Slashdot Mirror
BIOS-Approved PCI Cards For Laptops
derek_farn writes "First there were printers that would would only work with vendor annointed ink cartridges; now we have laptops that will only boot with vendor annointed PCI cards. Keeping a list of approved PCI cards in the bios is one way of ensuring that customers renew their maintenance contracts. How else are they going to be able to plug in a PCI card released after the last BIOS update?" My HP laptop is several years old; can anyone confirm this?
This is nothing new. Linux-lovin' IBM is known to do this as well,
# You need an uncompressed copy of the BIOS. The easiest way to obtain this is probably to use phlash16 under DOS with the /BU option. This will write out an uncompressed copy as BIOS.BAK. /CS option to phlash16 in order to check the checksum.
# Find out the PCI vendor, device and subsystem IDs of your card. In Linux, doing lspci -v will tell you this.
# Open the BIOS file in a hex editor. Find the BCPUSB header (there's an index near the start of the file that contains references to lots of BCP stuff. Ignore the one that appears here). Shortly after this is a set of PCI IDs, split up with 0s. The file is in little endian format, so the first byte in the file is the second byte of the ID. For instance, an IBM Pro/Wireless 2100 is 8086:1043 with a subsystem id of 8086:2551. This will appear as 8680431086805125. Make the modifications to suit your card.
# Find the string EXTD. The 4 bytes after that are an additive checksum. When all the 4 byte blocks in the file are added up, they must equal 0. Change the checksum as appropriate. At some point I'll probably get round to writing a tool to do this.
# Reflash your BIOS. Make sure that you use the
# If it's worked, your card should now work. If it hasn't, your laptop is probably dead.
I came across his site a while back, and holy crap if he isn't hacking his BIOS to get around these limitations. (His page is linked to if you follow a link from TFA, but I figured he deserves more prominence here.)
Interestingly, this is the same IBM (and HP, for that matter) that we have come to know and love for their help with Linux. I realize they're a big company, full of lawyers and patents and left hands unaware of what the right hand's doing, but I'm still really surprised I haven't heard about this before.
Anyone know of a blacklist of this sort of shenanigans? I'm the sysadmin where I work, and it'd be great to know what to stay away from -- and to explain to these companies why they've lost our business.
Carousel is a lie!
Matthew Garrett
There's an easy enough workaround for that.
The problem the parent post is describing is about plugging in miniPCI wireless cards, not the Cardbus/PCMCIA-type cards that you are describing. As another reply mentioned, IBM is doing this out of concern for the FCC certification of their laptops. The miniPCI cards use the built in antenna behind the screen, whereas the CardBus devices have independant antennas (those devices have been run through FCC certification as well). The FCC is pretty touchy about radio products, and IBM is simply trying to assure that any wireless radio + antenna combination has been tested.
It sucks badly, but the current FCC rules are as much ti blame as the manufacturers are.
Parent is confused. He means Mac OS would not boot on a motherboard unless the motherboard had a Mac BIOS on it. This kept cloners from making their own motherboards (this is no longer true, a Mac ROM is no longer needed to boot Mac OS X). NuBus, which came before PCI, was created by Texas Instruments. The reason cards required a Mac ROM was because you were using the card with a Mac. There was no BIOS, and a card had to communicate with the Mac differently. It had nothing to do with lockup, just differences between the PC and Mac architectures. Current PCI cards are still in the same position. Some PCI cards that don't rely on communicating with the PC's BIOS will work fine interchangeably, like TV cards. Other cards, like graphics cards, must have a special Mac ROM on them because of architecture differences between PC and Mac motherboards (like, again, no BIOS on Mac). In short, there was no Apple lockout on expansion cards, just architecture differences. The only time I can remember Apple being anti-expansion card was when Steve Jobs was in charge the first time. He handled expansion cards by just not including the slots. Developers had to sneak them in to final machines as "debug ports".
I've disassembled the Thinkpad BIOS and read the code myself. It scans every PCI device and flags any that have a class id starting with "02" (which signifies communication devices). Each communication device is then compared against a whitelist of PCI vendors, device IDs and subvendor information. If it's not on that list, the system will print an "1802: Unauthorized network device detected" error and stop booting. At that point, all you can do is switch off the machine. It's easy enough to fix in the BIOS - thankfully, it's even easier to fix by setting a CMOS bit that disables the check.
