Installing a firmware update on a Lenovo T460p without removable media

Michael Ehrenreich

Jun 27, 2017 • 2 min read

So, I have here this nice laptop that unfortunately came with this nasty CPU bug. What can I do to remedy it? One option is to let the Linux kernel load a new microcode on every boot. Another option is updating the laptop's firmware. I don't consider myself a particularly adventurous person when it comes to expensive hardware, but the firmware update seemed the better option to me.

The Lenovo download page offers an installer for Windows and a bootable CD image. Great. I neither have Windows on my Laptop, nor did I have a CD drive or USB stick available at the time. What other options are available?

On closer inspection, the CD image contains a hard disk image that contains a FAT partition. Unfortunately, extracting the contents using 7-Zip failed for unknown reasons. A quick look with a hex editor revealed the offset of the FAT partition to be at offset 11800 hexadecimal or 71680 decimal. I used this information to mount the FAT file system.

# mount -t vfat -o ro,loop,offset=71680 r07uj14wd.iso /mnt

In the mounted partition I could see two folders of importance, one being Flash, which contains the firmware files themselves, and the other one being EFI which contains another folder, Boot, which contains a file called BootX64.efi. This whole thing started looking quite bootable indeed.

As you might know, a GPT-partitioned disk contains a UEFI boot partition which can contain multiple bootable executables. I copied the files for the firmware update to this partition, and created a boot entry using the efibootmgr in order to be able to boot the firmware flasher utility.

# cp -r /mnt/EFI/Boot /boot/efi/EFI/flasher
# cp -r /mnt/Flash /boot/efi
# efibootmgr --create --disk /dev/sda --part 1 --label "FW Flasher" --loader \\EFI\\flasher\\BootX64.efi
BootCurrent: 0000
Timeout: 2 seconds
BootOrder: 0001,0000,0010,0011,0012,0013,0017,...
Boot0000* arch
Boot0010  Setup
Boot0011  Boot Menu
...
Boot0001* FW Flasher

As you can see from the output, efibootmgr set the newly created entry for the firmware flasher as the default boot option which, while not dangerous, was slightly unexpected to me.

Now that I had created the boot entry, I rebooted the laptop and, indeed, the firmware flasher utility started.

After a successful firmware update, I could start my Arch Linux system again via the boot menu (Enter, F12). This took two attempts, for whatever reason. I then removed the no longer needed boot entry and firmware update files.

# efibootmgr -b 0001 -B
# rm /boot/efi/Flash /boot/efi/EFI/flasher -r

All in all, I consider this a success. I now have a laptop with the latest firmware, and even more importantly, the latest CPU microcode.