I encountered the same mpcie card whitelist nuisance on the Lenovo m73 Tiny. Turns out there that you can just update the serial and model number to "INVALID" and it will then let you boot with a non-whitelisted device, albeit with an angry beep and warning message.
Apparently it's possible to add the pcie device identifier to the whitelist, but it looks like a very fiddly process and I didn't really care about the minor issues resulting from the cruder approach:
Amazing adventure and great write up! It reads like an adventure novel :-)
> Unfortunately, Lenovo continues to implement a stupid network card whitelist that IBM started over 20 years ago on its ThinkPad models. If the card in the M.2 slot is not advertising a known PCI vendor and product ID in the whitelist contained in the BIOS (now UEFI firmware), the ThinkPad will refuse to boot.
Why?? Are there legitimate reasons for this sort of design behavior other than anticompetitiveness?
The usual line that Lenovo gives is that this is for FCC reasons. The argument goes that the laptop is FCC certified as an entire unit, and changing the WiFi card technically invalidates this.
This is quite plainly nonsense. Every other manufacturer allows WiFi adapter replacements because every module on the market must be individually FCC certified.
Technically, the claim does make sense under a creative interpretation of the FCC rules. I think the real reason is likely so you'll buy replacement FRUs from Lenovo under your enterprise support contract, as well as ensuring you use a module that is known to work reliably with the software stack shipped on the machine.
> This is quite plainly nonsense. Every other manufacturer allows WiFi adapter replacements because every module on the market must be individually FCC certified.
Perhaps every other OEM are running antennas through the case that have exactly the gain you'd expect on the bands you'd expect; while Lenovo are using better-than-average antenna designs together with lower signal amplification to achieve the same SNR with lower total power consumption.
If that's the case, then swapping out the wi-fi card for one that hasn't been programmed for below-standard signal amplification, will get you a system that's above the FCC limits.
If that sounds silly, while working in commercial construction in Los Angeles, we encountered pushback for placing UL-listed devices in a UL-listed enclosure. The city determined that to be a “new assembly” and required UL listing for the entire unit. UL has a category for this situation; the enclosure is “UL recognized” because all of the devices and the enclosure are UL-listed. Their proposed solution, which UL was happy to oblige, was to come and field-inspect the installed units and have them certified in situ, at our (significant) expense, of course.
I assume you know this, but depending on what the enclosure was made of, what frequencies the devices inside were broadcasting at, and where you placed them inside, you could very well have accidentally produced a resonating chamber, parabolic antenna emitter, or other type of structural frequency-specific gain-boosting mechanism.
They likely wanted to just make sure that you hadn't done that. (And to do that, they had to send some fellows whose time was very expensive, because it takes long experience to build up an intuition for these things to the point that you're confident enough in your answer to not have to bother with the "measure everything and plug-and-chug the dynamics in a simulator" step.)
In this particular case, it was a guest room control solution consisting of DIN rail mounted TRIAC dimmers 0-10V dimmers and other line-voltage & dry contact relays. Backbone was an RS485, 4-conductor bus. Yes, those components can produce various harmonica and frequencies, however they were tested extensively in a lab in various configurations. Each configuration varies slightly based on room layouts and number of zones, and obtaining UL-listing for every possible permutation becomes ridiculous (IMO).
TBH that doesn't sound ridiculous at all. "UL recognized" is not the same thing as "UL listed."
The former means that the assembly is assumed to meet UL specifications; the second means that it has been inspected by UL and confirmed that the assembly actually does meet specifications.
Making sure that things meet specifications is the entire point of the building department's inspections.
I acknowledged that in my comment. Part of my point here is that UL is not exactly a disinterested 3rd-party when it comes to endorsing additional layers of certification.
When I see situations like this, it's often because someone on the other side, or someone related, benefits from the arrangement. They would never admit so, but that's how things tend to turn out like that.
Unfortunately, Lenovo is actually correct in how the laws are written.
Whether or not they would get in trouble for it is a different question. I wouldn’t be surprised if they were put on notice for something 20 years ago by an over eager FCC person and they took the lesson to heart. Once a company gets threatened for something they rarely go back, even if other companies are getting away with it.
Other manufacturers such as Dell and HP do in fact implement BIOS whitelist. I think this is the reason why Internet listings of Wi-Fi cards are advertised with brand names that the cards are intended for.
The slot in question is not a slot for a part 15 WiFi card. It's a slot for a cellular modem, complete with pins going to a SIM slot. There's FCC complications with that that go beyond the standard part 15 rules. You're also dealing with carrier certifications—yes, carriers want your precise M.2 cellular modem, laptop, and antenna configuration tested before they allow your device on the network. (In practice you can get away with not doing this, although some carriers are making moves to eventually disallow devices whose TACs can't be tied to a carrier certification.)
