Popular Posts

Pages

Sunday, December 16, 2018

Coreboot X220 guide

Please read the post Neuter Intel ME with me_cleaner which describes how to read and write BIOS chips with an SPI programmer - this will not be covered here. This guide is written for a Linux system.

Basic steps are
  1. Obtain a copy of Coreboot and submodules
  2. Build needed tools
  3. Create optional blobs
  4. Configure Coreboot and payload settings
  5. Make Coreboot image
  6. Flash image 
Things to note
  • Coreboot can apply me_cleaner automatically.
  • Coreboot will make Thinkpad Power Manager, and Hotkey Manager non-functional in Windows.
  • You will loose some features from Lenovo BIOS e.g. ATA/startup/BIOS passwords, enabling/disabling ports, advanced or unlocked BIOS options, Windows licenses.

Obtain Coreboot

Run the following code

git clone http://review.coreboot.org/coreboot.git ~/coreboot 
cd ~/coreboot 
git submodule update --init --recursive 

Build Tools

We now need to build ifdtool, gcc, and iasl needed to compile Coreboot binaries.

cd ~/coreboot/util/ifdtool 
make
cd ~/coreboot 
make crossgcc-i386

This will take a while. An example output log can be found at the bottom of the post.

Blobs

We will require some proprietary blobs from the Lenovo BIOS required to initialize proprietary Intel components in the chipset. We can do this using ifdtool.

First move the firmware that was read using the SPI programmer to the ifdtool directory ~/coreboot/util/ifdtool Then run

ifdtool -x original.bin # original.bin is the firmware you read from the motherboard

This will create these files in the current directory

flashregion_0_flashdescriptor.bin
flashregion_1_bios.bin
flashregion_2_intel_me.bin
flashregion_3_gbe.bin

We will then move these to the directory that coreboot will look in.

mkdir -p ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220
cd ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220
mv ~/flashregion_0_flashdescriptor.bin descriptor.bin
mv ~/flashregion_2_intel_me.bin me.bin
mv ~/flashregion_3_gbe.bin gbe.bin 

We will also require a VGA BIOS for graphics within the console and for Windows compatibility. If you only plan on running Linux this is optional as the kernel will take care of it. For this step we will need the orignal X220 BIOS from Lenovo and uefitool.

git clone https://github.com/LongSoft/UEFITool.git ~/coreboot/util/uefitool
make
cp [location of $01CB000.FL1 from extracted Lenovo firmware update] ~/coreboot/util/uefitool
uefitool $01CB000.FL1

Then do the following
  1. Open the search tool in uefitool, select Text mode, uncheck Unicode, and search for the string, "VGA Compatible BIOS". 
  2. Double click on the result. This will bring you to the section where this string is found. 
  3. Right click on the highlighted section and click "Extract Body".
  4. Save the file as vbios.bin in ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220
  5. Quit uefitool
We now have all the bits we need to compile Coreboot

Configure Coreboot

Run the following

cd ~/coreboot
make nconfig

This screen will allow us to configure Coreboot settings, drivers, payloads etc. Read the helpful setting description using the F2 key. I used the following settings. If the option is not shown below, it is not set or the default setting. Seabios is the recommended payload (program to boot an OS).

General
[*] Compress ramstage with LZMA
[*] Include the coreboot .config file into the ROM image
[*] Create a table of timestamps collected during boot

Mainboard
Mainboard vendor (Lenovo) --->
Mainboard model (ThinkPad X220) --->
ROM chip size (8192 KB (8 MB)) --->

Chipset
[*] Enable VMX for virtualization
[*] Set lock bit after configuring VMX
Include CPU microcode in CBFS (Generate from tree) --->
*** Northbridge ***
[*] Use native raminit
[*] Ignore vendor programmed fuses that limit max. DRAM frequency
*** Southbridge ***
[*] Lock down chipset in coreboot
*** Super I/O ***
*** Embedded Controllers ***
[*] Beep on fatal error
[*] Flash LEDs on fatal error
*** Intel Firmware ***
[*] Add Intel descriptor.bin file
(3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin) Path and
[*] Add Intel ME/TXE firmware
(3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin) Path to manageme
[*] Verify the integrity of the supplied ME/TXE firmware
[*] Strip down the Intel ME/TXE firmware
*** Please test the modified ME/TXE firmware and coreboot in
[*] Add gigabit ethernet firmware
(3rdparty/blobs/mainboard/$(MAINBOARDDIR)/gbe.bin) Path to gigabit

Devices
Graphics initialization (Run VGA Option ROMs)--->
[*] Re-run VGA Option ROMs on S3 resume
[*] Load Option ROMs on PCI devices
Option ROM execution type (Native mode)--->
Display--->
-*- Enable PCIe Common Clock
-*- Enable PCIe ASPM
[*] Enable PCIe Clock Power Management
[*] Enable PCIe ASPM L1 SubState
[*] Add a VGA BIOS image
(3rdparty/blobs/mainboard/lenovo/x220/vbios.bin) VGA BIOS path and f
(8086,0126) VGA device PCI IDs
[*] Add a Video Bios Table (VBT) binary to CBFS
(src/mainboard/$(MAINBOARDDIR)/data.vbt) VBT binary path and filen

Generic Drivers
[*] Support Intel PCI-e WiFi adapters
[*] PS/2 keyboard init  

Console 
[*] Use onboard VGA as primary video device  

System Tables
[*] Generate SMBIOS tables  

Payload
Add a payload (SeaBIOS)--->
SeaBIOS version (1.12.0)--->
(3000) PS/2 keyboard controller initialization timeout (millisecon
[*] Hardware init during option ROM execution
Payload compression algorithm (Use LZMA compression for payloads)
[*] Use LZMA compression for secondary payloads
Secondary Payloads--->
 [*] Load coreinfo as a secondary payload
[*] Load Memtest86+ as a secondary payload
[*] Load nvramcui as a secondary payload
[*] Load tint as a secondary payload
Memtest86+ version (Stable)--->

Save the config (F6) then Exit (F9). We can now compile Coreboot. Run

make

If all goes well we well you will see

Built lenovo/x220 (ThinkPad X220)

...and have a Coreboot image ~/coreboot/build/coreboot.rom

Flash the Image

Follow the instructions to flash coreboot.rom here, and hope that it works.

Congratulations!

You now have Coreboot on your system!

Log Dumps

Note - these logs are likely to be different to yours. Some steps are not shown.

[x220@x220 ifdtool]$ ifdtool -x original.bin
File original.bin is 8388608 bytes
Flash Region 0 (Flash Descriptor): 00000000 - 00000fff
Flash Region 1 (BIOS): 00500000 - 007fffff
Flash Region 2 (Intel ME): 00003000 - 004fffff
Flash Region 3 (GbE): 00001000 - 00002fff
Flash Region 4 (Platform Data): 00fff000 - 00000fff (unused)

[x220@x220 coreboot]$ make crossgcc-i386
fatal: not a git repository (or any of the parent directories): .git
Welcome to the coreboot cross toolchain builder v1.53 (August 16th, 2018)

Building toolchain using 4 thread(s).

Target architecture is i386-elf

WARNING
No compatible Ada compiler (GNAT) found. You can continue without
Ada support, but this will limit the features of coreboot (e.g.
native graphics initialization won't be available on most Intel
boards).

