It shouldn’t need to happen, but it did. I explain why I had to hack my BIOS, and why it may be relevant to your interests… without knowing before you read this.
After my recent experiences with upgrading to Ubuntu 13.04 (which were, as you can read, a miserable failure), I decided to make the most out of an unfair, unnecessary crisis, and enable the new whole-disk encryption feature that Canonical added to Ubuntu 12.10. One major version later, the feature is relatively unchanged, and has garnered high praise. It’s similar in implementation to the second-generation of FileVault in OS X and BitLocker in Windows 8.
Unfortunately, running “grep aes proc/cpuinfo” – I was surprised to find that AES-NI was absent from my Lenovo Y560p. It features an Intel Core i7-2630QM processor that, according to Intel’s ARK, supports AES-NI. That microcode-level feature is a technology that aides Ubuntu’s whole-disk encryption (as well as FileVault and BitLocker). Essentially, it allows the processor to process hundreds of megabytes worth of encrypted-bit data at a time, with a fraction of the CPU load. It gives tremendous amounts of performance boost, and that’s why everyone from Canonical, to Apple, to Microsoft employs the CPU-level feature.
At this point, my first suspicion was that Lenovo had disabled it in BIOS. I was half right. Intel threads show that early-release Sandy Bridge processors shipped with the feature disabled at a microcode level. A microcode update is available from Intel, but you can’t get it – the manufacturer of your system board/laptop has to incorporate it into a BIOS update.
Lenovo did offer the update to their ThinkPad customers, but despite continuing to offer BIOS updates for the IdeaPad Y560p, never incorporated this update. They kept patching motherboard bugs, but never rolled in the CPU microcode update. My guess is they figured anyone that cared, would pony up for a new laptop. Needless to say, I’m justifiably ticked off at Lenovo this week.
Thankfully, some enterprising BIOS hackers remain on the Internet, and haven’t given up their hacking skills for something more profitable. Within minutes, I found a thread chronicling the problem affecting my Y560p, and someone that had patched a BIOS version with the needed microcode. Even enabled Intel VT-d that Lenovo also failed to turn on.
There was a catch – someone on the thread had said it bricked their $900 laptop. I was concerned… my machine was out of warranty, and it’s very-legally-questionable as to if this qualified for an American Express Extended Warranty claim. But, I finally rolled the dice and flashed the update inside of Windows.
It succeeded. All I lost was a few bug fixes from later BIOS versions (the patched BIOS is old, after all). I’m betting the bricked laptop stemmed from someone flashing a Y560, not the intended Y560p. Hacked BIOS will typically not include the normal machine ID safety checks.
Most people today won’t benefit from hacked BIOS. At least, I hope you don’t. If you do, it’s because your manufacturer let you down. Hacked BIOS can fix other manufacturer evils, the most common I’ve seen is bypassing illegal/illegitimate PCIe / mini-PCIe card whitelists – a feature that forces you to pay $90 for a $9 Wi-Fi card replacement, typically.
Sadly, been there, done that one too… and no, there wasn’t a hacked BIOS for my ThinkPad Twist to remedy that woe. Gee, another Lenovo. Guess which manufacturer I’m less likely to buy from in the future?