Jump to content
ludufre

[GUIDE] Fix Insyde H2O BIOS signature (5 beeps on Lenovo)

11 posts in this topic

Recommended Posts

[GUIDE] Fix Insyde H2O BIOS signature (5 beeps on Lenovo)

 

I recently bought a Lenovo L440 laptop to install the Mojave macOS and I replaced the wireless card with the DW1560 because the current one is not compatible. I discovered that there was a whitelist of enabled cards that manufacturers are adopting recently (in my case it uses a Phoenix Insyde BIOS H2O).

 

I searched the BIOS Modding forums and found people who did the patch for me. But after replacing the BIOS I noticed that the computer keep beeping 5 times every time I boot. So, I went deeper into this issue and that's when I figured out how to solve it. Then I created this guide based on the information I found in some Russian forums.

 

Preface

 

When the BIOS integrity test fails, some Intel AMT functionality stops working and a sequence of 5 whistles is issued twice at boot.

After modifying to remove whitelist (enable unauthorized WI-FI cards), unlock MSR 0xe2 (hackintosh), enable advanced menu, etc. the BIOS will not pass the integrity test causing this problem.

This integrity check is done through the RSA signature of the BIOS block called TCPABIOS (more information below) with the public key in modulus 3 format also stored in the BIOS.

This TCPABIOS block stores the checksums of each BIOS volume.

 

What we will do is generate new checksum for those volumes that have been modified, generate a RSA (private and public) key pair, sign that block with the private key, and replace the public key.

 

 

Tools needed

 

- EFITool NE alpha 54: https://github.com/LongSoft/UEFITool/releases

- HxD 2.1.0: https://mh-nexus.de/en/hxd/

- OpenSSL: http://gnuwin32.sourceforge.net/packages/openssl.htm (Download -> Binaries)

- Microsoft File Checksum Integrity Verifier (FCIV.exe): https://www.microsoft.com/en-us/download/details.aspx?id=11533

 

Step by step

 

Let's open the modified BIOS, locate the TCPABIOS block and understand its anatomy.

 

1. Open the BIOS with HxD

 

image.png.9bd20639628631149f820fde57e42233.png

(We will use the modded BIOS in the MyDigitalLife.com forum by the Serg008 user for the Lenovo B590 laptop in this guide)

 

2. Find the word TCPABIOS:

 

image.png.931aa98e383f2b3b9273b3956d6a0236.png

image.png.8cef4f91211ce1eafafcb7af51297583.png

 

3. The block starts with TCPABIOS and ends before TCPACPUH

 

image.png.51262f4653917f3ed1ab1ee74d45006e.png

 

4. Anatomy:

 

54 43 50 41 42 49 4F 53 48 31 38 34 61 31 31 2F

32 36 2F 31 33 49 42 4D 53 45 43 55 52 00 FD 27

34 2A 35 AB 41 26 39 E3 32 E5 B6 8A D6 49 5B 0B

77 F9 82 58 48 00 00 00 CE 18 1F 00 00 00 03 00

00 00 00 00 00 00 27 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 FF FF 83 04 D4

52 52 95 C5 D7 21 55 78 0E 5C AD 47 EE C4 3D 1D

C1 EC 69 03 2B 51 A5 42 61 96 22 F9 7B 88 57 B7

A8 9D D0 20 DB 5B 11 10 55 07 84 6C 62 DF FA 2F

6A A8 43 0C 8A 40 AF 79 0D 31 DB 5A 5D C8 2F EB

F8 7C 87 B0 A6 3D 2A 88 AE 91 9D 88 E3 AA 85 E3

5A B3 91 7F 28 68 1F BA 92 C4 7E 10 F5 1A 7E 75

A9 6F CE C0 4F BA FA 79 A5 98 2B 50 60 BA 09 73

7B 03 D1 0C 3E A2 9C 44 DF E9 F2 92 34 7B

 

Gray: Name and Block Information

Red: Volume Information (Checksum and Header)

Blue: Separation of the list of volumes and the block signature

Green: Signature of the TCPABIOS block are the last 128 bytes

 

List of Volumes:

 

Each volume has the format: 00 FD 27 34 2A 35 AB 41 26 39 E3 32 E5 B6 8A D6 49 5B 0B 77 F9 82 58 48 00 00 00 CE 18 1F 00 00 00 03 00 00 00 00 00

                                        (Prefix 3 bytes + checksum 20 bytes + offset 4 bytes + volume size 6 bytes + end delimiter 6 bytes)

 

The volumes are enumerated and use the first byte in the prefix for this (00 FD 27), starting at 0.

The BIOS used in this example has only one volume, but in the case of more than one volume, it would be: 00 FD 27 .., 01 FD 27 ..., 02 FD 27 ...