Usually, you can install GNAT with your package management system
(the package is called `gnat` or `gcc-ada`). It has to match the
`gcc` package in version. If there are multiple versions of GCC in-
stalled, you can point this script to the matching version through
the `CC` and `CXX` environment variables.

e.g. on Ubuntu 14.04, if `gcc` is `gcc-4.8`:
apt-get install gnat-4.8 && make crossgcc

on Ubuntu 16.04, if `gcc` is `gcc-5`:
apt-get install gnat-5 && make crossgcc

Press Ctrl-C to abort, Enter to continue... 13s
Downloading and verifing tarballs ...
* gmp-6.1.2.tar.xz (downloading from https://ftpmirror.gnu.org/gmp/gmp-6.1.2.tar.xz)... 100%... hash verified ("9dc6981197a7d92f339192eea974f5eca48fcffe")
* mpfr-3.1.5.tar.xz (downloading from https://ftpmirror.gnu.org/mpfr/mpfr-3.1.5.tar.xz)... 100%... hash verified ("c0fab77c6da4cb710c81cc04092fb9bea11a9403")
* mpc-1.0.3.tar.gz (downloading from https://ftpmirror.gnu.org/mpc/mpc-1.0.3.tar.gz)... 100%... hash verified ("b8be66396c726fdc36ebb0f692ed8a8cca3bcc66")
* binutils-2.30.tar.xz (downloading from https://ftpmirror.gnu.org/binutils/binutils-2.30.tar.xz)... 100%... hash verified ("574d3b5650413d6ee65195a4f5ecbddc3a38f718")
* gcc-8.1.0.tar.xz (downloading from https://ftpmirror.gnu.org/gcc/gcc-8.1.0/gcc-8.1.0.tar.xz)... 100%... hash verified ("b34031ba9ff3e248b2c62de0825e49a1e0e01998")
Downloaded tarballs ... ok
Unpacking and patching ...
* gmp-6.1.2.tar.xz
o gmp-6.1.2_freebsd-configure.patch
* mpfr-3.1.5.tar.xz
* mpc-1.0.3.tar.gz
* binutils-2.30.tar.xz
o binutils-2.30_mips-gold.patch
o binutils-2.30_nds32.patch
o binutils-2.30_no-bfd-doc.patch
* gcc-8.1.0.tar.xz
o gcc-8.1.0_ada-musl_workaround.patch
o gcc-8.1.0_armv6s-m.patch
o gcc-8.1.0_bsd.patch
o gcc-8.1.0_gnat.patch
o gcc-8.1.0_libgcc.patch
o gcc-8.1.0_nds32_ite.patch
Unpacked and patched ... ok
Building packages ...
Building GMP v6.1.2 for host ... ok
Building MPFR v3.1.5 for host ... ok
Building MPC v1.0.3 for host ... ok
Building BINUTILS v2.30 for target ... ok
Building GCC v8.1.0 for target ... ok
Packages built ... ok
Copied EDK2 tools template ... ok
Cleaning up temporary files... ok

You can now run i386-elf cross GCC from /home/x220/coreboot/util/crossgcc/xgcc.
fatal: not a git repository (or any of the parent directories): .git
Welcome to the coreboot cross toolchain builder v1.53 (August 16th, 2018)

Building toolchain using 4 thread(s).

Downloading and verifing tarballs ...
* acpica-unix2-20180810.tar.gz (downloading from https://acpica.org/sites/acpica/files/acpica-unix2-20180810.tar.gz)... 100%... hash verified ("b8e1a287557dda6f4b71c4172a7a9123b6ffaf2a")
Downloaded tarballs ... ok
Unpacking and patching ...
* acpica-unix2-20180810.tar.gz
o acpica-unix2-20180810_iasl.patch
Unpacked and patched ... ok
Building packages ...
Building IASL v20180810 for host ... ok
Packages built ... ok
Copied EDK2 tools template ... ok
Cleaning up temporary files... ok

You can now run IASL ACPI compiler from /home/x220/coreboot/util/crossgcc/xgcc.

