFFFFFFFFFFFFFFDh
- 0000000000003402: 48 83 C8 01 or rax,1
- 0000000000003406: 48 8B D0 mov rdx,rax
- 0000000000003409: B9 3C 01 00 00 mov ecx,13Ch
- 000000000000340E: E8 1F 18 00 00 call 0000000000004C32
- 0000000000003413: 33 C0 xor eax,eax
- 0000000000003415: 48 83 C4 38 add rsp,38h
- 0000000000003419: C3 ret
- and change
- 00000000000033F8: 48 83 C8 03 or rax,3
- to
- 00000000000033F8: 48 83 C8 01 or rax,1
- note: AES-NI is controlled by bit 1 in the MSR 0x13c (set: AES-NI off, cleared: AES-NI on), bit 0 there seems to be the lock bit which disables further writes to this MSR (so it's not possible to enable AES-NI from your OS without firmware patch)
- 3. Allow phoenixtool to pack the firmware file back with the updated module
- 4. Flash with patched winflash
- 5. Enjoy
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement