01-08-2018 05:05 AM
I know this isn't the newest model, but I just purchased it new (on offer) by mid 2015, so I just have it for a good 2 years!
I don't see it on the list of affected models, while it CLEARLY IS affected. Will we see a BIOS update to target the Spectre vulnerability? I have always taken Lenovo for giving good support for their hardware. Surely I will have to consider a different brand, if I cannot count on security updates for hardware just a little over 2 years old. (I'm taking suggestions as to which manufacturer is giving better support).
At least put all models affected on the list, and just admit that they will not receive an update. So at least we know what we can expect!
01-08-2018 06:10 AM - edited 01-08-2018 06:10 AM
The list is here:
However, it only lists affected models that will receive an update, or models that are not affected. It doesn't list models that are affected and which won't receive an update or for which the status is unknown. It would be nice if they would at least tell customers that some models are still being reviewed or won't receive an update at all.
01-08-2018 06:34 AM
01-16-2018 03:45 AM
Hi. The microcode exists, but it cannot be installed:
1) it is not possible to install a manipulated BIOS. The BIOS file needs a digital signature. Otherwise, it will not be accepted for installation.
2) Windows did offer microcode updates in the past. There are some workaround, but tests have shown that these workarounds are kicking in too late. Windows will not see the new microcode early enough, and will not activate Spectre mitigation.
So far, nothing new from Lenovo.
01-16-2018 04:13 AM
01-16-2018 05:28 AM
1) I know. Broadwell and Haswell CPUs have problems with current microcode, so it might not even be a good idea to update.
2) yes, I tried from DOS and Linux as well. It's not possible. The BIOS enforces the digital signature. The only way around it is to desolder the BIOS chip and use a EEPROM programmer to program a new BIOS into the chip.
3) This might work, but you would need to disable SecureBoot and other safety features of Windows. This is because the DLL is also digitally signed. And probably also the resources loaded by this DLL.
I hope Microsoft will change it's mind and start pushing out microcode updates with Windows again, like they did until mid 2015.
01-16-2018 06:30 AM
01-16-2018 07:56 AM
Hi, I doubt this tool is helpfull. Also, my laptop has Ivy Bridge, not Sandy Bridge. So a newer model.
No, I don't have a novo button, the novo button is also only there to enter BIOS. It doesn't help with flashing. The signature verification is done by the previous BIOS, so it won't allow to be overwritten with an unsigned version. I modified BIOS with an InsydeH2O BIOS editor.
01-17-2018 04:50 AM