################################################################ ## ## ## CHIPSEC: Platform Hardware Security Assessment Framework ## ## ## ################################################################ [CHIPSEC] Version : 1.8.1 [CHIPSEC] OS : Linux 5.16.7-200.fc35.x86_64 #1 SMP PREEMPT Sun Feb 6 19:53:54 UTC 2022 x86_64 [CHIPSEC] Python : 3.10.2 (64-bit) ****** Chipsec Linux Kernel module is licensed under GPL 2.0 [CHIPSEC] API mode: using CHIPSEC kernel module API [!] Unknown PCH: VID = 0x1022, DID = 0x790E, RID = 0xFF; Using Default. [!] Results from this system may be incorrect. [CHIPSEC] Helper : LinuxHelper (/home/hughsie/Code/chipsec/chipsec/helper/linux/chipsec.ko) [CHIPSEC] Platform: Renoir Root Complex [CHIPSEC] VID: 1022 [CHIPSEC] DID: 1630 [CHIPSEC] RID: 00 [CHIPSEC] PCH : Default PCH [CHIPSEC] VID: FFFF [CHIPSEC] DID: FFFF [CHIPSEC] RID: FF [CHIPSEC] Executing command 'reg' with args ['read', 'RomProtect0'] [CHIPSEC] RomProtect0=0x0 [*] RomProtect0 = 0x00000000 << ROM Protect 0. Read,Write-once. Reset: 0000_0000h. This register specifies different ROM ranges to be protected. FCH::ITF::SPI::AltSPICS[SpiProtectEn0] enables the protection ranges. The addresses are within the defined ROM range if: {RomBase, 000_0000_0000b} <= address[31:0] <= ({RomBase, 000_0000_0000b} + (Range << (RangeUnit ? 16 : 12))). For the host, this register can only be written once after hardware reset; subsequent writes have no effect. To enable writing to this register again, one can generate an SMI through FCH or apply hardware reset. (b:d.f 00:20.3 + 0x50) [00] Range = 0 << Read,Write-once. Reset: 00h. Description: Specifies the protected range. The unit is defined at bit[8] in the same register. NOTE: The protection is limited to 4GB boundary. Base + Range cannot cross 4GB boundary; otherwise, hardware will not behave correctly. BIOS should make sure the values are within a valid range. [08] RangeUnit = 0 << Read,Write-once. Reset: 0. 0=4 KB. 1=64 KB. [09] ReadProtect = 0 << Read Protect. Read,Write-once. Reset: 0. 1=The memory range defined by this register is read- protected and reading any location in the range returns FFFF_FFFFh. [10] WriteProtect = 0 << Write Protect. Read,Write-once. Reset: 0. 1=The memory range defined by this register is write- protected and writing to the range has no effect. [12] RomBase = 0 << ROM Base. Read,Write-once. Reset: 0_0000h. ################################################################ ## ## ## CHIPSEC: Platform Hardware Security Assessment Framework ## ## ## ################################################################ [CHIPSEC] Version : 1.8.1 [CHIPSEC] OS : Linux 5.16.7-200.fc35.x86_64 #1 SMP PREEMPT Sun Feb 6 19:53:54 UTC 2022 x86_64 [CHIPSEC] Python : 3.10.2 (64-bit) ****** Chipsec Linux Kernel module is licensed under GPL 2.0 [CHIPSEC] API mode: using CHIPSEC kernel module API [!] Unknown PCH: VID = 0x1022, DID = 0x790E, RID = 0xFF; Using Default. [!] Results from this system may be incorrect. [CHIPSEC] Helper : LinuxHelper (/home/hughsie/Code/chipsec/chipsec/helper/linux/chipsec.ko) [CHIPSEC] Platform: Renoir Root Complex [CHIPSEC] VID: 1022 [CHIPSEC] DID: 1630 [CHIPSEC] RID: 00 [CHIPSEC] PCH : Default PCH [CHIPSEC] VID: FFFF [CHIPSEC] DID: FFFF [CHIPSEC] RID: FF [CHIPSEC] Executing command 'reg' with args ['read', 'RomProtect1'] [CHIPSEC] RomProtect1=0x0 [*] RomProtect1 = 0x00000000 << ROM Protect 1. Read,Write-once. Reset: 0000_0000h. This register specifies different ROM ranges to be protected. FCH::ITF::SPI::AltSPICS[SpiProtectEn0] enables the protection ranges. The addresses are within the defined ROM range if: {RomBase, 000_0000_0000b} <= address[31:0] <= ({RomBase, 000_0000_0000b} + (Range << (RangeUnit ? 