summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvgeny Zinoviev <me@ch1p.com>2020-01-15 00:07:30 +0300
committerEvgeny Zinoviev <me@ch1p.com>2020-01-15 00:07:30 +0300
commit8748274dbeac8cf5dd3a7af27f4d9c3fc72232e7 (patch)
tree861c8e7951fc84af390804477bc797c93943389c
parent039793b3984f92e93c529580cd00dc7f9baed056 (diff)
fix anchors and titles
-rw-r--r--README.md6
1 files changed, 3 insertions, 3 deletions
diff --git a/README.md b/README.md
index 506f10b..47fd284 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ This document describes known methods of flashing BIOS on Lenovo ThinkPads witho
# Table of Contents
- [Ivy Bridge series (X230, T430, etc.)](#ivy-bridge-series-x230-t430-etc)
- - [Introduction](#ivybridge-series-x230-t430-etc)
+ - [Introduction](#ivy-bridge-series-x230-t430-etc)
- [Requirements](#requirements)
- [BIOS versions](#bios-versions)
- [Downgrading BIOS](#downgrading-bios)
@@ -20,7 +20,7 @@ This document describes known methods of flashing BIOS on Lenovo ThinkPads witho
- [HDA_SDO/GPIO33](#hda_sdogpio33)
- [Credits](#credits)
-# IvyBridge series (X230, T430, etc.)
+# Ivy Bridge series (X230, T430, etc.)
Old versions of stock BIOS for these models have several security issues. In context of this guide, two of them are of interest.
@@ -356,7 +356,7 @@ Researchers from PT Security discovered a special MKHI command called HMRFPO (Ho
It is possible to make flash descriptor writable for one boot by asserting HDA_SDO pin high on boot. It should be possible to flash unlocked descriptor while in this state, and that should open ability to flash ME afterwards. [See here for more info](#hda_sdogpio33).
-# SandyBridge series (X220, T420, etc.): WIP
+# Sandy Bridge series (X220, T420, etc.): WIP
S3 Boot Scripts are unprotected on these models too (even on the most recent BIOS versions), but it's not useful, because FLOCKDN and SPI protected ranges are set by **LenovoFlashProtectPei** UEFI module. It is trivial to patch it, but it resides in protected range, so it can only be flashed externally.
Currently there are no known methods to unlock PRs on these devices internally, but investigation is ongoing.