[x220@x220 coreboot]$ make nconfig

[x220@x220 coreboot]$ make
GEN generated/bootblock.ld
CP bootblock/arch/x86/bootblock.ld
GEN build.h
CC bootblock/arch/x86/id.o
CC bootblock/lib/version.o
LINK cbfs/fallback/bootblock.debug
OBJCOPY cbfs/fallback/bootblock.elf
OBJCOPY bootblock.raw.elf
OBJCOPY bootblock.raw.bin
CC romstage/lib/version.o
LINK cbfs/fallback/romstage.debug
OBJCOPY cbfs/fallback/romstage.elf
CC ramstage/lib/version.o
CC smm/lib/version.o
OBJCOPY ramstage/cpu/x86/smm/smm.manual
CC generated/ramstage.o
CC cbfs/fallback/ramstage.debug
Checking out SeaBIOS revision a698c8995ffb2838296ec284fe3c4ad33dfca307
Switched to branch 'master'
Your branch is up to date with 'origin/master'.
Deleted branch coreboot (was a698c89).
Switched to a new branch 'coreboot'
CONFIG SeaBIOS a698c8995ffb2838296ec284fe3c4ad33dfca307
#
# configuration written to /home/x220/coreboot/payloads/external/SeaBIOS/seabios/.config
#
MAKE SeaBIOS a698c8995ffb2838296ec284fe3c4ad33dfca307
Build Kconfig config file
Compile checking out/src/misc.o
Compile checking out/src/stacks.o
Compile checking out/src/output.o
Compile checking out/src/string.o
Compile checking out/src/block.o
Compile checking out/src/cdrom.o
Compile checking out/src/disk.o
Compile checking out/src/mouse.o
Compile checking out/src/kbd.o
Compile checking out/src/system.o
Compile checking out/src/serial.o
Compile checking out/src/sercon.o
Compile checking out/src/clock.o
Compile checking out/src/resume.o
Compile checking out/src/pnpbios.o
Compile checking out/src/vgahooks.o
Compile checking out/src/pcibios.o
Compile checking out/src/apm.o
Compile checking out/src/cp437.o
Compile checking out/src/hw/pci.o
Compile checking out/src/hw/timer.o
Compile checking out/src/hw/rtc.o
Compile checking out/src/hw/dma.o
Compile checking out/src/hw/pic.o
Compile checking out/src/hw/ps2port.o
Compile checking out/src/hw/serialio.o
Compile checking out/src/hw/usb.o
Compile checking out/src/hw/usb-uhci.o
Compile checking out/src/hw/usb-ohci.o
Compile checking out/src/hw/usb-ehci.o
Compile checking out/src/hw/usb-hid.o
Compile checking out/src/hw/usb-msc.o
Compile checking out/src/hw/usb-uas.o
Compile checking out/src/hw/blockcmd.o
Compile checking out/src/hw/floppy.o
Compile checking out/src/hw/ata.o
Compile checking out/src/hw/ramdisk.o
Compile checking out/src/hw/lsi-scsi.o
Compile checking out/src/hw/esp-scsi.o
Compile checking out/src/hw/megasas.o
Compile checking out/src/hw/mpt-scsi.o
Compile checking out/src/post.o
Compile checking out/src/e820map.o
Compile checking out/src/malloc.o
Compile checking out/src/romfile.o
Compile checking out/src/x86.o
Compile checking out/src/optionroms.o
Compile checking out/src/pmm.o
Compile checking out/src/font.o
Compile checking out/src/boot.o
Compile checking out/src/bootsplash.o
Compile checking out/src/jpeg.o
Compile checking out/src/bmp.o
Compile checking out/src/tcgbios.o
Compile checking out/src/sha1.o
Compile checking out/src/hw/pcidevice.o
Compile checking out/src/hw/ahci.o
Compile checking out/src/hw/pvscsi.o
Compile checking out/src/hw/usb-xhci.o
Compile checking out/src/hw/usb-hub.o
Compile checking out/src/hw/sdcard.o
Compile checking out/src/fw/coreboot.o
Compile checking out/src/fw/lzmadecode.o
Compile checking out/src/fw/multiboot.o
Compile checking out/src/fw/csm.o
Compile checking out/src/fw/biostables.o
Compile checking out/src/fw/paravirt.o
Compile checking out/src/fw/shadow.o
Compile checking out/src/fw/pciinit.o
Compile checking out/src/fw/smm.o
Compile checking out/src/fw/smp.o
Compile checking out/src/fw/mtrr.o
Compile checking out/src/fw/xen.o
Compile checking out/src/fw/acpi.o
Compile checking out/src/fw/mptable.o
Compile checking out/src/fw/pirtable.o
Compile checking out/src/fw/smbios.o
Compile checking out/src/fw/romfile_loader.o
Compile checking out/src/hw/virtio-ring.o
Compile checking out/src/hw/virtio-pci.o
Compile checking out/src/hw/virtio-blk.o
Compile checking out/src/hw/virtio-scsi.o
Compile checking out/src/hw/tpm_drivers.o
Compile checking out/src/hw/nvme.o
Compiling whole program out/ccode32flat.o
Compiling whole program out/code32seg.o
Compiling whole program out/ccode16.o
Compiling (16bit) out/romlayout.o
Building ld scripts
Version: rel-1.12.0-0-ga698c89
Fixed space: 0xe05b-0x10000 total: 8101 slack: 14 Percent slack: 0.2%
16bit size: 35840
32bit segmented size: 1699
32bit flat size: 31373
32bit flat init size: 51680
Lowmem size: 2240
f-segment var size: 1392
Linking out/rom16.o
Stripping out/rom16.strip.o
Linking out/rom32seg.o
Stripping out/rom32seg.strip.o
Linking out/rom.o
Prepping out/bios.bin.prep
Total size: 127712 Fixed: 70304 Free: 3360 (used 97.4% of 128KiB rom)
Creating out/bios.bin.elf
Compile checking out/vgasrc/vgainit.o
Compile checking out/vgasrc/vgabios.o
Compile checking out/vgasrc/vgafb.o
Compile checking out/vgasrc/swcursor.o
Compile checking out/vgasrc/vgafonts.o
Compile checking out/vgasrc/vbe.o
Compile checking out/vgasrc/stdvga.o
Compile checking out/vgasrc/stdvgamodes.o
Compile checking out/vgasrc/stdvgaio.o
Compile checking out/vgasrc/clext.o
Compile checking out/vgasrc/bochsvga.o
Compile checking out/vgasrc/geodevga.o
Compile checking out/vgasrc/cbvga.o
Compile checking out/vgasrc/bochsdisplay.o
Compile checking out/vgasrc/ramfb.o
Compiling whole program out/vgaccode16.raw.s
Fixup VGA rom assembler
Compiling (16bit) out/vgaentry.o
Linking out/vgarom.o
Version: rel-1.12.0-0-ga698c89
Extracting binary out/vgabios.bin.raw
Finalizing rom out/vgabios.bin
CREATE build/mainboard/lenovo/x220/cbfs-file.54sf79.out (from /home/x220/coreboot/.config)
MICROCODE cpu_microcode_blob.bin
3rdparty/blobs/cpu/intel/model_206ax/microcode.bin 3rdparty/blobs/cpu/intel/model_306ax/microcode.bin
OPTION cmos_layout.bin
CC postcar/mainboard/lenovo/x220/static.o
CC postcar/arch/x86/acpi_s3.o
CC postcar/arch/x86/boot.o
CC postcar/arch/x86/cbfs_and_run.o
CC postcar/arch/x86/cbmem.o
CC postcar/arch/x86/cf9_reset.o
CC postcar/arch/x86/cpu_common.o
CC postcar/arch/x86/exit_car.o
CC postcar/arch/x86/gdt_init.o
CC postcar/arch/x86/memcpy.o
CP postcar/arch/x86/memlayout.ld
CC postcar/arch/x86/memmove.o
CC postcar/arch/x86/memset.o
CC postcar/arch/x86/mmap_boot.o
CC postcar/arch/x86/postcar.o
CC postcar/arch/x86/timestamp.o
CC postcar/commonlib/cbfs.o
CC postcar/commonlib/iobuf.o
CC postcar/commonlib/lz4_wrapper.o
CC postcar/commonlib/mem_pool.o
CC postcar/commonlib/region.o
CC postcar/console/console.o
CC postcar/console/die.o
CC postcar/console/init.o
CC postcar/console/post.o
CC postcar/console/printk.o
CC postcar/console/vsprintf.o
CC postcar/console/vtxprintf.o
CC postcar/cpu/intel/car/non-evict/exit_car.o
CC postcar/cpu/intel/model_206ax/stage_cache.o
CC postcar/cpu/x86/lapic/boot_cpu.o
CC postcar/cpu/x86/mtrr/debug.o
CC postcar/cpu/x86/pae/pgtbl.o
CC postcar/cpu/x86/tsc/delay_tsc.o
CC postcar/device/device_const.o
CC postcar/drivers/pc80/rtc/mc146818rtc.o
CC postcar/drivers/pc80/tpm/tis.o
CC postcar/drivers/spi/adesto.o
CC postcar/drivers/spi/amic.o
CC postcar/drivers/spi/atmel.o
CC postcar/drivers/spi/bitbang.o
CC postcar/drivers/spi/eon.o
CC postcar/drivers/spi/gigadevice.o
CC postcar/drivers/spi/macronix.o
CC postcar/drivers/spi/spansion.o
CC postcar/drivers/spi/spi-generic.o
CC postcar/drivers/spi/spi_flash.o
CC postcar/drivers/spi/sst.o
CC postcar/drivers/spi/stmicro.o
CC postcar/drivers/spi/winbond.o
CC postcar/lib/boot_device.o
CC postcar/lib/bootmode.o
CC postcar/lib/cbfs.o
CC postcar/lib/cbmem_common.o
CC postcar/lib/cbmem_console.o
CC postcar/lib/delay.o
CC postcar/lib/ext_stage_cache.o
CC postcar/lib/fmap.o
CC postcar/lib/gcc.o
CC postcar/lib/halt.o
CC postcar/lib/imd.o
CC postcar/lib/imd_cbmem.o
CC postcar/lib/libgcc.o
CC postcar/lib/lzma.o
CC postcar/lib/lzmadecode.o
CC postcar/lib/memchr.o
CC postcar/lib/memcmp.o
CC postcar/lib/prog_loaders.o
CC postcar/lib/prog_ops.o
CP postcar/lib/program.ld
CC postcar/lib/reset.o
CC postcar/lib/rmodule.o
CC postcar/lib/romstage_handoff.o
CC postcar/lib/timestamp.o
CC postcar/lib/version.o
CC postcar/northbridge/intel/sandybridge/ram_calc.o
CC postcar/southbridge/intel/common/pmbase.o
CC postcar/southbridge/intel/common/reset.o
CC postcar/southbridge/intel/common/rtc.o
CC postcar/southbridge/intel/common/spi.o
LINK cbfs/fallback/postcar.debug
IASL build/dsdt.aml