Eh? I didn't know that only one singular slot was in question here, or that the conversation had shifted from talking about WiFi to instead talking about cellular.
My own ThinkPad absolutely has independent slots for WiFi and cellular cards, and they look similar but they aren't even electrically compatible. (One is a mini PCIe with PCI Express and without USB, and the other is mini PCIe with USB and without PCI Express.)
Around COVID times, my then employer got stuck with about 40,000 devices, 30% of which had undetectable, counterfeit memory that would eventually cause a complete failure. Replacement was a $80M lesson for that vendor.
I had to do a similar thing with my T530. I wanted to upgrade to a WiFi 6+Bluetooth card. The built in Bluetooth adapter is very old, I think v4.2. It's also a finicky module with a mezzanine connector, and it's nestled deeply into the internal magnesium frame so the range is abysmal.
I reflashed the BIOS to kill the whitelist, but I'm left with a bigger problem. The WiFi slot offers PCI, but not USB. The WWAN slot has USB, but not PCI.
I ended up tapping into the original Bluetooth connector to steal the USB lines and route them back to the PCI connector.
I had some issues at first with the device not enumerating reliably, but it eventually settled down.
Now I have WiFi 6 and Bluetooth 5. Unfortunately the WiFi frontend is extremely bad (it's a Chinese knockoff) and I have pretty bad signal strength even literally on top of the router. But it works well enough and my Bluetooth headphones now work more than 10ft away from the machine.
The major problem is that the only WiFi 6 card available in mini PCIe is knockoff Intel AX210 cards. I suppose that's fair, mPCIe is basically obsolete these days. Unfortunately I don't have space for a M.2 or other adapter. Maybe I could build a custom express card
Still boggles my mind that people praise ThinkPads as an option for those looking for repairability and upgradability while casually talking about the built-in BIOS whitelist designed to block all that.
To me that means an instant black ball.
It's cool hackers are patching this out, but this anti-consumer feature should not be present in the first place in something people recommend.
Lots of other laptops has the same whitelist annoyance, and are harder to tinker with. Lenovo is still nearly the least cumbersome even with this.
Sony laptops were the worst: Sony has elitist culture when it comes to miniaturization and engineering excellence, which manifests as unsolderable gapless tiny solder pads in case with PCBs. Fujitsu is better: they love to get creative with their own testing criteria that results in excessively hot laptops that relies on keyboard typing surfaces as heatsinks. Toshiba designers seem to be smart and rational people who understands that no one cares if they double sided everything. Dell is just thick and heavy while not particularly durable and occasionally being annoying with proprietary accessories. HP seem to have every hardware and software imported into their ERP and that can be annoying sometimes like having HP-only bugs.
ThinkPads don't have that kinds of things. They note on Hardware Maintenance Manual(HMM) that all removed screws must be discarded and replaced with their beautiful urethane coated and thread locked screws, and they still haven't made value of ~220 as default for `/sys/devices/platform/i8042/serio1/serio2/sensitivity`, and that's it.
Like all of it. It's a feature in BIOS, and commercial BIOS is sourced from Phoenix, AMI, Insyde, etc. It's like asking which car brand use Brembo disc brakes. It's up to designers and model dependent.
You've only heard on ThinkPad having it because it's most easily encountered problem. HP, Dell, ASUS, Fujitsu, Toshiba, VAIO, ... they all have it in some models and not on others. But Dell users don't swear by their Inspirons or maintain LatitudeWiki.
White-box suppliers/resellers like Clevo or Walmart, or more recent entries like Microsoft, Huawei, Razer, Valve, etc might not have it across the lineup. Whitelist feature also invites people break root of trust; that might be an alternate concern for those brands too.
Everything's relative. Sure, the BIOS whitelist is a serious mark in the "bad" column. In the "good" column, my daily driver is a Frankenpad made from a T480 with the 7-row keyboard from a T25, the 500 nit screen and glass touchpad from an X1 Carbon gen 6, a 2TB SSD upgrade, a 32GB RAM upgrade (two slots! I could even have had 64) and a magnesium lid for kicks. There is no other laptop brand with this many options for slicing, dicing, and upgrading in this fashion.
Is this modularity mostly an incidental side effect of part reuse and corporate serviceability for Lenovo's benefit rather than ours? Sure. But hacking isn't always about what things were designed to do - it's about what they can do.
Aside from sourcing the parts, the screen part was actually harder: this combination of screen, lid, and webcam is not officially supported, so the drilling and hacking I had to do for that was not documented. Unfortunately the foam tape I used to brace the screen in the correct left-right position seems to have slipped, as the screen is no longer properly centered... oh well!