- Checksum is SHA1 calculation of the volume.

- Offset is the volume position within the BIOS. The bytes are inverted, in this case it would be 00 00 00 48, equals to 48h

- Volume Size is also with the bytes inverted, then: 1F18CEh

 

Then that's it. We need to correct this information (checksum, offset and size)

 

5. To extract the volumes open the BIOS with the UEFITool and see how to identify the volumes (our example there is only one volume if there were others would also be inside EfiFirmwareFileSystemGuid):

 

image.thumb.png.ccbcc129e633036cbcbcec60deae5771.png

 

In the original BIOS, circled in red we can see our volume.

Note that in blue we have offset and green the size. Exactly as we checked up on HxD. In the modified BIOS we see that the size is different:

Original: 1F18CEh

Modified: 1F12D5h (we'll need this later)

 

6. Let's extract this volume to calculate the checksum by choosing the "Extract as is ..."

 

image.png.4f6c6b44f33f610326329f01a22db1a8.pngimage.png.69537d20c3a7e5adc3194e404d65ce3c.png 

 

7. Use this command to get the checksum of this volume: fciv.exe -sha1 File_Volume_image_FvMainCompact.ffs

 

image.png.cbc530b6859dad3b6b46d1bfbbc9e6d8.png

 

Now we have the checksum that is 396e0dc987219b4369b1b9e010166302ce635202

 

8. Replace the information in the TCPABIOS block:

 

image.png.fce7e2fe4f5b9861cfcfe8b0aece8459.png

 

Note that the volume size must have the bytes inverted, so if the total is 6 bytes and is 1F12D5h, becomes D5 12 1F 00 00 00 in place of CE 18 1F 00 00 00.

If the offset is different, also perform the same process by inverting the bytes.

Checksum change from 34 2A 35 AB 41 26 39 E3 32 E5 B6 8A D6 49 5B 0B 77 F9 82 58 to 39 6E 0D C9 87 21 9B 43 69 B1 B9 E0 10 16 63 02 CE 63 52 02

 

Do this for each volume in the BIOS.

 

9. Now we need to generate the checksum of the whole TCPABIOS block but without considering the last 131 bytes, that is to dismiss FF FF 83 + 80 bytes from the previous signature.

 

Copy to a new file in HxD and save as tcpabios

 

image.png.fe2cb4ed07464785c8469c30b32541bf.png

 

Use the command to generate the checksum of this block: fciv.exe -sha1 tcpabios

 

image.png.5325dcc1c6b630c0ff1423adc4c723d4.png

 

Checksum of TCPABIOS block: 0da6715509839a376b0a52e81fdf9683a8e70e52

 

Create a new file in HxD and add 108 bytes with 00 and paste the checksum at the end and save as tcpabios_hash, thus:

 

image.png.3abfadf19cea0a41a461661fa7cb3fc7.png

 

10. Now let's generate the RSA private key with modulus 3: openssl genrsa -3 -out my_key.pem 1024

 

image.png.1aa571bb1c48113d1630cfb1e676bbe5.png

 

Sign the file tcpabios_hash: openssl rsautl -inkey my_key.pem -sign -in tcpabios_hash -raw > tcpabios_sign

 

image.png.f6aa958f87b2a012aaa679c32cc44c12.png

 

Now enjoy to generate the public key: openssl rsa -in my_key.pem -outform der -pubout -out my_key_pub.der

 

image.png.0b46c643e8aa32dc899f20e080c7b982.png

 

And generate public key modulus 3: openssl rsa -pubin -inform der -in my_key_pub.der -text -noout

 

image.png.de85889394db5266570e9f4e84420dc8.png

 

Copy and paste the key into a text file to use soon. Remove all ":" and put everything on a single line, thus:

 

image.png.e319dc1c7338214857a669eb52f44036.png

 

11.   Open the tcpabios_sign file in HxD, copy the contents and replace the signature at the end of the TCPABIOS block:

 

 image.png.b4d270f8674000ee94ea2d538f0d8ac0.pngimage.png.3e3bf21863474216a6464d9918f86013.png

 

12. Now let's locate the location of the public key in the BIOS and replace it. This key starts with 12 04 and ends with 01 03 FF and is after the TCPABBLK block.

 

The key looks like this: 12 04 + 81 bytes + 01 03 FF. Search for 01 03 FF to locate more easily. Verify that before the 81 bytes have bytes 12 04 to make sure you found.

