

- #INTEL BIOS UPDATE CAPSULE HEADER INVALID FOR WINDOWS 10#
- #INTEL BIOS UPDATE CAPSULE HEADER INVALID DOWNLOAD#
Why two binary images? Lenovo Thinkpads have separate firmware for the “BIOS” and the Embedded Controller Program (ECP).
#INTEL BIOS UPDATE CAPSULE HEADER INVALID FOR WINDOWS 10#
Note that I used a Linux utility, tree, running in the Linux subsystem for Windows 10 to provide the listing. The rest of the files in the update do not contain actual firmware images. The only two files of actual interest to us are highlighted by the red box. It is a self extracting executable named jbuj62ww.exe. Here is the contents of the latest firmware update (as of November 2016) for the Lenovo T450 laptop. This blog post explores what information you can glean from these microcode updates and confirms the existence of an additional undocumented header in Intel microcode updates which was initially described by Chen and Ahn in their December 2014 paper Security Analysis of x86 Processor Microcode.

I will have a look at this.Recently, I decided to examine the contents of a Lenovo T450 firmware update before installing the firmware update and noticed that it included a number of Intel processor microcode updates. Never tried it myself, but EDK II should support this use case. Or you could build it from source and sign it.
#INTEL BIOS UPDATE CAPSULE HEADER INVALID DOWNLOAD#
How would I go about this? The device is attached to the iGPU and I won’t be able to tweak it from the host once the guest took over, or not?įor SecureBoot, you could download the source and build the ROM into OVMF instead. You can manually tweak the backlight registers What is happening here?Īlso, even if I set load Video OpRom to none in the BIOS and have a completely black eDP screen, the guest would still complain to not find a VBIOS and the invalid PCI ROM header messages continue in the host. However, when I launch the guest with the iGPU attached, the screen gets garbled **with the same pattern as if I would manually remove the PCI device from /sys/. It doesn’t change the content once I boot the host as with my kernel configs and cmdline there is no new output on the display. So, before I found the option in the BIOS to disable loading Video OpRom (it was hidden behind activating CSM but then still setting everything to UEFI), the eDP display would show the vendor’s boot logo and the display would be bright. The eDP panel should still work once the guest boots and loads its driver, but the backlight won't

So there’s no use in trying to find and dump it from the BIOS image, I suppose? Which won't be useful for the guest since it's intermingled with CPU power-on sequences. I also tried to power cycle the card as much as possible by removing the PCI device from the /sys/ tree, but alas it doesn’t help and only causes DMAR issues. I tried to dump it using the methods described in these articles:Ī post in this reddit I can't find atm (will update later), which said to boot a VM with the iGPU attached, turn the VM off and then dump the bios (would have to unplug eDP, which I didn't try) I tried getting the video BIOS from Windows, but it's not possible to dump. It is not possible to boot with the dGPU, all outputs except for the internal eDP connector are directly connected to the dGPU (apparently, there is a muxed setup where the dGPU sends it's pictures to the iGPU which shows them on the laptop's screen) proc/cmdline: intel_iommu=on iommu=pt earlyprintk=serial,ttyS0,115200,8n1 console=ttyS0,115200,8n1 video=efifb:off,vga:off console=tty1 console=ttyUSB0 modprobe.blacklist=i915,nouveau (disables any output on screen reliably, but note, without recompiling the kernel and removing vga arbiter it still touches the graphics card)īut it never gave possibility for the guest to use the device. Setting the Video OpRom loader to None in the BIOSĬompile kernel with no framebuffer, vga console, vga arbiter and basically no graphics at allīoot the kernel directly as EFI application without GRUB2 or any bootloader in between which could mask the VBIOS on the iGPU I already tried to completely isolate the iGPU from the whole boot process and it reliably prevents the screen from showing anything at all, including The guest always complains, that it can't find the VBIOS. Or vfio pci 0000:00:02.0: "Video device with shadowed ROM" at I only get a black screen and error messages in dmesg such as: vfio-pci 0000:00:02.0: vfio_ecap_init: hiding ecap 703.013256] vfio-pci 0000:00:02.0: Invalid PCI ROM header signature: expecting 0xaa55, got 0xffff I tried different setups but it doesn't work. I'm trying to get OVMF PCIe passthrough of my iGPU on my laptop running, also called GVT-d for Intel GPUs, such that the VM controls the display of my laptop.