Intel ACPI Component Architecture
ASL+ Optimizing Compiler/Disassembler version 20180810
Copyright (c) 2000 - 2018 Intel Corporation

coreboot toolchain v1.53 August 16th, 2018
dsdt.aml 2122: Method(BINF, 2, NotSerialized)
Remark 2120 - ^ Control Method should be made Serialized (due to creation of named objects within)

dsdt.aml 2640: Method (MLCG, 1)
Remark 2146 - ^ Method Argument is never used (Arg0)

dsdt.aml 2676: Method (WAKE, 1)
Remark 2146 - ^ Method Argument is never used (Arg0)

ASL Input: dsdt.aml - 2897 lines, 49097 bytes, 1300 keywords
AML Output: dsdt.aml - 13778 bytes, 539 named objects, 761 executable opcodes

Compilation complete. 0 Errors, 0 Warnings, 3 Remarks, 349 Optimizations, 1 Constants Folded
IASL build/dsdt.aml disassembled correctly.
HOSTCC cbfstool/cbfstool.o
HOSTCC cbfstool/cbfs_image.o
HOSTCC cbfstool/cbfs-mkstage.o
HOSTCC cbfstool/cbfs-mkpayload.o
HOSTCC cbfstool/fit.o
HOSTCC cbfstool/partitioned_file.o
HOSTCC cbfstool/cbfs.o
HOSTCC cbfstool/fsp_relocate.o
HOSTCC cbfstool/mem_pool.o
HOSTCC cbfstool/region.o
HOSTCC cbfstool/2sha_utility.o
HOSTCC cbfstool/2sha1.o
HOSTCC cbfstool/2sha256.o
HOSTCC cbfstool/2sha512.o
HOSTCC cbfstool/linux_trampoline.o
HOSTCC cbfstool/cbfs-payload-linux.o
HOSTCC cbfstool/compress.o
HOSTCC cbfstool/lz4.o
HOSTCC cbfstool/lz4hc.o
HOSTCC cbfstool/lz4frame.o
HOSTCC cbfstool/xxhash.o
HOSTCC cbfstool/lz4_wrapper.o
HOSTCC cbfstool/lzma.o
HOSTCC cbfstool/LzFind.o
HOSTCC cbfstool/LzmaDec.o
HOSTCC cbfstool/LzmaEnc.o
HOSTCC cbfstool/cbfstool (link)
Created CBFS (capacity = 917464 bytes)
CBFS fallback/romstage
CBFS cpu_microcode_blob.bin
CBFS fallback/ramstage
CBFS vgaroms/seavgabios.bin
CBFS config
CBFS revision
CBFS cmos_layout.bin
CBFS fallback/postcar
CBFS fallback/dsdt.aml
CBFS fallback/payload
CBFS payload_config
CBFS payload_revision
Compile IFDTOOL
DD Adding Intel Firmware Descriptor
IFDTOOL me.bin -> coreboot.pre
File build/coreboot.pre is 8388608 bytes
File 3rdparty/blobs/mainboard/lenovo/x220/me.bin is 5230592 bytes
Adding 3rdparty/blobs/mainboard/lenovo/x220/me.bin as the Intel ME section of build/coreboot.pre
Writing new image to build/coreboot.pre.new
IFDTOOL gbe.bin -> coreboot.pre
File build/coreboot.pre is 8388608 bytes
File 3rdparty/blobs/mainboard/lenovo/x220/gbe.bin is 8192 bytes
Adding 3rdparty/blobs/mainboard/lenovo/x220/gbe.bin as the GbE section of build/coreboot.pre
Writing new image to build/coreboot.pre.new
IFDTOOL Unlocking Management Engine
File build/coreboot.pre is 8388608 bytes
Writing new image to build/coreboot.pre.new
CBFS coreboot.rom
SeaBIOS Wait up to 3000 ms for PS/2 keyboard controller initialization
CBFSLAYOUT coreboot.rom

This image contains the following sections that can be manipulated with this tool:

'RW_MRC_CACHE' (size 65536, offset 7405568)
'COREBOOT' (CBFS, size 917504, offset 7471104)

It is possible to perform either the write action or the CBFS add/remove actions on every section listed above.
To see the image's read-only sections as well, rerun with the -w option.
CBFSPRINT coreboot.rom

FMAP REGION: COREBOOT
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 78276 none
cpu_microcode_blob.bin 0x132c0 microcode 25600 none
fallback/ramstage 0x19740 stage 101433 none
vgaroms/seavgabios.bin 0x323c0 raw 27648 none
config 0x39040 raw 425 none
revision 0x39240 raw 570 none
cmos_layout.bin 0x394c0 cmos_layout 1816 none
fallback/postcar 0x39c40 stage 15264 none
fallback/dsdt.aml 0x3d840 raw 13778 none
fallback/payload 0x40e80 simple elf 67325 none
payload_config 0x515c0 raw 1700 none
payload_revision 0x51cc0 raw 236 none
etc/ps2-keyboard-spinup 0x51e00 raw 8 none
(empty) 0x51e40 null 579992 none
bootblock 0xdf800 bootblock 1968 none
HOSTCC cbfstool/ifwitool.o
HOSTCC cbfstool/ifwitool (link)

Built lenovo/x220 (ThinkPad X220)

[x220@x220 ~]
$ sudo flashrom -w build/coreboot.rom -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"


Thursday, December 13, 2018

Neuter Intel ME with me_cleaner

Thanks to the work by the me_cleaner team!

Basic steps are
  1. Obtain a copy of me_cleaner from Github
  2. Install python, if not already installed
  3. Dump BIOS firmware with SPI flash reader
  4. Clean the image with the command python me_cleaner.py -S -O modified_image.bin original_dump.bin
  5. Flash modified image
  6. Check status of Intel ME with MEInfoWin.exe in Windows or intelmetool in Linux

Obtaining a Copy of me_cleaner

Run git clone https://github.com/corna/me_cleaner.git [desired location]
Alternatively download straight from the project page


Dump BIOS

For this you will require
  • Some SPI programmer with drivers - I used a $3 CH341a USB-SPI programmer
  • A SOIC-8/SOP-8 test clip 
  • Some jumper cables to connect the clip to the programmer
  • Flashrom installed
  • Some patience
Assuming you have the above we can then connected the programmer to the BIOS chip.
  1. Disconnect the battery and AC from the laptop
  2. Locate the BIOS chip on the motherboard directly right of the Expresscard cover
  3. Connect the chip to the programmer as per below
  4. For Linux run sudo flashrom -r original.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"For Windows follow the GUI
    An example output is shown at the bottom of the post
  5. Run again and make sure MD5 hashes match
Notes
You may need to change the chip model depending on your motherboard
If flashrom says it cannot detect any chips, check your wiring and clip connection


Clean the Image 

Run the command python me_cleaner.py -S -O modified_image.bin original_dump.bin

An example output is shown at the bottom of the post

-O specifies output filename
-S neuters the Intel ME firmware and sets the High Assurance Program (HAP) bit
-s leaves the firmware intact but sets the HAP bit
Read the readme for more details

Flash Modified Image

For Linux run sudo flashrom -w modified_image.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"For Windows follow the GUI

An example output is shown at the bottom of the post

With luck flashrom will say "VERIFIED" meaning that the firmware was flashed successfully.