 

image.png.7c068048eb8c61f246a1a4a6ab5249a3.png

 

image.png.f5e676b7c1ddf88d85cd3f3428f3e60a.png

 

Now substitute for the public key that was annotated in the text file previously, thus:

 

image.png.0c27ad6e4301b03208ca8cd57f77e44b.png

 

 

Save and you're ready. Your BIOS is signed and ready.

Share this post


Link to post
Share on other sites
Advertisement

I have succeeded on T440P and failed on X250. I now have whitelist removed, deleted anti theft/computrace and can edit any module after this long process.

 

On newer bios the volume image is not what is checksumed; the entire FFsV2 is computed with SHA1 instead. You have to run ftic on entire EfiFirmwareFilesystemGuid.ffs... fortunately it makes the generation of the checksum much easier. I removed/changed so much and yet it stayed the same.

 

On systems with bootguard, like the X250, it looks like bootguard key is used to sign the bios and the second volume so this modification is not possible. In fact, every attempt to modify modules failed.Maybe with a downgrade at least editing would be possible? I failed to backup the original bios and ended up with a "secure" newer one because I foolishly upgraded it.

 

On the 440P I only used the bios 2.50, before I saw in the changelog all the fixes for Tianocore "vulnerability".

Share this post


Link to post
Share on other sites

Could you send me a dump of your X250 BIOS so I can analyze? I haven't seen anything about Bootguard yet.

Share this post


Link to post
Share on other sites

Here is what I have running on it. I don't know if downgrading would prove fruitful in order to get the mods working.

 

http://s000.tinyupload.com/index.php?file_id=72243378644638634752

Share this post


Link to post
Share on other sites

This is Lenovo s540
comet lake    400 Series Chipset Family
Modifying BIOS content is different tcpabios cannot be found

Share this post


Link to post
Share on other sites

I have good news on the X250 front... I downgraded to 1.32 with dosflash (skip checks) and now I can modify the bios again. Unfortunately when I did the signature I think it trips bootguard.

 

Share this post


Link to post
Share on other sites
On 11/16/2019 at 10:58 AM, nsafarm said:

I have succeeded on T440P and failed on X250. I now have whitelist removed, deleted anti theft/computrace and can edit any module after this long process.

 

On newer bios the volume image is not what is checksumed; the entire FFsV2 is computed with SHA1 instead. You have to run ftic on entire EfiFirmwareFilesystemGuid.ffs... fortunately it makes the generation of the checksum much easier. I removed/changed so much and yet it stayed the same.

 

On systems with bootguard, like the X250, it looks like bootguard key is used to sign the bios and the second volume so this modification is not possible. In fact, every attempt to modify modules failed.Maybe with a downgrade at least editing would be possible? I failed to backup the original bios and ended up with a "secure" newer one because I foolishly upgraded it.

 

On the 440P I only used the bios 2.50, before I saw in the changelog all the fixes for Tianocore "vulnerability".

i am trying to checksum a t440p with 2.53 bios and i get lost in the FFsV2 step because how you said the whole FFs2 is computed, can you help me?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By tluck
      Lenovo T460 macOS with Clover Guide
      Latest Release on GitHub (February 2020) Updated to Clover r5104 Updated Lilu based kexts - Lilu, ALC, WEG Updated acidanthera VoodooPS2 kext v2.1.1 the older 1.9 to the Misc Folder as an option.
        Various Tweaks over Last months The zip file is a complete Clover ESP (/EFI) bundle and kext pack for the Lenovo T460. The current file bundle is tested on Sierra. 
      Note: I never got the GFX fully working on El Capitan. 
      Full Clover file set - config.plist etc. Includes all custom kexts Includes custom DSDT/SSDT scripts and patches Utility scripts The zip bundles are posted to GitHub: https://github.com/tluck/Lenovo-T460-Clover/releases
      Caveat: The T460 systems used here was configured with: i5-6300U, Intel HD Graphics 520, 1920x1080 touch screen. If you have a different system model, then extract the ACPI files and use the included scripts to create a set of files consistent with your system type and BIOS version. See below for details.
      Credits: RehabMan, Shmilee, vusun123, TimeWalker, Mieze from which, much of their work and help is/was was used to get the T460 to this point.
      Devices and aspects working:
      Ethernet -  Intel I219LM is enabled via IntelMausiEthernext.kext WiFi/BT - substitute the Intel WiFi/BT with a compatible Broadcom or Atheros chip Audio - ALC293 codec implemented via AppleALC.kext (the old AppleHDA_ALC293 and CodecCommander kexts are not needed) PS2 - ClickPad + TrackPoint + all 3 buttons - using a modified VoodooPS2Controller to support new layouts - and added some custom Fn key maps based on 440/450 dsdt USB - implemented via custom SSDT + USBInjectAll kext. All USB3/USB2 ports are intel-based and work -  3 external USB and internal Camera, BT, etc  Sleep/Wake - the sleepwatcher package and custom sleep/wake scripts are used to help with sleep/wake for BT and PS2 devices. Note: have not tried to implement the SD card reader - no driver found.
      ACPI Files
      New Installation - Steps and Details
      Part 1 - OS Installation
      Part 2- Post OS Installation and Setup
      Notes on Custom Kexts
       