The hardware itself (on most thinkpads I’ve owned anyway) is really nice to work on, with service manuals available, lots of parts, good community support.
Flashing the BIOS is also usually well documented.
I wish the BIOS flashing was not needed tbh, but at least it’s possible.
I don't know if Dell continued this in newer models, but I was pleasantly surprised by the versatility of the WWAN slot in my circa-2008 Precision workstation laptop.
No BIOS whitelist, antenna connectors that run up into the screen where the front bezel is plastic (allowing good reception), and plenty of room for an adapter. Grabbed a cheap adapter and AX210 card and stuck them in there and it all just works and so now it's equipped with BT and wifi better than is in my 13-years-newer X1 Nano.
How do you feel about the Intel management engine, which is a permanent backdoor with total hardware access which is fundamentally impossible to remove? Or AMD's equivalent, or NVIDIA's proprietary driver blobs, or the closed and un-auditable firmware on every computer ever?
Nobody is selling computers that are fully open. Even Framework uses a closed firmware.
In our modern capitalist hellscape, you sometimes have to settle for the least worst option. The BIOS whitelist on older thinkpads is completely trivial to defeat, and apart from that they are incredibly durable and repairable machines. The T530 came out in 2013, and has been my daily driver for near 10 years, after buying it used for $100. I'd say that kind of longevity is more than worth the effort of flipping some bits in a BIOS image.
If you want to draw hard lines like this, then you've ruled out absolutely every machine produced in the last 30 years. Nothing is fully open. You simply have zero options.
While YMMV, some smaller companies and manufacturers offer boards based on ARM or RISC-V cores. Consider checking out the MNT Reform - likely one of the closest computers that while a bit impractical, fills the openness criteria.
Modern ARM designs destined for computing are alo coming with management engine like features, just like Intel and AMD, plus other obscure silicone features and proprietary FW blobs, even more so than Intel and AMD, like DSPs, ISPs, etc.
If you want non-obscure HW you'll have to go back to pre-microcode days of processors roll out your own.
I have to wonder if there's a project for patching out this stupid, blatantly anticompetitive restriction from old ThinkPad firmwares. Especially with how many techies swear by these things.
Any advice on selecting a "good" AX210 card -- or perhaps avoiding a bad one? I understand that it may be a bit of a crapshoot, but I'd like to improve my odds of success if possible for my own T530.
(Alternatively, the AX200 cards from the usual sources have a lot less of a back-alley Shenzhen feeling than the AX210 cards I've looked at. Perhaps that's a safer option.)
> I use a Logitech mouse which can connect wirelessly to a USB dongle over RF, providing lower latency and better battery life than Bluetooth
In my experience this has not been true at all now that most Logitech mice use LE ("Bluetooth Smart") rather than BT. The only advantage the RF dongle has is that it works without an OS.... or on an OS without a BT/LE stack, like here.
RF dongles almost always are Nordic Semiconductor parts and they use their proprietary (but open) protocol called Enhanced Shockburst. The minimum latency of BLE is 7.5ms (fastest connection interval in the spec) while ESB can be in the 100s of microseconds. Not sure about power savings but latency is better.
> RF dongles almost always are Nordic Semiconductor parts and they use their proprietary (but open) protocol called Enhanced Shockburst.
Not really, Logitech actually uses the LE PHY even for their "RF" protocol, at least since the Logitech Bolt controller which is what TFA is talking about. You can sniff Bolt traffic with a LE sniffer.
> The minimum latency of BLE is 7.5ms (fastest connection interval in the spec) while ESB can be in the 100s of microseconds
This makes for an average 4ms of latency, which matches what Logitech advertises. Then USB is then going to introduce 5-10ms at the very least...
Dongles can also be handy for peripherals that are frequently used on different machines, particularly if they don't have built-in multi-pairing and quick host switching.
One exception to the "no BT/LE stack" case is the combo of Apple input devices paired with Macs or hackintoshed generic PCs with a handful of Broadcom-based BT chipsets used by Macs. macOS flips some bit on those cards that tells them to keep Apple peripherals paired at all times, which allows you to type and mouse around in the pre-boot environment and subsequently-booted OSes without drivers even on old BIOS-based machines which can't load EFI drivers.
It just remembers any peripherals you have already paired with the controller, it's nothing specific to "Apple peripherals". And on the next boot it then shows up as a USB HID device in the pre-OS environment, talking Bluetooth behind the scenes to those same peripherals. I have a (10 year old?) DBT-120 from D-Link which did this, and even Windows had some support for it.