Check Status of Intel ME

For Linux
  1. Install intelmetool
  2. Add iomem=relaxed to kernel commandline to /etc/default/grub
  3. Rebuild grub using sudo update-grub  
  4. Reboot
  5. Run sudo rmmod mei_me; sudo rmmod mei; sudo intelmetool -S
  6. Check what the output means here
For Window
  1. Obtain MEInfoWin.exe tool via Intel ME firmware update extracted files
  2. Run MEInfoWin.exe with admin privileges

Congratulations!

Now your system is mostly free of Intel ME!

Log Dumps

[arch@x220b me_cleaner-master]$ sudo flashrom -r original.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"
flashrom v1.0 on Linux 4.18.9-arch1-1-ARCH (x86_64)
flashrom is free software, get the source code at https://flashrom.org

flashrom was built with libpci 3.5.6, GCC 7.2.1 20171224, little endian
Command line (7 args): flashrom -r original.bin -V -p ch341a_spi -c MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Initializing ch341a_spi programmer
Device revision is 3.0.4
The following protocols are supported: SPI.
Probing for Macronix MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E, 8192 kB: probe_spi_rdid_generic: id1 0xc2, id2 0x2017
Found Macronix flash chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E" (8192 kB, SPI) on ch341a_spi.
Chip status register is 0x00.
Chip status register: Status Register Write Disable (SRWD, SRP, ...) is not set
Chip status register: Bit 6 is not set
Chip status register: Block Protect 3 (BP3) is not set
Chip status register: Block Protect 2 (BP2) is not set
Chip status register: Block Protect 1 (BP1) is not set
Chip status register: Block Protect 0 (BP0) is not set
Chip status register: Write Enable Latch (WEL) is not set
Chip status register: Write In Progress (WIP/BUSY) is not set
This chip may contain one-time programmable memory. flashrom cannot read
and may never be able to write it, hence it may not be able to completely
clone the contents of this chip (see man page for details).
Reading flash... done.


[arch@x220b me_cleaner-master]$ sudo flashrom -r original1.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"
flashrom v1.0 on Linux 4.18.9-arch1-1-ARCH (x86_64)
flashrom is free software, get the source code at https://flashrom.org

flashrom was built with libpci 3.5.6, GCC 7.2.1 20171224, little endian
Command line (7 args): flashrom -r original1.bin -V -p ch341a_spi -c MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Initializing ch341a_spi programmer
Device revision is 3.0.4
The following protocols are supported: SPI.
Probing for Macronix MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E, 8192 kB: probe_spi_rdid_generic: id1 0xc2, id2 0x2017
Found Macronix flash chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E" (8192 kB, SPI) on ch341a_spi.
Chip status register is 0x00.
Chip status register: Status Register Write Disable (SRWD, SRP, ...) is not set
Chip status register: Bit 6 is not set
Chip status register: Block Protect 3 (BP3) is not set
Chip status register: Block Protect 2 (BP2) is not set
Chip status register: Block Protect 1 (BP1) is not set
Chip status register: Block Protect 0 (BP0) is not set
Chip status register: Write Enable Latch (WEL) is not set
Chip status register: Write In Progress (WIP/BUSY) is not set
This chip may contain one-time programmable memory. flashrom cannot read
and may never be able to write it, hence it may not be able to completely
clone the contents of this chip (see man page for details).
Reading flash... done.



[arch@x220b me_cleaner-master]$ md5sum original.bin original1.bin
d039e30faa8411fae705df2701cabbc5  original.bin
d039e30faa8411fae705df2701cabbc5  original1.bin


[arch@x220b me_cleaner-master]$ python me_cleaner.py original.bin -O mecleaned.bin -S
Full image detected
Found FPT header at 0x3010
Found 19 partition(s)
Found FTPR header: FTPR partition spans from 0xcc000 to 0x142000
ME/TXE firmware version 7.1.91.3272 (generation 2)
Public key match: Intel ME, firmware versions 7.x.x.x, 8.x.x.x
The AltMeDisable bit is NOT SET
Reading partitions list...
 FOVD (0x00000400 - 0x000001000, 0x00000c00 total bytes): removed
 MDES (0x00001000 - 0x000002000, 0x00001000 total bytes): removed
 FCRS (0x00002000 - 0x000003000, 0x00001000 total bytes): removed
 EFFS (0x00003000 - 0x0000c7000, 0x000c4000 total bytes): removed
 BIAL (NVRAM partition, no data, 0x0000adce total bytes): nothing to remove
 BIEL (NVRAM partition, no data, 0x00003000 total bytes): nothing to remove
 BIIS (NVRAM partition, no data, 0x00036000 total bytes): nothing to remove
 NVCL (NVRAM partition, no data, 0x000095d9 total bytes): nothing to remove
 NVCM (NVRAM partition, no data, 0x000036fc total bytes): nothing to remove
 NVJC (NVRAM partition, no data, 0x00005000 total bytes): nothing to remove
 NVKR (NVRAM partition, no data, 0x0000f650 total bytes): nothing to remove
 NVOS (NVRAM partition, no data, 0x00035c3c total bytes): nothing to remove
 NVQS (NVRAM partition, no data, 0x00000def total bytes): nothing to remove
 NVSH (NVRAM partition, no data, 0x000056b7 total bytes): nothing to remove
 NVTD (NVRAM partition, no data, 0x00001e44 total bytes): nothing to remove
 PLDM (NVRAM partition, no data, 0x0000a000 total bytes): nothing to remove
 GLUT (0x000c7000 - 0x0000cc000, 0x00005000 total bytes): removed
 FTPR (0x000cc000 - 0x000142000, 0x00076000 total bytes): NOT removed
 NFTP (0x00142000 - 0x0004fd000, 0x003bb000 total bytes): removed
Removing partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0xed)...
Reading FTPR modules list...
 UPDATE           (LZMA   , 0x110a5a - 0x110aec       ): removed
 BUP              (Huffman, fragmented data, ~48 KiB  ): NOT removed, essential
 KERNEL           (Huffman, fragmented data, ~122 KiB ): removed
 POLICY           (Huffman, fragmented data, ~86 KiB  ): removed
 HOSTCOMM         (LZMA   , 0x110aec - 0x116082       ): removed
 RSA              (LZMA   , 0x116082 - 0x11ab3f       ): removed
 CLS              (LZMA   , 0x11ab3f - 0x11f551       ): removed
 TDT              (LZMA   , 0x11f551 - 0x1256fc       ): removed
 FTCS             (Huffman, fragmented data, ~15 KiB  ): removed
The ME minimum size should be 921600 bytes (0xe1000 bytes)
The ME region can be reduced up to:
 00003000:000e3fff me
Setting the AltMeDisable bit in PCHSTRP10 to disable Intel ME...
Checking the FTPR RSA signature... VALID
Done! Good luck!