    • By MaLd0n
      --Donations via PayPal--
      https://tinyurl.com/r2bvzm7
       
      --Original Topic--
      https://www.olarila.com/topic/6874-olarila-hackbook-lenovo-ideapad-s145-mojave-catalina-full-dsdt-patches/
       

       
      -Perfect HackBook, HDMI Audio/Video, Bluetooth, AirPlay, Sleep, Lid Sleep, Auto Sleep, Audio, etc!
      -Wifi card has been replaced with Dell DW1560!
      -I'm using a S145-15IWL Model with Intel Core i5 8265u / Intel UHD Graphics 620
      -Update bios/uefi to last version
       
      --Installation--
      https://www.olarila.com/topic/5794-guide-install-macos-with-olarila-image-step-by-step-install-and-post-install-windows-or-mac/
       
      --Clover Folder--
      Just paste EFI folder inside EFI partition
      https://www.olarila.com/files/Clover.Folder/Lenovo IdeaPad S145.zip
      Notebooks with ELAN trackpad use it with my folder above
      IdeaPad S145 ELAN.zip
       
      Bluetooth Broadcom
      Bluetooth Broadcom.zip
       
      CPUFriend for i5-8265U
      CPUFriend i5-8265U.zip
       
      --Full DSDT Patches--
      -My DSDT
      DSDT Lenovo IdeaPad S145.zip
       
      This DSDT work on S145-14IWL, S145-15IWL, V14-IWL, V15-IWL models
      -Patches
      -FIX ERRORS AND WARNINGS -REMOVE UNUSED SCOPES / DEVICES -HIGH PRECISION EVENT TIMER -SATA SERIE 11 ID -DMAC -REMOVE LINES, PROBLEMATIC and UNUSED -SLPB -DARWIN / WINDOWS 2015 -XHCI -PLUGIN TYPE -HDAS to HDEF -HDEF -REAL TIME CLOCK -ARTC -IRQs -SBUS -BUS1 -MCHC -ALS0 -SHUTDOWN -FWHD -USBX -PMCR -PPMC -XSPI -GMM -IMEI -EC -PRWs -_DSMs -PNLF -BRIGHTNESS KEYS -I2C -NATIVE USB -ARPT -GFX0 -DTGP -kUSBCompanionIndex -io-device-location -FULL RENAMED DEVICES   --IGPU Patch--
      Video solution with HDMI Audio and Video
      <key>PciRoot(0x0)/Pci(0x2,0x0)</key> <dict> <key>AAPL,GfxYTile</key> <data> AQAAAA== </data> <key>AAPL,ig-platform-id</key> <data> CQClPg== </data> <key>device-id</key> <data> pT4AAA== </data> <key>enable-hdmi20</key> <data> AQAAAA== </data> <key>framebuffer-con0-alldata</key> <data> AAAIAAIAAACYAAAA </data> <key>framebuffer-con0-enable</key> <integer>1</integer> <key>framebuffer-con1-alldata</key> <data> AQEJAAAIAADHAQAA </data> <key>framebuffer-con1-enable</key> <integer>1</integer> <key>framebuffer-con2-alldata</key> <data> AgYKAAAEAADHAQAA </data> <key>framebuffer-con2-enable</key> <integer>1</integer> <key>framebuffer-fbmem</key> <data> AACQAA== </data> <key>framebuffer-patch-enable</key> <data> AQAAAA== </data> <key>framebuffer-stolenmem</key> <data> AAAwAQ== </data> <key>framebuffer-unifiedmem</key> <data> AAAAgA== </data> <key>hda-gfx</key> <string>onboard-1</string> <key>model</key> <string>Intel Corporation, Cannon Point-LP Iris Plus Graphics 655</string> </dict>   --Native USB Fix for Notebooks - No Injector/Kext Required--
      https://www.olarila.com/topic/6878-guide-native-usb-fix-for-notebooks-no-injectorkext-required/
      https://www.olarila.com/topic/6181-guide-native-usb-fix-for-desktops-no-injectorkext-required-skylake/
       