Unlike a regular PCI add-in card, the miniPCI WiFi card(s) in question doesn't contain a PCI option ROM. Like VGA, SCSI or RAID cards, this option ROM configures the device before the OS loads.
Since the option ROM isn't on the device, the ROM is stored in the system BIOS. When PCI option ROMs are stored in the BIOS, they are associated with the device's PCI "vendor ID" and "device ID". The "hack" described in an earlier post tells the BIOS to look for a different vendor/device ID (which hopefully is compatible with the embedded option ROM).
Some network adapters require the option ROM for the OS drivers to work, and network booting requires the option ROM so the BIOS can use UNDI/PXE.
This is a support problem from the notebook manufacturer. They only tested a few adapters, and only have room in the BIOS for one network option ROM. This has nothing to do with "trusted computing" or weird conspiracy theories. If the integrated card can't be upgraded, then USB or PCMCIA devices should be an option.
Here
I think alot of the confusion on this thread is stemming from the difference between mini-PCI and PCI and Cardbus (PC Card).
To be very technical about it, PCI is the protocol, electical and logical that runs between on-board chips and plug-in cards. Mini-PCI, Cardbus and the most common flavor of edge connector PC plug-in card (called the "PCI expansion card" by the specification) all use PCI to communicate.
In pupose and form factor, the three are very different.
The PC plug-in card is used to provided user-accessible expansion capabilites to off-the-shelf PCs.
Somewhat similiarly, Cardbus was intended as a laptop expansion slot for after-market upgrades. Again, user servicable.
Mini-PCI was intended to allow laptop vendors to create an easy way to avoid the regulatory headache associated with getting UL (safety) testing done on every laptop with a modem. Modems are high-voltage devices.
It turned out that mini-PCI was also useful for making other services (NICs and Wireless) easy to add to a base laptop design at build time rather than being designed directly onto the PCB. But this connection, was never meant to be user-servicable.
In addition to the fact that there are no fewer than three specified and incompatible flavors of Mini-PCI, sometimes vendors even run non-standard signals through the mini-PCI connector, making them even more incompatible with each other (potentially hazardously so). All of this because they were never intended as user-servicable parts. If you want to expand your laptop, that's what PC Card is for.
Personally, I'm a big IBM Thinkpad fan
Bastard. Are you aware that all Thinkpads have Trusted Computing lockdown chips inside???
Sure it's not causing any problems yet, but every Trusted Compliant system someone buys gives them that much more market share towards the point where they will be able to start utilizing that Trusted chip lockdown system. Sure the "unapproved expansion card" problem in the story can currently be overcome by reflashing your BIOS, but if any "security" software does make use of the Trust chip then you'll find yourself locked out of your own files if you attempt this fix. The Trust chip is designed to authenticate that the BIOS (and everything else) has not been "tampered with". As the Trusted-compliant market share increases you'll start seeing software start to use this chip. The software won't run at all on a computer without this chip, and it will only run on a computer with this chip when it's in "lockdown mode".
If anyone wants to avoid buying Trusted compliant computers here's a very incomplete list of such systems:
ANYTHING made by Samsung. They have announced all new computers they make will be Trusted compliant.
Motherboards: Infineon D865GRH D865GRHLK Infineon D915GUX Infineon D915GEV Infineon D925XCV
IBM - ThinkCenter, ThinkVantage and Netvista desktops, Thinkpad laptops
HP - dc7100 and D530 Desktops
HP/Compaq - nc6000,nc8000,nw8000, nc4010 notebooks (all models)
HP - iPAQ hx2750 Pocket PC
Acer - Veriton 3600GT/7600GT ?5600GT?
Toshiba - Tecra M2 Series
Fujitsu - Lifebook S7010 and LifeBook E8000 series
Fujitsu - T4000 Tablet PCs
Fujitsu - FMV-DeskPower C90GW/C desktop PC and FMV-Biblo MG70G/ST notebook
Bestbyte Computers - EXPERT PC 2 System
Link Computers - Ultra P4T-2800
Neatware - Digital Media Platform
Link Computers - Ultra P4T/PCX PC
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.