Do NOT update ThinkPads' latest EC

5 Antworten [Letzter Beitrag]
nadebula.1984
Offline
Beigetreten: 05/01/2018

https://support.lenovo.com/us/en/solutions/len-27764

This is something like Boot Guard imposed on the EC. I mistakenly flashed it on my T430s, but fortunately, I was able to rollback both UEFI and EC.

If you already flashed it by mistake, download the ISO image containing latest UEFI and second latest EC (e.g. the UEFI 2.75 and EC 1.15 combination for T430s). Install the package "genisoimage" and following the instructions found here to make bootable USB media:

https://trisquel.info/en/forum/update-bios-thinkpads-without-win-or-cddvd-drive

Reboot and press F1 to enter UEFI. Be sure to enable firmware rollback (in the Security tab). Then use said USB media to perform the downgrade. You should be able to rollback both UEFI and EC, because their images bear Lenovo's signature.

zapper (nicht überprüft)
zapper

This should be a given, never trust proprietary software for security.

GNUbahn
Offline
Beigetreten: 02/18/2016

Nevertheless, libreboot.org recommends you update EC: https://libreboot.org/docs/hardware/x200.html#ecupdate

jxself
Offline
Beigetreten: 09/13/2010

They are different situations. The X200 does not have Boot Guard and the X200's EC firmware has not received updates from Lenovo in a long time.

GNUbahn
Offline
Beigetreten: 02/18/2016

I didn't know. Thanks for clarifying.

nadebula.1984
Offline
Beigetreten: 05/01/2018

That libreboot and coreboot recommend users update EC is because there is no way to update EC except using official firmware (BIOS or UEFI) images. Once you've flashed libreboot or coreboot, you can't update EC unless temporarily flash back the BIOS/UEFI image. (And when you finished updating EC, and you still want to use libreboot/coreboot, you have to (disassemble the computer and) use external programmer again.)

But the latest EC updated in August or September 2019 (for IvyBridge or newer platforms) doesn't fix any bug or improve battery management or do any good thing. It only imposed digital signature verification on the EC image. If you "upgrade" your system's EC to this version, you can no longer modify the EC, including flashing a free/libre EC.

So if you mistakenly updated your EC for your IvyBridge ThinkPads (X230/t, T430/s, T/W530 series), be sure to rollback it immediately.