       
      -ScreenShots

































      -Links
       
       
      Clover https://github.com/CloverHackyColor/CloverBootloader
      AirportBrcmFixup.kext https://github.com/acidanthera/AirportBrcmFixup
      AppleALC.kext https://github.com/acidanthera/AppleALC
      Brcm Bluetooth https://github.com/acidanthera/BrcmPatchRAM
      Lilu.kext https://github.com/acidanthera/Lilu
      SystemProfilerMemoryFixup.kext https://github.com/Goldfish64/SystemProfilerMemoryFixup
      VirtualSMC.kext https://github.com/acidanthera/VirtualSMC
      VoodooI2C.kext https://github.com/alexandred/VoodooI2C
      VoodooPS2Controller.kext https://github.com/acidanthera/VoodooPS2
      WhateverGreen.kext https://github.com/acidanthera/WhateverGreen
      MaciASL - https://github.com/acidanthera/MaciASL
      acpica - https://github.com/acpica/acpica
      AptioMemoryFix.efi https://github.com/acidanthera/AptioFixPkg
      ApfsDriverLoader.efi https://github.com/acidanthera/AppleSupportPkg
      HFSPlus.efi https://github.com/JrCs/CloverGrowerPro/blob/master/Files/HFSPlus/X64/HFSPlus.efi?raw=true
      Hackintool https://github.com/headkaze/Hackintool
       
      -Credits and thanks to the old and new people in the community who developed patches, kexts and bootloaders!
       
      Slice, Kabyl, usr-sse2, jadran, Blackosx, dmazar, STLVNUB, pcj, apianti, JrCs, pene, FrodoKenny, skoczy, ycr.ru, Oscar09, xsmile, SoThOr, RehabMan, Download-Fritz, Zenit432, cecekpawon, Intel, Apple, Oracle, Chameleon Team, crazybirdy, Mieze, Mirone, Oldnapalm, netkas, Elconiglio, artut-pt, ErmaC, Pavo, Toleda, Master Chief and family, bcc9, The King, PMheart, Sherlocks, Micky1979, vit9696, vandroiy2013, Voodoo Team, Pike R. Alpha, lvs1974, Austere.J, CVad, Sampath007, onemanosx, erroruser, Jenny David, Olarila Facebook Community, Hackintosh Facebook Community and many others!
       
      We're all here to have fun and learn from each other!
    • By mikezexter
      (Dear moderators please replace this topic to another category if I made a mistake in choosing it)
       
      Hello everybody. I need some help in trying to fix native AppleHDA sound on my X230T.
      VoodooHDA works perfectly but without needed HDMI audio channel so I need to try fix my sound in native mode.
       
      AppleALC told us here (README) that in v1.2.1 Added ALC269 layout-id 18 for Thinkpad X230 by Hypereitan. And if it works I didn't need to create this topic.  Unfortunately layout ids 1,2,3,18 and 55 didn't help me to fix sound issue.
       
      My Clover: https://drive.google.com/open?id=1FuGS7iE59ydgiMsxZcDMarlAFH3FliNE (it's 2 MB bigger than I could upload for now)
      I've also uploaded some screenshots of what I've seen after 5 reboots in a row changing layout ids. Please help me to fix this issue.
       
    • By ludufre
      Installing macOS Catalina 10.15.3 on Lenovo ThinkPad L440

       
      There are two version of this laptop:
      - 20AS = Chipset QM87, without Express Card (mine).
      - 20AT = Chipset HM86, with Express Card.
      I strong believe is the same thing...
       

      Changelog:
       
      01/30/2020 23:52h GMT-0
      - Added 10.15.3 update instructions.
       
      12/11/2019 04:24h GMT-0
      - Added 10.15.2 update instructions.
      - Replaced IntelMausiEthernet.kext with IntelMausi.kext.
       
      11/08/2019 20:30h GMT-0
      - Added instructions to swap Command with Option keys in VoodooPS2Controller.kext.
      - Added additional FileVault 2 UEFI drivers be more practical.
       
      10/30/2019 01:42h GMT-0
      - Added 10.15.1 update instructions.
      - Replaced AppleALC.kext with VoodooHDA.kext
      - No more issues after sleep or misconfiguration with jack sense.
       
      10/29/2019 18:18h GMT-0
      - Replaced the config.plist with AppleIntelCPUPM = true.
       
      10/27/2019 05:37h GMT-0
      - Replaced the DW1560 wireless card with BCM94360CS2.
       
      10/20/2019 20:47h GMT-0
      - Removed AppleBacklightFixup.kext.
      - WhateaverGreen now implements backlight since 1.2.5.
       
      10/20/2019 18:10h GMT-0
      - First version.
       