Never seen anything for BLE; my wild guess is that Apple now simply puts a BT stack on their UEFI. Not too far-fetched.
But it doesn't really help the noOS use case, since you still need a BT stack with UI _somewhere_ in order to pair your keyboard for the first time.
It’s an apple exclusive thing, as they seem to be the only implementer of a USB Bluetooth HID bridge which the Broadcom adapter essentially exposes in firmware. There are a few Bluetooth dongles with CSR chips that can be turned into USB HID interfaces with previously paired Bluetooth peripherals.
I don't get the point of designing and building a 3.3 to 5v booster instead of just wiring a cable to one of the existing USB C vbus 5v pins? Am I missing something?
It's the safe thing to do. If you source power from some other place you have to worry about not accidentally back powering something by mistake. Granted, this can be accomplished just by carefully ruling out the possibility. Some people would rather just not risk making a mistake here
I'm not an electronics engineer, but is it safe to shift 3.3v to 5v if the underlying hardware wasn't designed for that? Is there a chance to put too much strain on the power source?
You've got to stay under the engineered current limits on the provided 3.3v, including how much current is reasonable on all the wiring to your boost converter, but chances are good that mouse transceiver uses much less than the typical usb bus powered maximum current of 500 mA, and even at 75% efficiency, that's about 1 amp at 3.3v, which doesn't need thick wires or traces, or a big power supply.
The transceiver probably does use more power than a fingerprint reader, especially if the reader is idle, but likely not enough to worry about.
All that really matters is how much power (watts, i.e. voltage * current) the device draws compared with how much power the laptop was designed to output. Shifting the voltage doesn't really affect anything other than losing some power to conversion inefficiencies.
The computer doesn't know that it has a 3.3v line externally boosted to 5v. It doesn't care about that at all.
It can care about how much power is being used, since the upstream 3.3v power supply -- whatever it may consist of -- is a finite thing.
But power is not the same as voltage. A device running from 5v does not necessarily use any more or less power than one that runs from 3.3v does. We don't have enough data to quantitatively know if power consumption is problematic or not for this particular instance, but I very strongly suspect that it is not an important concern here.
Finally, computers (and computer-like things) definitely do care about signal voltage. But USB signalling voltage is the same regardless of supply voltage, with USB 2 working between ~0v at the low end and at most 440mV at the high end, and tolerating up to 3.6v for compatibility with previous versions -- by specification. So that's not an issue.
Tl;dr, it's fine. And the author did a fantastic job of executing this hack very, very cleanly.
I think I myself would have taken the easy route and found a good place to run a bodge wire for 5v, and maybe even stripped the Logitech adapter out of its housing for some good old fashioned soldering fun, but everyone has their own proclivities.
The "strain" would depend on how many milliamps your 5V device draws. I don't know the current consumption of these logitech dongles, but it seems to be adequately low for this hack to work.
If I understand right, the existing USB ports are only USB-C. I'm not sure of what implementation the Nano has but if it supports USB-PD it may be able to output up to 20V if the "main" connected device asks for it.
Fair enough, if it supports being charged using any port that is reasonable. I would assume that the notebook has some other internal 5v regulator, maybe for the embedded controller or some other legacy device
> "connect wirelessly to a USB dongle over RF, providing lower latency and better battery life than Bluetooth."
Is this still true of modern Bluetooth 5.0 LE devices? Not sure about latency, but battery life seems to be extremely good now days. I get at least half a year out of a charge, on a mouse I use nearly every day.
Also now that we are modifying hardware and 3d-printing, one could make USB-4 hub which is practically invisible. And because we want to use some particular RF-mouse, we can also strip that dongle and insert it inside this selfmade hub, making it even smaller.
sounds like the author enjoyed the process. of course, if you need more ports the thinkpad x13 is basically the same size/weight of the nano with many more ports
I'm surprised Lenovo's whitelist hasn't been tackled more frequently, given its well-documented limitations. The only real reason to maintain such an artificial barrier is to artificially inflate profits from FRUs and enterprise support. The fact that every other major manufacturer has moved past this practice already only serves as evidence. I mean, come on, Lenovo, you're trying to compete with the likes of HP and Dell, and you're stuck on this archaic thinking. It's almost as if you're deliberately trying to alienate your most loyal customers.
https://www.reddit.com/r/homelab/comments/lx7d8f/pfsense_len...
Apparently it's possible to add the pcie device identifier to the whitelist, but it looks like a very fiddly process and I didn't really care about the minor issues resulting from the cruder approach:
https://www.reddit.com/r/Lenovo/comments/dcf0lw/comment/fbpy...
No idea if any of that works on the X1 Nano, but you never know.