[arch@x220b me_cleaner-master]$ sudo flashrom -w mecleaned.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"   
flashrom v1.0 on Linux 4.18.9-arch1-1-ARCH (x86_64)
flashrom is free software, get the source code at https://flashrom.org
flashrom was built with libpci 3.5.6, GCC 7.2.1 20171224, little endian
Command line (7 args): flashrom -w mecleaned.bin -V -p ch341a_spi -c MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Initializing ch341a_spi programmer
Device revision is 3.0.4
The following protocols are supported: SPI.
Probing for Macronix MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E, 8192 kB: probe_spi_rdid_generic: id1 0xc2, id2 0x2017
Found Macronix flash chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E" (8192 kB, SPI) on ch341a_spi.
Chip status register is 0x00.
Chip status register: Status Register Write Disable (SRWD, SRP, ...) is not set
Chip status register: Bit 6 is not set
Chip status register: Block Protect 3 (BP3) is not set
Chip status register: Block Protect 2 (BP2) is not set
Chip status register: Block Protect 1 (BP1) is not set
Chip status register: Block Protect 0 (BP0) is not set
Chip status register: Write Enable Latch (WEL) is not set
Chip status register: Write In Progress (WIP/BUSY) is not set
This chip may contain one-time programmable memory. flashrom cannot read
and may never be able to write it, hence it may not be able to completely
clone the contents of this chip (see man page for details).
Reading old flash chip contents... done.
Erasing and writing flash chip... Trying erase function 0... Erase/write done.
Verifying flash... VERIFIED. 


[arch@x220b ~]$ sudo intelmetool -S
Bad news, you have a `QM67 Express Chipset Family LPC Controller` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0xfed1c000
MEI was hidden on PCI, now unlocked
MEI found: [8086:1c3a] 6 Series/C200 Series Chipset Family MEI Controller #1

ME Status   : 0x20191
ME Status 2 : 0x160a0000

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Debug
ME: Error Code              : No Error
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : Check to see if straps say ME DISABLED

PCI READ [bc] : 0x000000bc
ME: Extend SHA-256: ...

ME seems okay on this board
ME: failed to become ready
WRITE    [00] : CB: 0x80040007
WRITE    [00] : CB: 0x000002ff
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
WRITE    [00] : CB: 0x80080007
WRITE    [00] : CB: 0x00000203
WRITE    [00] : CB: 0x00000000
ME: failed to become ready
ME: GET FWCAPS message failed
Re-hiding MEI device...done, exiting

lspci dump

pasoconX220-LM ~ $ sudo lspci -vv
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor Family DRAM Controller (rev 09)
    Subsystem: Lenovo 2nd Generation Core Processor Family DRAM Controller
    Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ >SERR- <PERR- INTx-
    Latency: 0
    Capabilities: [e0] Vendor Specific Information: Len=0c <?>

00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09) (prog-if 00 [VGA controller])
    Subsystem: Lenovo 2nd Generation Core Processor Family Integrated Graphics Controller
    Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
    Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0
    Interrupt: pin A routed to IRQ 27
    Region 0: Memory at e0000000 (64-bit, non-prefetchable) [size=4M]
    Region 2: Memory at c0000000 (64-bit, prefetchable) [size=512M]
    Region 4: I/O ports at 6000 [size=64]
    [virtual] Expansion ROM at 000c0000 [disabled] [size=128K]
    Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit-
        Address: fee00018  Data: 0000
    Capabilities: [d0] Power Management version 2
        Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
    Capabilities: [a4] PCI Advanced Features
        AFCap: TP+ FLR+
        AFCtrl: FLR-
        AFStatus: TP-
    Kernel driver in use: i915
    Kernel modules: i915

00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 (rev 04)
    Subsystem: Lenovo 6 Series/C200 Series Chipset Family MEI Controller
    Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0
    Interrupt: pin A routed to IRQ 29
    Region 0: Memory at e2525000 (64-bit, non-prefetchable) [size=16]
    Capabilities: [50] Power Management version 3
        Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
    Capabilities: [8c] MSI: Enable+ Count=1/1 Maskable- 64bit+
        Address: 00000000fee002d8  Data: 0000
    Kernel driver in use: mei_me
    Kernel modules: mei_me

00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection (rev 04)
    Subsystem: Lenovo 82579LM Gigabit Network Connection
    Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0
    Interrupt: pin A routed to IRQ 28
    Region 0: Memory at e2500000 (32-bit, non-prefetchable) [size=128K]
    Region 1: Memory at e252b000 (32-bit, non-prefetchable) [size=4K]
    Region 2: I/O ports at 6080 [size=32]
    Capabilities: [c8] Power Management version 2
        Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=1 PME-
    Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
        Address: 00000000fee002b8  Data: 0000
    Capabilities: [e0] PCI Advanced Features
        AFCap: TP+ FLR+
        AFCtrl: FLR-
        AFStatus: TP-
    Kernel driver in use: e1000e
    Kernel modules: e1000e

00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 04) (prog-if 20 [EHCI])
    Subsystem: Lenovo 6 Series/C200 Series Chipset Family USB Enhanced Host Controller
    Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0
    Interrupt: pin A routed to IRQ 16
    Region 0: Memory at e252a000 (32-bit, non-prefetchable) [size=1K]
    Capabilities: [50] Power Management version 2
        Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
    Capabilities: [58] Debug port: BAR=1 offset=00a0
    Capabilities: [98] PCI Advanced Features
        AFCap: TP+ FLR+
        AFCtrl: FLR-
        AFStatus: TP-
    Kernel driver in use: ehci-pci

00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller (rev 04)
    Subsystem: Lenovo 6 Series/C200 Series Chipset Family High Definition Audio Controller
    Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0, Cache Line Size: 64 bytes
    Interrupt: pin A routed to IRQ 30
    Region 0: Memory at e2520000 (64-bit, non-prefetchable) [size=16K]
    Capabilities: [50] Power Management version 2
        Flags: PMEClk- DSI- D1- D2- AuxCurrent=55mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
    Capabilities: [60] MSI: Enable+ Count=1/1 Maskable- 64bit+
        Address: 00000000fee00318  Data: 0000
    Capabilities: [70] Express (v1) Root Complex Integrated Endpoint, MSI 00
        DevCap:    MaxPayload 128 bytes, PhantFunc 0
            ExtTag- RBE-
        DevCtl:    Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
            RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
            MaxPayload 128 bytes, MaxReadReq 128 bytes
        DevSta:    CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr+ TransPend-
    Capabilities: [100 v1] Virtual Channel
        Caps:    LPEVC=0 RefClk=100ns PATEntryBits=1
        Arb:    Fixed- WRR32- WRR64- WRR128-
        Ctrl:    ArbSelect=Fixed
        Status:    InProgress-
        VC0:    Caps:    PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
            Arb:    Fixed- WRR32- WRR64- WRR128- TWRR128- WRR256-
            Ctrl:    Enable+ ID=0 ArbSelect=Fixed TC/VC=01
            Status:    NegoPending- InProgress-
        VC1:    Caps:    PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
            Arb:    Fixed- WRR32- WRR64- WRR128- TWRR128- WRR256-
            Ctrl:    Enable+ ID=1 ArbSelect=Fixed TC/VC=22
            Status:    NegoPending- InProgress-
    Capabilities: [130 v1] Root Complex Link
        Desc:    PortNumber=0f ComponentID=00 EltType=Config
        Link0:    Desc:    TargetPort=00 TargetComponent=00 AssocRCRB- LinkType=MemMapped LinkValid+
            Addr:    00000000fed1c000
    Kernel driver in use: snd_hda_intel
    Kernel modules: snd_hda_intel