      What works and what does not
       
      - Processor: Intel Core i5-4300M ->  Work. All SpeedStep stages.
      - Video Card: Intel HD4600 ->  Work. QE/CI and Metal.
      - Chipset: Intel QM87 ->  Work.
      - Mini DisplayPort ->  Work. But no audio, yet.
      - VGA ->  Not work. Normal.
      - Audio: ALC292 ->  Work.
      - WiFi/Bluetooth: Intel AC 7260 ->  Not work. Replaced with DW1560 BCM94360CS2 (need whitelist removal).
      - Ethernet: Intel I217-LM ->  Work.
      - Card Reader: Realtek RTS5227 ->  Not work.
      - Keyboard and Touchpad ->  Work.
      - Webcam ->  Work.
      - Fingerprint Reader ->  Not work. Normal.
      - USB3.0 ->  Work.
      - Sleep ->  Work.
      - Airdrop, Handoff and Continuity ->  Work after replaced wireless.
      - Instant Hotspot ->  Not work.
       
       
      Extras
       
      - FullHD 1920x1080 display upgrade: 
      Replaced with AU Optronics B140HAN01.1 30pin eDP (B140HAN01.2 and B140HAN01.3 also compatible).
      Apparently same screen as Dell Latitude E6440, E7440, Lenovo Ideapad U430 and E129.
       
      - CPU upgrade:
      Replaced the stock Intel Core i5 4300M 2.6Ghz (3.3Ghz turbo) 6M cache with Intel Core i7 4700MQ 2.4Ghz (3.4Ghz turbo) 6MB.
      I initially had problems with overheating. The processor ran at full load above 90 degrees.
      After using a quality thermal paste I can work between 70 and 80 degrees.
      Acceptable taking into consideration that the new processor has 47TDP versus 37TDP which is recommended.
      I also had no problem consuming the battery while charging. The original 65W source seems to have figured out.
       
      - Touchpad upgrade:
      Replaced the stock with T460 touchpad.
      This is serious: you have to do it! It should be stock. Touchpad with precision and absurd quality!
      Just do it!
       
      - RAM upgrade:
      16GB (2x8GB). No mistery here. Just upgade.
       
      - Wireless upgrade:
      Previously I have the DW1560 working almost perfectly, now replaced with BCM94360CS2 that is full native supported. 
      More info below.
       
      Todo
       
      - Make DP audio work.
      - Make Card Reader work.
      - Make trackpad appear in System Preferences
      - Make Instant Hotspot work.
       
       
      What you need to install

      - Running install of macOS
      - One USB flash drive of 8GB or bigger
      - macOS Catalina install app
      - Clover EFI
      - Clover Configurator
      - Some KEXTs and SSDT patches


      How create create the install flash drive
       
      Prepare install flash drive

      Format the flash drive with GUID partition mapping and name it "Install".

      - Open Disk Utility.
      - Click in View, then "Show All Devices".
      - Select the destination flash drive, then Erase.
      - Name: Install, Format: Mac OS Extended (Journaled) and Scheme: GUID Partition Map
       
      Create install flash drive

      Open terminal and run this command:
      sudo /Applications/Install\ macOS\ Catalina.app/Contents/Resources/createinstallmedia --volume /Volumes/Install --nointeraction This will take about 30 minutes.
       


      Install bootloader

      Download the CloverEFI from official repository (used 5097) and install only with these options on "Install macOS Catalina":
       
      - Install for UEFI booting only
      - Install Clover in the ESP
      - UEFI Drivers - Recommended Drivers - AudioDxe (Just to have nice sound on boot)
      - UEFI Drivers - Recommended Drivers - FSInject (I still don't know if it's really necessary)
      - UEFI Drivers - File System drivers - ApfsDriverLoader (Support to APFS partitions)
      - UEFI Drivers - File System drivers - VBoxHfs (Support HFS/HFS+ partitions)
      - UEFI Drivers - Memory fix drivers - AptioMemoryFix (Fix the memory management of de UEFI/BIOS)
       
      FileVault 2
       
      If you plan to use FileVault 2, you need to download additional drivers, since what comes with Clover is not up to date and use VirtualSMC instead of FakeSMC.
      Follow instructions bellow:
       
      From current Clover installation, check these options to USB keyboard/mouse work on password screen:
      - UEFI Drivers - Human Interface Devices - UsbKbDxe
      - UEFI Drivers - Human Interface Devices - UsbMouseDxe
       
      After Clover install will be created a partition named EFI and mounted in Desktop. Usually the path is /Volumes/EFI/.
       
      Download the versions 2.1.0 and 2.0.9 of AppleSupportPkg from: https://github.com/acidanthera/AppleSupportPkg/releases
      We need the last version of AppleGenericInput.efi that is inside 2.1.0 and last version of AppleUiSupport.efi that is inside 2.0.9.
      OR download attached bellow.
       
