Some time ago, my setup menu disappeared from my laptop. I don’t know why, but
F2 didn’t work, and it didn’t show up under the
F10 app menu. During the Google Code-In 2014 winner trip I tried to fix this, with worse results: the boot menu disappeared!
So now my computer can just boot. (note: I can use an UEFI feature to actually boot into the setup menu, so hope was not all
lost, I just had to be very careful not to enable SecureBoot or legacy mode!) So, I dumped the bios flash (which was not
complete, 3 MB vs 8 MB, iirc) and looked through the files. After a while, I found a set of
FvFile strings in the code, which
(after looking on the internet) seemed to be correct (the GUID I found was the same as the one Lenovo uses, since they use the
same base!). I then decided to craft my own boot entries from scratch. What’s the worst that could happen?
Answer: Everything broke! I set the boot entries, and rebooted. Black screen. This was the most I could do
at the moment, so I gave up. At home, I decided to dump the hard drive, and decompile the BIOS some more. The model laptop I
have doesn’t actually have any available recovery modes, and the BIOS isn’t broken, the nvram broke! so yeah, I am out of
options. I decided to go for the last option, and that is opening the laptop and fix the NVRAM that way. So, I bought a SOIC
clip. Some time later, when the SOIC clip arrived, I put everything together: A Raspberry Pi with
flashrom, with a GPIO thing
going to the breadboard, where the SOIC clip is connected. so, everything set up, connected the SOIC clip to my flash rom, and
connected both. The Raspberry Pi turned off. I went after all the connections and everything seemed
fine. So, I tried it again. Same result. So, I went after the connections on the flash chip (maybe I put the clip on
improperly?) And here we go, the write protect pin was grounded to the ground pin, probably to avoid the boot block being
overwritten, and everything can be recovered even if you tried to erase the entire flash. So I decided to disconnect the write
protect pin from the Raspberry Pi. And here we go, it just reads
0xFF. So I went after the datasheet again, and turns out I
switched the input and output pins, due to a stupid mistake I made. At this point I just hoped the chip still worked, and it
did! I dumped the rom twice, and compared the two files. (they were the same, luckily!) I then decided to save the rom to
multiple places, to make sure I don’t lose it. I then searched (using a hex editor) for my broken device path, and found it
exactly (luckily!). I then decided to fix the device path, so it had an end. (
7F FF 04 00) After this, I even replaced
Bont0000, to disable it fully. I then reflashed the rom, and connected the laptop to the charger. It worked!
After reassembling the laptop, I decided to fix the boot entries fully again, but this time I first tested it in a VM. The resulting boot entries are:
01010000 1800530065007400750070000000 04061400 668b1c726c42864e8e993457c46ab0b9 7FFF0400(Setup: FvFile(721C8B66-426C-4E86-8E99-3457C46AB0B9))
01010000 180042006f006f00740020004d0065006e0075000000 04061400 40844886bb41c74293ac450fbf7766bf 7FFF0400(Boot Menu: FvFile(86488440-41BB-42C7-93AC-450FBF7766BF))
Confusingly, if you search the boot menu GUID, it actually finds some results that mention that the GUID for them is used as setup item. (So not really globally unique :P) However, I can confirm these variables are correct for my laptop.