16 : 12))). For the host, this register can only be written once after hardware reset; subsequent writes have no effect. To enable writing to this register again, one can generate an SMI through FCH or apply hardware reset. (b:d.f 00:20.3 + 0x54) [00] Range = 0 << Read,Write-once. Reset: 00h. Description: Specifies the protected range. The unit is defined at bit[8] in the same register. NOTE: The protection is limited to 4GB boundary. Base + Range cannot cross 4GB boundary; otherwise, hardware will not behave correctly. BIOS should make sure the values are within a valid range. [08] RangeUnit = 0 << Read,Write-once. Reset: 0. 0=4 KB. 1=64 KB. [09] ReadProtect = 0 << Read Protect. Read,Write-once. Reset: 0. 1=The memory range defined by this register is read- protected and reading any location in the range returns FFFF_FFFFh. [10] WriteProtect = 0 << Write Protect. Read,Write-once. Reset: 0. 1=The memory range defined by this register is write- protected and writing to the range has no effect. [12] RomBase = 0 << ROM Base. Read,Write-once. Reset: 0_0000h. ################################################################ ## ## ## CHIPSEC: Platform Hardware Security Assessment Framework ## ## ## ################################################################ [CHIPSEC] Version : 1.8.1 [CHIPSEC] OS : Linux 5.16.7-200.fc35.x86_64 #1 SMP PREEMPT Sun Feb 6 19:53:54 UTC 2022 x86_64 [CHIPSEC] Python : 3.10.2 (64-bit) ****** Chipsec Linux Kernel module is licensed under GPL 2.0 [CHIPSEC] API mode: using CHIPSEC kernel module API [!] Unknown PCH: VID = 0x1022, DID = 0x790E, RID = 0xFF; Using Default. [!] Results from this system may be incorrect. [CHIPSEC] Helper : LinuxHelper (/home/hughsie/Code/chipsec/chipsec/helper/linux/chipsec.ko) [CHIPSEC] Platform: Renoir Root Complex [CHIPSEC] VID: 1022 [CHIPSEC] DID: 1630 [CHIPSEC] RID: 00 [CHIPSEC] PCH : Default PCH [CHIPSEC] VID: FFFF [CHIPSEC] DID: FFFF [CHIPSEC] RID: FF [CHIPSEC] Executing command 'reg' with args ['read', 'RomProtect2'] [CHIPSEC] RomProtect2=0x0 [*] RomProtect2 = 0x00000000 << ROM Protect 2. Read,Write-once. Reset: 0000_0000h. This register specifies different ROM ranges to be protected. FCH::ITF::SPI::AltSPICS[SpiProtectEn0] enables the protection ranges. The addresses are within the defined ROM range if: {RomBase, 000_0000_0000b} <= address[31:0] <= ({RomBase, 000_0000_0000b} + (Range << (RangeUnit ? 16 : 12))). For the host, this register can only be written once after hardware reset; subsequent writes have no effect. To enable writing to this register again, one can generate an SMI through FCH or apply hardware reset. (b:d.f 00:20.3 + 0x58) [00] Range = 0 << Read,Write-once. Reset: 00h. Description: Specifies the protected range. The unit is defined at bit[8] in the same register. NOTE: The protection is limited to 4GB boundary. Base + Range cannot cross 4GB boundary; otherwise, hardware will not behave correctly. BIOS should make sure the values are within a valid range. [08] RangeUnit = 0 << Read,Write-once. Reset: 0. 0=4 KB. 1=64 KB. [09] ReadProtect = 0 << Read Protect. Read,Write-once. Reset: 0. 