      Put in /Volumes/EFI/EFI/CLOVER/drivers/UEFI/
       
      That's it! FileVault 2 will work without problems.
       
       

       
       
      Make things works
       
      After Clover install will be created a partition named EFI and mounted in Desktop. Usually the path is /Volumes/EFI/.
       
      - Replace the /Volumes/EFI/EFI/CLOVER/config.plist with mine attached below
      - Put SSDT-L440.aml attached below in /Volumes/EFI/EFI/CLOVER/ACPI/patched/
       
      Generate your Serial, MLB and SmUUID
       
      - Open the replaced config.plist with Clover Configurator (used 5.6.2.0)
      - Go to SMBIOS, click few times in "Generate New" in Serial Number and SmUUID.
       
      Copy the Clover Configurator to flash drive because you will need later.
       
      Download those Kexts and put in /EFI/CLOVER/kexts/Other/
       
      - Download the VirtualSMC from here. I used all Kexts and UEFI driver (put VirutalSmc.efi inside /Volumes/EFI/EFI/drivers/UEFI/) from version 1.0.8 (If you followed the steps to enable FileVault 2 above, skip to the next item).
      - Download the Lilu.kext from here. I used the version 1.3.8.
      - Download the VoodooPS2Controller.kext from here. I used version 2.0.4.
      - Download the IntelMausi.kext from here. I used the version 1.0.2.
      - Download the VoodooHDA.kext from here. I used the version 2.9.2. (Need to turn up the volume on Info.plist, more instructions below)
      - Download the WhateverGreen.kext from here. I used the version 1.3.3.
      - Download the USBInjectAll.kext from here. I used the version 2018-1108.
       
      Important! If you are coming from my previous Mojave guide, please note that I am using some kexts from other repositories / authors.
       
       
      Audio volume adjustment
       
      - Open the Info.plist inside VoodooHDA.kext/Contents/ with TextEdit.app or any text editor of your choice.
      - Change:
      <key>PCM</key> <integer>90</integer> to:
      <key>PCM</key> <integer>140</integer> Or, download the versions 2.9.2 attached bellow.
       
       
      Keyboard swap Command with Option (optional)
       
      - If you prefer, you can swap Command and Option keys, to map Win Key - Command and Alt - Option.
      - Change /Volumes/EFI/EFI/CLOVER/OEM/S400CA/UEFI/kexts/10.15/VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Keyboard.kext/Contents/Info.plist:
      <key>Swap command and option</key> <true/> to:
      <key>Swap command and option</key> <false/> Or, download the version 2.0.4 already adjusted attached bellow.
       
       
      Wifi and Bluetooth (BCM94360CS2 + M2 NGFF adapter)
       
      Recently I replaced the DW1560 with BCM94360CS2. Now I have fully wireless and bluetooth working (including Instant Hotspot) without any kexts.
       
      See: 
       
       
      Wifi and Bluetooth (DW1560 / BCM94352Z)
       
      Unfortunately, some notebook manufacturers are currently blocking the replacement of wireless cards. They want you to only use the models sold by them. And of course, none of them from Lenovo for this notebook model is compatible with MacOS.
       
      If you try to start with an unauthorized wifi card for them, you will receive a screen error:
      1802: Unauthorized network card is plugged in - Power off and remove the network card. Since this check is done directly in the BIOS, the only solution is to modify it.
      But since nothing is easy in this life, there is one small big problem:
      - The BIOS update procedure does not allow you to use modded files as it used to be.
      - You will need to physically reach your BIOS on the motherboard and make use of a USB BIOS reader/writer.
       
      So what you need to do:
      1. Disassembly your laptop;
      2. Dump your BIOS with an USB BIOS reader with SOIC8 clip (to not desolder from the motherboard);
      3. Patch it (Ask on UEFI hack forums over there to someone patch for you. Every dump is unique, so mine don't work to you.);
      4. Fix RSA signature;
      5. Reflash BIOS;
      6. Replace wireless card;
      7. Remount your laptop;
      8. Done.
       
      To fix a Modded BIOS to remove the 5 beeps on boot, you need this guide: https://www.insanelymac.com/forum/topic/337333-guide-fix-insyde-h2o-bios-signature-5-beeps-on-lenovo (traduzido: pt-BR)
       
       
      After replaced the wireless card. Download those Kexts and put in /Volumes/EFI/EFI/CLOVER/kexts/10.15/
       
      - Download the AirportBrcmFixup.kext from here. I used the version 2.0.3. (To enable Wireless)
      - Download the BrcmBluetoothInjector.kext, BrcmFirmwareRepo.kext and BrcmPatchRAM3.kext from here. I used the version 2019-10-17. (To enable Bluetooth)
      - Download the BT4LEContinuityFixup.kext from here. I used the version 1.1.4. (To enable Handoff and Continuity)
       
      Keep in mind that the bluetooth kexts are currently in development and the official releases will be available in future in the repository: https://github.com/acidanthera/BrcmPatchRAM/releases
       
       
      Now you can start the installation without problem (I guess).
       
