> The BIOS that has locked the AHCI is currently cryptographically signed by Lenovo.
Cryptographically signed firmwares are an Intel requirement and have been since Sandy/Ivy Bridge. Go look at Dell or HP and you'll find the exact same requirements for UEFI updates.
> Currently, one user had successfully installed Linux on their device by manually flashing their BIOS by soldering a chip programmer onto the actual chip.
Yes, this is the only way to bypass the firmware update signature check. Because by flashing the actual SPI EEPROM the check is not executed.
> So, is this your idea of supporting it ourselves?
Where on earth did the author ever imply or state that?
Flashing a modified firmware via SPI is the only known method for newer Intel platforms due to the signature checks performed during a normal firmware update.
Sometimes vendors are careless/lazy and people find other ways to flash modified firmwares. In cases where vendors don't screw up the reference firmware enough to nullify the security checks, you need to flash it manually.
Go read about this yourself (free eBook on Intel platform security): www.apress.com/9781430265719
Re: DIY support
Cryptographically signed firmwares are an Intel requirement and have been since Sandy/Ivy Bridge. Go look at Dell or HP and you'll find the exact same requirements for UEFI updates.
> Currently, one user had successfully installed Linux on their device by manually flashing their BIOS by soldering a chip programmer onto the actual chip.
Yes, this is the only way to bypass the firmware update signature check. Because by flashing the actual SPI EEPROM the check is not executed.
> So, is this your idea of supporting it ourselves?
Where on earth did the author ever imply or state that?
Flashing a modified firmware via SPI is the only known method for newer Intel platforms due to the signature checks performed during a normal firmware update.
Sometimes vendors are careless/lazy and people find other ways to flash modified firmwares. In cases where vendors don't screw up the reference firmware enough to nullify the security checks, you need to flash it manually.
Go read about this yourself (free eBook on Intel platform security): www.apress.com/9781430265719