1=The memory range defined by this register is read- protected and reading any location in the range returns FFFF_FFFFh. [10] WriteProtect = 0 << Write Protect. Read,Write-once. Reset: 0. 1=The memory range defined by this register is write- protected and writing to the range has no effect. [12] RomBase = 0 << ROM Base. Read,Write-once. Reset: 0_0000h. ################################################################ ## ## ## CHIPSEC: Platform Hardware Security Assessment Framework ## ## ## ################################################################ [CHIPSEC] Version : 1.8.1 [CHIPSEC] OS : Linux 5.16.7-200.fc35.x86_64 #1 SMP PREEMPT Sun Feb 6 19:53:54 UTC 2022 x86_64 [CHIPSEC] Python : 3.10.2 (64-bit) ****** Chipsec Linux Kernel module is licensed under GPL 2.0 [CHIPSEC] API mode: using CHIPSEC kernel module API [!] Unknown PCH: VID = 0x1022, DID = 0x790E, RID = 0xFF; Using Default. [!] Results from this system may be incorrect. [CHIPSEC] Helper : LinuxHelper (/home/hughsie/Code/chipsec/chipsec/helper/linux/chipsec.ko) [CHIPSEC] Platform: Renoir Root Complex [CHIPSEC] VID: 1022 [CHIPSEC] DID: 1630 [CHIPSEC] RID: 00 [CHIPSEC] PCH : Default PCH [CHIPSEC] VID: FFFF [CHIPSEC] DID: FFFF [CHIPSEC] RID: FF [CHIPSEC] Executing command 'reg' with args ['read', 'RomProtect3'] [CHIPSEC] RomProtect3=0x0 [*] RomProtect3 = 0x00000000 << ROM Protect 3. Read,Write-once. Reset: 0000_0000h. This register specifies different ROM ranges to be protected. FCH::ITF::SPI::AltSPICS[SpiProtectEn0] enables the protection ranges. The addresses are within the defined ROM range if: {RomBase, 000_0000_0000b} <= address[31:0] <= ({RomBase, 000_0000_0000b} + (Range << (RangeUnit ? 16 : 12))). For the host, this register can only be written once after hardware reset; subsequent writes have no effect. To enable writing to this register again, one can generate an SMI through FCH or apply hardware reset. (b:d.f 00:20.3 + 0x5C) [00] Range = 0 << Read,Write-once. Reset: 00h. Description: Specifies the protected range. The unit is defined at bit[8] in the same register. NOTE: The protection is limited to 4GB boundary. Base + Range cannot cross 4GB boundary; otherwise, hardware will not behave correctly. BIOS should make sure the values are within a valid range. [08] RangeUnit = 0 << Read,Write-once. Reset: 0. 0=4 KB. 1=64 KB. [09] ReadProtect = 0 << Read Protect. Read,Write-once. Reset: 0. 1=The memory range defined by this register is read- protected and reading any location in the range returns FFFF_FFFFh. [10] WriteProtect = 0 << Write Protect. Read,Write-once. Reset: 0. 1=The memory range defined by this register is write- protected and writing to the range has no effect. [12] RomBase = 0 << ROM Base. Read,Write-once. Reset: 0_0000h. ################################################################ ## ## ## CHIPSEC: Platform Hardware Security Assessment Framework ## ## ## ################################################################ [CHIPSEC] Version : 1.8.1 [CHIPSEC] OS : Linux 5.16.7-200.fc35.x86_64 #1 SMP PREEMPT Sun Feb 6 19:53:54 UTC 2022 x86_64 [CHIPSEC] Python : 3.10.2 (64-bit) ****** Chipsec Linux Kernel module is licensed under GPL 2.0 [CHIPSEC] API mode: using CHIPSEC kernel module API [!] Unknown PCH: VID = 0x1022, DID = 0x790E, RID = 0xFF; Using Default. [!] Results from this system may be incorrect. [CHIPSEC] Helper : LinuxHelper (/home/hughsie/Code/chipsec/chipsec/helper/linux/chipsec.ko) [CHIPSEC] Platform: Renoir Root Complex [CHIPSEC] VID: 1022 [CHIPSEC] DID: 1630 [CHIPSEC] RID: 00 [CHIPSEC] PCH : Default PCH [CHIPSEC] VID: FFFF [CHIPSEC] DID: FFFF [CHIPSEC] RID: FF [CHIPSEC] Executing command 'reg' with args ['read', 'SPICntrl0'] [CHIPSEC] SPICntrl0=0x4F041005 [*] SPICntrl0 = 0x4F041005 << SPI_Cntrl0. Reset: 0FC0_0000h. [18] SpiReadMode[0] = 1 << Read-write. Reset: 0. Bit[0] of SpiReadMode. See the definition of SpiReadMode[2:1] in this register. SpiReadMode = {SpiReadMode[2:1],SpiReadMode[0]}. [21] IllegalAccess = 0 << Read-only. Reset: 0. 0=Legal index mode access. 1=Illegal index mode access. [22] SpiAccessRomEn = 0 << Read,Write-0-only. Reset: 1. 0=Software cannot access MAC's portion of the ROM space (lower 512 KB). 1=Software can access MAC's portion of the ROM space. This is a clear-once protection bit. Once set, some SPI registers can't be written and discards a SPI request if it is an illegal request. [23] SpiHostAccessRomEn = 0 << Read,Write-0-only. Reset: 1. 0=MAC cannot access BIOS ROM space (upper 512 KB). 1=MAC can access BIOS ROM space. This is a clear-once protection bit. Once set, some SPI registers can't be written and discards a SPI request if it is an illegal request. [24] ArbWaitCount = 7 << Read-write. Reset: 7h. Specifies the amount of wait time the SPI controller asserts HOLD# before it should access the SPI ROM, under ROM sharing mode with the MAC. This time is to allow the MAC to sample HOLD#. [27] SpiBridgeDisable = 1 << Read-write. Reset: 1. Setting this bit disables the SPI bridge mode (SB acts as a SPI-LPC bridge to the MAC). [28] SpiClkGate = 0 << Read-write. Reset: 0. 1=Skip the 8th SPI clock at the end data when doing read. [29] SpiReadMode[2:1] = 2 << Read-write. Reset: 0h. Description: See Table 78 [SpiReadMode[2:0]]. NOTE: SPI modes supported are listed below, [31] SpiBusy = 0 << Read-only. Reset: 0. 0=SPI bus is idle. 1=SPI bus is busy. ################################################################ ## ## ## CHIPSEC: Platform Hardware Security Assessment Framework ## ## ## ################################################################ [CHIPSEC] Version : 1.8.1 [CHIPSEC] OS : Linux 5.16.7-200.fc35.x86_64 #1 SMP PREEMPT Sun Feb 6 19:53:54 UTC 2022 x86_64 [CHIPSEC] Python : 3.10.2 (64-bit) ****** Chipsec Linux Kernel module is licensed under GPL 2.0 [CHIPSEC] API mode: using CHIPSEC kernel module API [!] Unknown PCH: VID = 0x1022, DID = 0x790E, RID = 0xFF; Using Default. [!] Results from this system may be incorrect. [CHIPSEC] Helper : LinuxHelper (/home/hughsie/Code/chipsec/chipsec/helper/linux/chipsec.ko) [CHIPSEC] Platform: Renoir Root Complex [CHIPSEC] VID: 1022 [CHIPSEC] DID: 1630 [CHIPSEC] RID: 00 [CHIPSEC] PCH : Default PCH [CHIPSEC] VID: FFFF [CHIPSEC] DID: FFFF [CHIPSEC] RID: FF [CHIPSEC] Executing command 'reg' with args ['read', 'SPIRestrictedCmd'] [CHIPSEC] SPIRestrictedCmd=0x0 [*] SPIRestrictedCmd = 0x00000000 << SPI_RestrictedCmd. Reset: 0000_0000h. [00] RestrictedCmd0 = 0 << Reset: 00h. This defines a restricted command issued by the MAC which is checked by the SB. If the opcode issued by the MAC matches with this register and the address space is in the BIOS space, this controller simply ignores the command for the case of bridge mode. For peer mode, the SPI controller stalls the entire interface as an attempt to