       
      How install
       
      UEFI Setup Configuration and Installation

      UEFI configuration
       
      My BIOS is the latest: 1.93 (J4ET93WW) 

      - Shutdown and insert the flash drive.
      - Power on with F1 pressed to enter BIOS setup.
      - Change value: Config - Intel(R) AMT - Intel(R) AMT Control to DISABLED
      - Change value: Security - Security Chip to DISABLED
      - Change value: Security - Anti-Theft - Intel(R) AT Module Activation to DISABLED
      - Change value: Security - Anti-Theft - Computrace to DISABLED
      - Change value: Security - Secure Boot to DISABLED
      - Change value: Startup - UEFI/Legacy Boot to BOTH, Legacy First and CSM Support = Yes
      - Save & Exit Setup (F10)
       
      - Now, hold the F12
      - In the list, select your flash drive.
      - Choose the flash drive (white icon).
       
      The installer will start. 
      
      Format destination disk

      Format the disk with GUID partition mapping and name it "Macintosh".

      - Select Disk Utility in the list, then press Continue.
      - Click in View, then "Show All Devices".
      - Select the destination Disk, then Erase.
      - Name: HD, Format: APFS and Scheme: GUID Partition Map

      Close Disk Utility.
      
      Select "Install macOS", then Continue.
      Follow instructions in screen.

      After install
       
      After first part install the system will reboot. Maybe you have to press F12 again and select the flash drive.
       
      Choose the internal disk (gray hdd icon) if not already selected.

      The second part of the installation will begin. This will take 16 minutes.

       

      Post installation
       
      When the second part of install finish, the system will reboot again.

      After performing the user initial setup and go to the desktop, you need to make the system disk bootable.

      Open the Clover Configurator from flash drive that you copied before.

      Mount and open the flash drive EFI partition. (Inside Clover Configurator, Mount EFI -> Select flash drive in Efi Partitions list -> Mount Partition -> Open Partition)
       
      Copy the EFI folder to desktop.
       
      Go back to Clover Configurator, unmount the EFI partition of the flash drive and mount and open the EFI partition of internal disk.
       
      Move the EFI folder from Desktop to EFI partition of the internal disk.
       
      Eject the flash drive.
       
      Move all Kexts from EFI partition of internal disk to /Library/Extensions and make kext cache, with those commands in Terminal:
      sudo mv -R /Volumes/EFI/EFI/CLOVER/kexts/10.15/* /Library/Extensions/ sudo chmod -R 755 /Library/Extensions sudo chown -R root:wheel /Library/Extensions sudo kextcache -i / Restart the system.
       
       
      It's done!
       
       
      System Updates
       
      10.15.1
       
      Updated without changing or updating anything.
       

       
       
      10.15.2
       
      Before install, update the following kexts:
      - VirtualSMC.kext and all kexts and VirtualSmc.efi. I used version 1.0.9.
      - Lilu.kext. I used version 1.4.0.
      - WhateverGreen.kext. I used version 1.3.5.
      - AppleALC.kext. I used version 1.4.4.
      - VoodooPS2Controller.kext. I used version 2.1.0.
      (all download links above)
       
      Download the latest CLOVERX64.efi.zip build. I used version 5100.
      Mount EFI partition and unzip to:
      - /Volumes/EFI/EFI/CLOVER/CLOVERX64.efi
      - /Volumes/EFI/EFI/BOOT/BOOTX64.efi (rename the copy of CLOVERX64.efi to BOOTX64.efi
       
      Install update. Will reboot at least four time.
       
       
      10.15.3
       
      Updated with success without changing anything.
       
       

      And last but not least

      I would like to thank the following community members, by making these dream possible:
      @crushers, @snatch, @apianti, @blackosx, @blusseau, @dmazar, @slice2009, @autumnrain, @phpdev32, @EMlyDinEsH, @RehabMan, @Scellow, @mitch_de, @Shailua, @Andy Vandijck, @maxfierke, @ArturXXX, @LexHimself, @brumas, @"Sniki", @Mieze, @headkaze and all others members involved directly or indirectly.
       
       
      Attachments
       
       
      SSDT-L440.aml
      config.plist
      VoodooHDA.kext.zip
      VoodooPS2Controller.kext.zip
      Filevault 2 additional drivers.zip
×