00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 (rev b4) (prog-if 00 [Normal decode])
    Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Interrupt: pin A routed to IRQ 16
    Bus: primary=00, secondary=02, subordinate=02, sec-latency=0
    I/O behind bridge: 00002000-00002fff
    Memory behind bridge: bfa00000-bfbfffff
    Prefetchable memory behind bridge: 00000000bfc00000-00000000bfdfffff
    Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
    BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
        PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
    Capabilities: [40] Express (v2) Root Port (Slot+), MSI 00
        DevCap:    MaxPayload 128 bytes, PhantFunc 0
            ExtTag- RBE+
        DevCtl:    Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
            RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
            MaxPayload 128 bytes, MaxReadReq 128 bytes
        DevSta:    CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr+ TransPend-
        LnkCap:    Port #1, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <4us
            ClockPM- Surprise- LLActRep+ BwNot- ASPMOptComp-
        LnkCtl:    ASPM L0s L1 Enabled; RCB 64 bytes Disabled- CommClk-
            ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
        LnkSta:    Speed 2.5GT/s, Width x0, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
        SltCap:    AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+
            Slot #0, PowerLimit 0.000W; Interlock- NoCompl+
        SltCtl:    Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
            Control: AttnInd Unknown, PwrInd Unknown, Power- Interlock-
        SltSta:    Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet- Interlock-
            Changed: MRL- PresDet- LinkState-
        RootCtl: ErrCorrectable- ErrNon-Fatal- ErrFatal- PMEIntEna- CRSVisible-
        RootCap: CRSVisible-
        RootSta: PME ReqID 0000, PMEStatus- PMEPending-
        DevCap2: Completion Timeout: Range BC, TimeoutDis+, LTR-, OBFF Not Supported ARIFwd-
        DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
        LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
             Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
             Compliance De-emphasis: -6dB
        LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete-, EqualizationPhase1-
             EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
    Capabilities: [80] MSI: Enable- Count=1/1 Maskable- 64bit-
        Address: 00000000  Data: 0000
    Capabilities: [90] Subsystem: Lenovo 6 Series/C200 Series Chipset Family PCI Express Root Port 1
    Capabilities: [a0] Power Management version 2
        Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
    Kernel driver in use: pcieport
    Kernel modules: shpchp

00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 2 (rev b4) (prog-if 00 [Normal decode])
    Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0, Cache Line Size: 64 bytes
    Interrupt: pin B routed to IRQ 17
    Bus: primary=00, secondary=03, subordinate=03, sec-latency=0
    Memory behind bridge: e2400000-e24fffff
    Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
    BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
        PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
    Capabilities: [40] Express (v2) Root Port (Slot+), MSI 00
        DevCap:    MaxPayload 128 bytes, PhantFunc 0
            ExtTag- RBE+
        DevCtl:    Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
            RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
            MaxPayload 128 bytes, MaxReadReq 128 bytes
        DevSta:    CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr+ TransPend-
        LnkCap:    Port #2, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <512ns, L1 <16us
            ClockPM- Surprise- LLActRep+ BwNot- ASPMOptComp-
        LnkCtl:    ASPM L1 Enabled; RCB 64 bytes Disabled- CommClk+
            ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
        LnkSta:    Speed 2.5GT/s, Width x1, TrErr- Train- SlotClk+ DLActive+ BWMgmt+ ABWMgmt-
        SltCap:    AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
            Slot #1, PowerLimit 10.000W; Interlock- NoCompl+
        SltCtl:    Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
            Control: AttnInd Unknown, PwrInd Unknown, Power- Interlock-
        SltSta:    Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
            Changed: MRL- PresDet- LinkState+
        RootCtl: ErrCorrectable- ErrNon-Fatal- ErrFatal- PMEIntEna- CRSVisible-
        RootCap: CRSVisible-
        RootSta: PME ReqID 0000, PMEStatus- PMEPending-
        DevCap2: Completion Timeout: Range BC, TimeoutDis+, LTR-, OBFF Not Supported ARIFwd-
        DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
        LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
             Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
             Compliance De-emphasis: -6dB
        LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete-, EqualizationPhase1-
             EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
    Capabilities: [80] MSI: Enable- Count=1/1 Maskable- 64bit-
        Address: 00000000  Data: 0000
    Capabilities: [90] Subsystem: Lenovo 6 Series/C200 Series Chipset Family PCI Express Root Port 2
    Capabilities: [a0] Power Management version 2
        Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
    Kernel driver in use: pcieport
    Kernel modules: shpchp

00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 4 (rev b4) (prog-if 00 [Normal decode])
    Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0, Cache Line Size: 64 bytes
    Interrupt: pin D routed to IRQ 19
    Bus: primary=00, secondary=05, subordinate=0c, sec-latency=0
    I/O behind bridge: 00005000-00005fff
    Memory behind bridge: e1c00000-e23fffff
    Prefetchable memory behind bridge: 00000000e0400000-00000000e0bfffff
    Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
    BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
        PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
    Capabilities: [40] Express (v2) Root Port (Slot+), MSI 00
        DevCap:    MaxPayload 128 bytes, PhantFunc 0
            ExtTag- RBE+
        DevCtl:    Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
            RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
            MaxPayload 128 bytes, MaxReadReq 128 bytes
        DevSta:    CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr+ TransPend-
        LnkCap:    Port #4, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <16us
            ClockPM- Surprise- LLActRep+ BwNot- ASPMOptComp-
        LnkCtl:    ASPM L0s L1 Enabled; RCB 64 bytes Disabled- CommClk-
            ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
        LnkSta:    Speed 2.5GT/s, Width x0, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
        SltCap:    AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+
            Slot #3, PowerLimit 10.000W; Interlock- NoCompl+
        SltCtl:    Enable: AttnBtn- PwrFlt- MRL- PresDet+ CmdCplt- HPIrq- LinkChg-
            Control: AttnInd Unknown, PwrInd Unknown, Power- Interlock-
        SltSta:    Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet- Interlock-
            Changed: MRL- PresDet- LinkState-
        RootCtl: ErrCorrectable- ErrNon-Fatal- ErrFatal- PMEIntEna- CRSVisible-
        RootCap: CRSVisible-
        RootSta: PME ReqID 0000, PMEStatus- PMEPending-
        DevCap2: Completion Timeout: Range BC, TimeoutDis+, LTR-, OBFF Not Supported ARIFwd-
        DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
        LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
             Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
             Compliance De-emphasis: -6dB
        LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete-, EqualizationPhase1-
             EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
    Capabilities: [80] MSI: Enable- Count=1/1 Maskable- 64bit-
        Address: 00000000  Data: 0000
    Capabilities: [90] Subsystem: Lenovo 6 Series/C200 Series Chipset Family PCI Express Root Port 4
    Capabilities: [a0] Power Management version 2
        Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
    Kernel driver in use: pcieport
    Kernel modules: shpchp