stop that transaction. Note when either SpiAccessRomEn and/or SpiHostAccessRomEn bit are cleared, these registers become read-only and cannot be changed any more. AccessType: (FCH::ITF::SPI::SPICntrl0[SpiAccessRomEn] && FCH::ITF::SPI::SPICntrl0[SpiHostAccessRomEn]) ? Read-write : Read-only. [08] RestrictedCmd1 = 0 << Reset: 00h. Same as RestrictedCmd0. AccessType: (FCH::ITF::SPI::SPICntrl0[SpiAccessRomEn] && FCH::ITF::SPI::SPICntrl0[SpiHostAccessRomEn]) ? Read-write : Read-only. [16] RestrictedCmd2 = 0 << Reset: 00h. Same as RestrictedCmd0. AccessType: (FCH::ITF::SPI::SPICntrl0[SpiAccessRomEn] && FCH::ITF::SPI::SPICntrl0[SpiHostAccessRomEn]) ? Read-write : Read-only. [24] RestrictedCmd3 = 0 << Reset: 00h. Same as RestrictedCmd0. AccessType: (FCH::ITF::SPI::SPICntrl0[SpiAccessRomEn] && FCH::ITF::SPI::SPICntrl0[SpiHostAccessRomEn]) ? Read-write : Read-only. ################################################################ ## ## ## CHIPSEC: Platform Hardware Security Assessment Framework ## ## ## ################################################################ [CHIPSEC] Version : 1.8.1 [CHIPSEC] OS : Linux 5.16.7-200.fc35.x86_64 #1 SMP PREEMPT Sun Feb 6 19:53:54 UTC 2022 x86_64 [CHIPSEC] Python : 3.10.2 (64-bit) ****** Chipsec Linux Kernel module is licensed under GPL 2.0 [CHIPSEC] API mode: using CHIPSEC kernel module API [!] Unknown PCH: VID = 0x1022, DID = 0x790E, RID = 0xFF; Using Default. [!] Results from this system may be incorrect. [CHIPSEC] Helper : LinuxHelper (/home/hughsie/Code/chipsec/chipsec/helper/linux/chipsec.ko) [CHIPSEC] Platform: Renoir Root Complex [CHIPSEC] VID: 1022 [CHIPSEC] DID: 1630 [CHIPSEC] RID: 00 [CHIPSEC] PCH : Default PCH [CHIPSEC] VID: FFFF [CHIPSEC] DID: FFFF [CHIPSEC] RID: FF [CHIPSEC] Executing command 'reg' with args ['read', 'SPIRestrictedCmd2'] [CHIPSEC] SPIRestrictedCmd2=0x601C700 [*] SPIRestrictedCmd2 = 0x0601C700 << SPI_RestrictedCmd2. Reset: 0000_0000h. [00] RestrictedCmd4 = 0 << Reset: 00h. Same as FCH::ITF::SPI::SPIRestrictedCmd[RestrictedCmd0]. AccessType: (FCH::ITF::SPI::SPICntrl0[SpiAccessRomEn] && FCH::ITF::SPI::SPICntrl0[SpiHostAccessRomEn]) ? Read-write : Read-only. [08] RestrictedCmdWoAddr0 = C7 << Reset: 00h. Same as FCH::ITF::SPI::SPIRestrictedCmd[RestrictedCmd0] except that this field defines a restricted command that does not have an address. AccessType: (FCH::ITF::SPI::SPICntrl0[SpiAccessRomEn] && FCH::ITF::SPI::SPICntrl0[SpiHostAccessRomEn]) ? Read-write : Read-only. [16] RestrictedCmdWoAddr1 = 1 << Reset: 00h. Same as [RestrictedCmdWoAddr0]. AccessType: (FCH::ITF::SPI::SPICntrl0[SpiAccessRomEn] && FCH::ITF::SPI::SPICntrl0[SpiHostAccessRomEn]) ? Read-write : Read-only. [24] RestrictedCmdWoAddr2 = 6 << Reset: 00h. Same as [RestrictedCmdWoAddr0]. AccessType: (FCH::ITF::SPI::SPICntrl0[SpiAccessRomEn] && FCH::ITF::SPI::SPICntrl0[SpiHostAccessRomEn]) ? Read-write : Read-only. ################################################################ ## ## ## CHIPSEC: Platform Hardware Security Assessment Framework ## ## ## ################################################################ [CHIPSEC] Version : 1.8.1 [CHIPSEC] OS : Linux 5.16.7-200.fc35.x86_64 #1 SMP PREEMPT Sun Feb 6 19:53:54 UTC 2022 x86_64 [CHIPSEC] Python : 3.10.2 (64-bit) ****** Chipsec Linux Kernel module is licensed under GPL 2.0 [CHIPSEC] API mode: using CHIPSEC kernel module API [!] Unknown PCH: VID = 0x1022, DID = 0x790E, RID = 