Stubbornly, I Will Refuse, I Will Refuse

← go back 'blog'

Stubbornly, I Will Refuse, I Will Refuse

Where do I even begin here? Oh, right. Modern laptop firmware. My fucking god. Welcome to another episode of regretting a ~$1700 purchase, I'm your host.

Everybody loves firmware bugs, because they're always so easy and quick to fix! Said nobody. I would absolutely never wish them upon anyone, even my biggest enemies. Not only are they capable of much more frustrating BS than your average kernel driver bug, not only can they be nearly impossible to find, but they're also completely out of your control 99% of the time.

Ok, you can laugh in your coreboot here, but keep in mind most hardware is basically out of its reach due to the sheer engineering + corposhit management genius fuckcombo. I wish it wasn't, but it is, and so we cry in agony.

Take this fun one for example. Here, someone was just trying to suspend their laptop. My bad, I guess that's not supposed to work! Oh, you entitled Linux fanboys! See? THIS is why Windows is so good. Poor IOMMU programming is expected behavior on a ""secure"" system! SECURITY MICROSOFT TPM TRUSTED COMPUTING LET'S GO- sorry.

Yeah, sounds about right. The "problem" lies with disabling the TPM within firmware settings. Okay?! Or... not having a TPM setting in the first place! Oops? Oops indeed. Apparently that's fixed with the new firmware update, so let us go ahead and install it.

One more tangent. Why would any human individual ever make the TPM a critical requirement? Moreover, why would said human individual not put a setting for it on some models while apparently... disabling it by default? Where is the logic? Are they trying to pretend disabling the TPM is an option? Is this the infamous malicious compliance? But that makes even less sense! It's not like the TPM is actually enforced at any point (it's basically another useless power drawer, similar to the garbage that is the NPU), it's simply omitted from the laptop's ACPI table while being turned off. Ok, whatever, but why does a stupid TPM interact with system memory on resume? Just... w- wha..? You got something to hide?? As for the "fix", you can force-disable the IOMMU to mitigate that... facepalm. Anyway, back to installing updates.

Except I can't, or so it would appear:

I don't remember installing this "Windows 11 (64-bit)" thing on my laptop, so I guess I'm fucked. Oh well, I'll download it anyway, let's see what it even is.

pscn21ww.exe: PE32+ executable for MS Windows 5.02 (GUI), x86-64, 5 sections

Yeah, figured. PE32 for your eyesore pleasure. Jesus christ, what is this timeline?

Oh, I can open it with an archive manager!

That fd file looks like a typical firmware image thing. Huge size (because of course), somewhere around 32-64 MiB, and even opens up in UEFITool:

Great. There's also an EFI executable. I'll just dump everything on a FAT32-formatted USB drive and execute it with rEFInd-

Because why would computers work in 2025. While I do have full fwupd support, Lenovo does not care about uploading capsule updates to LVFS. So I'm out of options, aren't I?

Infuriated (as I always am, sadly), I left home to get some fresh air. I was occasionally thinking about this stuff and what could be done about it. I then remembered.

The Legion Go is an example of a device that is supported through LVFS. The payload within the cab update file is suspiciously similar to the ".fd" file from before - same size, yet a different extension; it's ".bin" this time around. I dared to dream. What if it's the same kind of file for all Lenovo Insyde firmware?

Sure enough, comparing sha256 hashes between the Legion Go update PE32 executable's "isflash.bin" and the LVFS package's "N3CN37WW.bin" files yields exactly the same results:

Alright, that sounds like these can work with fwupdtool. Let's give it a try, what could possibly go wrong? First, the system firmware device ID:

doas fwupdtool get-devices | grep -A 1 "System Firmware"

That gives us a nice string of characters. Now it's flashin' time:

doas fwupdtool install-blob WinPSCN21WW.fd 32f1bee26620b3792ff6a6f1750aa3aa3838b20a

After rebooting, I was actually perplexed to find that... it worked?

One more reboot later, I get back to rEFInd and Arch seems to be booting up just fine. Alright, that seems to have done it! I was not expecting this, but apparently Microsoft did something good for once with these UEFI capsule updates - firmware can finally be updated from any env of your choosing. At last.

But is the sleep issue resolved? Fuck no. Disabling the TPM still makes an error message appear when running the AMD s2idle script:

❌ IOMMU is misconfigured: missing MSFT0201 ACPI device
Your system does not meet s2idle prerequisites!
Explanations for your system
🚦 Device MSFT0201 missing from ACPI tables
        The ACPI device {device} is required for suspend to work when the IOMMU is enabled.
        Please check your BIOS settings and if configured correctly, report a bug to your system vendor.

Thanks a lot! Waiting since November has surely paid off. Ugh. So there's that. At least now I know that fwupd is not completely useless without LVFS, that's great news honestly.

And so we get to the main point of today's show. Lenovo can't seem to put together a basic XML metadata file with a firmware update binary they already have so that fwupd could just work. There isn't much information available about it either, I merely pieced together some stuff I had already known about. All of this seems like one huge hackjob that should have never existed in the first place. Also, is it really that hard to accept that someone might NOT want a wretched TPM enabled? It's not even useful. Fix this shit already. It has been way too long, and the laptop was way too expensive for that to be a problem.

This, this is why I have had enough of modern computing. It's frustrating that the technologies we have today are fast, efficient, compact and relatively affordable, but held back by pure incompetence and sloth, especially on the software side. The same applies to any other part of the industry you can think of. Oh well, but that's a story for another one.

By the way, I was supposed be calm and reserved after my previous shitpost. That did not work. I'm sorry yet again. That firmware thing got me. It really, really got me. Maybe next time. Hopefully.

Have a lot of fun...

2025-05-30