00:1c.4 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 5 (rev b4) (prog-if 00 [Normal decode])
    Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0, Cache Line Size: 64 bytes
    Interrupt: pin A routed to IRQ 16
    Bus: primary=00, secondary=0d, subordinate=0d, sec-latency=0
    I/O behind bridge: 00004000-00004fff
    Memory behind bridge: e1400000-e1bfffff
    Prefetchable memory behind bridge: 00000000e0c00000-00000000e13fffff
    Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
    BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
        PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
    Capabilities: [40] Express (v2) Root Port (Slot+), MSI 00
        DevCap:    MaxPayload 128 bytes, PhantFunc 0
            ExtTag- RBE+
        DevCtl:    Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
            RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
            MaxPayload 128 bytes, MaxReadReq 128 bytes
        DevSta:    CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr+ TransPend-
        LnkCap:    Port #5, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <512ns, L1 <16us
            ClockPM- Surprise- LLActRep+ BwNot- ASPMOptComp-
        LnkCtl:    ASPM L1 Enabled; RCB 64 bytes Disabled- CommClk+
            ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
        LnkSta:    Speed 2.5GT/s, Width x1, TrErr- Train- SlotClk+ DLActive+ BWMgmt+ ABWMgmt-
        SltCap:    AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+
            Slot #4, PowerLimit 10.000W; Interlock- NoCompl+
        SltCtl:    Enable: AttnBtn- PwrFlt- MRL- PresDet+ CmdCplt- HPIrq- LinkChg-
            Control: AttnInd Unknown, PwrInd Unknown, Power- Interlock-
        SltSta:    Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
            Changed: MRL- PresDet- LinkState-
        RootCtl: ErrCorrectable- ErrNon-Fatal- ErrFatal- PMEIntEna- CRSVisible-
        RootCap: CRSVisible-
        RootSta: PME ReqID 0000, PMEStatus- PMEPending-
        DevCap2: Completion Timeout: Range BC, TimeoutDis+, LTR-, OBFF Not Supported ARIFwd-
        DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
        LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
             Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
             Compliance De-emphasis: -6dB
        LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete-, EqualizationPhase1-
             EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
    Capabilities: [80] MSI: Enable- Count=1/1 Maskable- 64bit-
        Address: 00000000  Data: 0000
    Capabilities: [90] Subsystem: Lenovo 6 Series/C200 Series Chipset Family PCI Express Root Port 5
    Capabilities: [a0] Power Management version 2
        Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
    Kernel driver in use: pcieport
    Kernel modules: shpchp

00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 (rev 04) (prog-if 20 [EHCI])
    Subsystem: Lenovo 6 Series/C200 Series Chipset Family USB Enhanced Host Controller
    Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0
    Interrupt: pin A routed to IRQ 23
    Region 0: Memory at e2529000 (32-bit, non-prefetchable) [size=1K]
    Capabilities: [50] Power Management version 2
        Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
    Capabilities: [58] Debug port: BAR=1 offset=00a0
    Capabilities: [98] PCI Advanced Features
        AFCap: TP+ FLR+
        AFCtrl: FLR-
        AFStatus: TP-
    Kernel driver in use: ehci-pci

00:1f.0 ISA bridge: Intel Corporation QM67 Express Chipset Family LPC Controller (rev 04)
    Subsystem: Lenovo QM67 Express Chipset Family LPC Controller
    Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0
    Capabilities: [e0] Vendor Specific Information: Len=0c <?>
    Kernel driver in use: lpc_ich
    Kernel modules: lpc_ich

00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller (rev 04) (prog-if 01 [AHCI 1.0])
    Subsystem: Lenovo 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller
    Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
    Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0
    Interrupt: pin B routed to IRQ 26
    Region 0: I/O ports at 60a8 [size=8]
    Region 1: I/O ports at 60b4 [size=4]
    Region 2: I/O ports at 60a0 [size=8]
    Region 3: I/O ports at 60b0 [size=4]
    Region 4: I/O ports at 6060 [size=32]
    Region 5: Memory at e2528000 (32-bit, non-prefetchable) [size=2K]
    Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit-
        Address: fee00278  Data: 0000
    Capabilities: [70] Power Management version 3
        Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot+,D3cold-)
        Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
    Capabilities: [a8] SATA HBA v1.0 BAR4 Offset=00000004
    Capabilities: [b0] PCI Advanced Features
        AFCap: TP+ FLR+
        AFCtrl: FLR-
        AFStatus: TP-
    Kernel driver in use: ahci
    Kernel modules: ahci

00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller (rev 04)
    Subsystem: Lenovo 6 Series/C200 Series Chipset Family SMBus Controller
    Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Interrupt: pin C routed to IRQ 11
    Region 0: Memory at e2524000 (64-bit, non-prefetchable) [size=256]
    Region 4: I/O ports at efa0 [size=32]
    Kernel modules: i2c_i801

03:00.0 Network controller: Intel Corporation Centrino Advanced-N 6205 [Taylor Peak] (rev 34)
    Subsystem: Intel Corporation Centrino Advanced-N 6205 AGN
    Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0, Cache Line Size: 64 bytes
    Interrupt: pin A routed to IRQ 31
    Region 0: Memory at e2400000 (64-bit, non-prefetchable) [size=8K]
    Capabilities: [c8] Power Management version 3
        Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
    Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
        Address: 00000000fee00338  Data: 0000
    Capabilities: [e0] Express (v1) Endpoint, MSI 00
        DevCap:    MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
            ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+
        DevCtl:    Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
            RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop+ FLReset-
            MaxPayload 128 bytes, MaxReadReq 128 bytes
        DevSta:    CorrErr+ UncorrErr- FatalErr- UnsuppReq+ AuxPwr+ TransPend-
        LnkCap:    Port #0, Speed 2.5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <4us, L1 <32us
            ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp-
        LnkCtl:    ASPM L1 Enabled; RCB 64 bytes Disabled- CommClk+
            ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
        LnkSta:    Speed 2.5GT/s, Width x1, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
    Capabilities: [100 v1] Advanced Error Reporting
        UESta:    DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
        UEMsk:    DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
        UESvrt:    DLP+ SDES- TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
        CESta:    RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr-
        CEMsk:    RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+
        AERCap:    First Error Pointer: 00, GenCap- CGenEn- ChkCap- ChkEn-
    Capabilities: [140 v1] Device Serial Number a0-88-b4-ff-ff-e1-aa-94
    Kernel driver in use: iwlwifi
    Kernel modules: iwlwifi

0d:00.0 System peripheral: Ricoh Co Ltd MMC/SD Host Controller (rev 07) (prog-if 01)
    Subsystem: Lenovo MMC/SD Host Controller
    Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0, Cache Line Size: 64 bytes
    Interrupt: pin A routed to IRQ 16
    Region 0: Memory at e1400000 (32-bit, non-prefetchable) [size=256]
    Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
        Address: 0000000000000000  Data: 0000
    Capabilities: [78] Power Management version 3
        Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=2 PME-
    Capabilities: [80] Express (v1) Endpoint, MSI 00
        DevCap:    MaxPayload 128 bytes, PhantFunc 0, Latency L0s unlimited, L1 unlimited
            ExtTag- AttnBtn+ AttnInd+ PwrInd+ RBE+ FLReset-
        DevCtl:    Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
            RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop+
            MaxPayload 128 bytes, MaxReadReq 512 bytes
        DevSta:    CorrErr+ UncorrErr- FatalErr- UnsuppReq+ AuxPwr- TransPend-
        LnkCap:    Port #1, Speed 2.5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <4us, L1 unlimited
            ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp-
        LnkCtl:    ASPM L1 Enabled; RCB 64 bytes Disabled- CommClk+
            ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
        LnkSta:    Speed 2.5GT/s, Width x1, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
    Capabilities: [100 v1] Virtual Channel
        Caps:    LPEVC=0 RefClk=100ns PATEntryBits=1
        Arb:    Fixed- WRR32- WRR64- WRR128-
        Ctrl:    ArbSelect=Fixed
        Status:    InProgress-
        VC0:    Caps:    PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
            Arb:    Fixed- WRR32- WRR64- WRR128- TWRR128- WRR256-
            Ctrl:    Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
            Status:    NegoPending- InProgress-
    Capabilities: [800 v1] Advanced Error Reporting
        UESta:    DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
        UEMsk:    DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
        UESvrt:    DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
        CESta:    RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr-
        CEMsk:    RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+
        AERCap:    First Error Pointer: 00, GenCap+ CGenEn- ChkCap+ ChkEn-
    Kernel driver in use: sdhci-pci
    Kernel modules: sdhci_pci