0xFF; Using Default. [!] Results from this system may be incorrect. [CHIPSEC] Helper : LinuxHelper (/home/hughsie/Code/chipsec/chipsec/helper/linux/chipsec.ko) [CHIPSEC] Platform: Renoir Root Complex [CHIPSEC] VID: 1022 [CHIPSEC] DID: 1630 [CHIPSEC] RID: 00 [CHIPSEC] PCH : Default PCH [CHIPSEC] VID: FFFF [CHIPSEC] DID: FFFF [CHIPSEC] RID: FF [CHIPSEC] Executing command 'reg' with args ['read', 'AltSPICS'] [CHIPSEC] AltSPICS=0xB8 [*] AltSPICS = 0xB8 << Alt_SPI_CS. Reset: 00h. [00] AltSpiCsEn = 0 << Reset: 0h. These two bits select the alternate SPI_CS# for BIOS_ROM. AccessType: (FCH::ITF::SPI::SPICntrl0[SpiAccessRomEn] && FCH::ITF::SPI::SPICntrl0[SpiHostAccessRomEn]) ? Read-write : Read-only. [02] WriteBufferEn = 0 << Read-write. Reset: 0. 1=SPI bridge can take burst write from the host and transfer it to the SPI flash. SPI write performance enhancement. [03] SpiProtectEn0 = 1 << Reset: 0. 1=Enable SPI Read/Write protection ranges specified by FCH::ITF::LPC::RomProtect. AccessType: FCH::ITF::SPI::AltSPICS[SpiProtectLock] ? Read-only : Read-write. [04] SpiProtectEn1 = 1 << Reset: 0. 1=Enable SPI protection to prevent host from accessing IMC and USB3 space. AccessType: FCH::ITF::SPI::AltSPICS[SpiProtectLock] ? Read-only : Read-write. [05] SpiProtectLock = 1 << Read-write. Reset: 0. 1=Bits[3,4,5] are no longer writable. [07] SpiCsDlySel = 1 << Read-write. Reset: 0. 0=75 ns minimum SPI_CS# de-assertion time. 1=125 ns minimum SPI_CS# de-assertion time. # dmidecode 3.3 Getting SMBIOS data from sysfs. SMBIOS 3.2.0 present. Handle 0x000D, DMI type 0, 26 bytes BIOS Information Vendor: LENOVO Version: R1BET24W(0.24 ) Release Date: 03/13/2020 Address: 0xE0000 Runtime Size: 128 kB ROM Size: 32 MB Characteristics: PCI is supported PNP is supported BIOS is upgradeable BIOS shadowing is allowed Boot from CD is supported Selectable boot is supported EDD is supported 3.5"/720 kB floppy services are supported (int 13h) Print screen service is supported (int 5h) 8042 keyboard services are supported (int 9h) Serial services are supported (int 14h) Printer services are supported (int 17h) CGA/mono video services are supported (int 10h) ACPI is supported USB legacy is supported BIOS boot specification is supported Targeted content distribution is supported UEFI is supported BIOS Revision: 0.24 Firmware Revision: 0.24 Handle 0x000E, DMI type 1, 27 bytes System Information Manufacturer: LENOVO Product Name: GT4A1SIT19 Version: ThinkPad T14 Gen 1 Serial Number: PF1X9RJH UUID: cc2208cc-2ecd-11b2-a85c-fe1ff2f33456 Wake-up Type: Power Switch SKU Number: LENOVO_MT_GT4A_BU_Think_FM_ThinkPad T14 Gen 1 Family: ThinkPad T14 Gen 1 Handle 0x002B, DMI type 13, 22 bytes BIOS Language Information Language Description Format: Abbreviated Installable Languages: 6 en-US fr-FR ja-JP ko-KR zh-CHT zh-CHS Currently Installed Language: en-US Handle 0x0038, DMI type 15, 31 bytes System Event Log Area Length: 146 bytes Header Start Offset: 0x0000 Header Length: 16 bytes Data Start Offset: 0x0010 Access Method: General-purpose non-volatile data functions Access Address: 0x00F0 Status: Valid, Not Full Change Token: 0x00000008 Header Format: Type 1 Supported Log Type Descriptors: 4 Descriptor 1: POST error Data Format 1: POST results bitmap Descriptor 2: PCI system error Data Format 2: None Descriptor 3: System reconfigured Data Format 3: None Descriptor 4: Log area reset/cleared Data Format 4: None