It makes me sad to think that first a group of engineers spend time writings this complex system of checksums, partially encrypted firmware images, proprietary challenge-response handshake and communications with the battery so that another hacker must spend days to allow himself to make a fix as simple as replacing the battery in his own laptop. Is this because of fear? Money? Greed? All three? How much money does Lenovo make out of Lenovo batteries to make this all this extra complexity worth its salt in the first place? Consider that maintaining all that complexity is a recurring cost: it's not just writing the authentication scheme but making sure it works for each future firmware release.
I haven't let go of the 80's and I still think if you buy a car, phone, laptop, compact disc or a video disc, then it's yours because you paid for it in your own money. From that standpoint it's simply inexcusable for manufacturers to try to re-own parts of a device they've already sold to someone.
If a battery works with the laptop, it's guaranteed to be a tested compatible one. Quickly slapping up a counterfeit and selling it as a brand-name thing won't work.
A battery ua a critical device, prone to fires or blasts if made improperly. One such incident would significantly tarnish the brand. Thus the over-reaction.
I wish there wad an open spec for certified batteries, to allow for third-party fixes and replacements, though.
Every news outlet that prints the article about a Lenovo laptop catching fire isn't going to check to see if that is a Lenovo battery in it.
And then the user will sue Lenovo because Lenovo didn't tell him he couldn't put a Lenovo battery in it. Even though that has nothing to do with it, it will still cost Lenovo possibly millions in legal defense costs, unless they opt to settle out of court, and anyone who doesn't bother to learn the truth will simply conclude that Lenovo laptops are dangerous because one caught on fire.
It's the same reason McDonald's coffee cups now say "Caution: Contents Hot" on them.
It makes me sad too. I've been through 4 thinkpads (x23,x60,x201i). They all work fine with 3rd party batteries although the more recent ones give a warning message. I think this is probably the end of buying Lenovo for me.
The option of replacing the cells in a genuine battery may be worth considering as an alternative to modifying the EC firmware, the advantage being is that you can choose your own high quality Li-Ion cells versus whatever you might happen to get in a replacement battery.
I suppose the whole "safety culture" around lithium cells in laptops has yet to change, but high-quality 18650 cells have been available on the open market for several years now, with all the accompanying products that use them (torches, vapes, power banks, etc.) The general public handling bare lion cells has increased significantly, whereas the amount of incidents related to cells catching fire etc. doesn't seem to have increased correspondingly. The majority seem to be from lipo "pouch cells" which are definitely far more fragile and less resistant to abuse. (They're also higher density = more energy to cause excitement when things go wrong, this is the type that's been causing the hoverboard fires.) 18650s are more robust and it's hard to cause a fire unless they're seriously abused (e.g. severe overcharge or physical damage.)
Given that you can buy empty power banks and add your own cells like this...
...it's odd that I haven't found similar battery cases for laptops. (Or maybe they do exist and I'm just using the wrong keywords. If they do, please say so; that seems like a great product to have.)
The general public handling bare lion cells has increased significantly, whereas the amount of incidents related to cells catching fire etc. doesn't seem to have increased correspondingly.
This may in part be due to certification and testing methodologies [0] for battery packs. The issue is that not all cells/battery packs go through this testing, so unless the batteries have been appropriately certified, there are restrictions on the handling and transportation of these batteries (for example non UN 38.3-rated cells are not allowed on planes [1]).
CE manufacturers test and certify the batteries in their products ([2], [3], [4] for example) which is why Amazon can ship them by air and passengers can carry them on planes. The issue is that 3rd party batteries may be uncertified and possibly unsafe. Lenovo doesn't want to take responsibility for an uncertified battery in one of their laptops downing an airliner [5] so they disallow the use of batteries they haven't certified. I doubt this is a nefarious scheme and more about potential liability.
(at my company we use lithium-ion battery packs for our field equipment and had to become very familiar with these issues when IATA promulgated their lithium/lithium-ion battery pack shipping rules a couple of years ago.
> The same Lenovo people are recommending everywhere?
Lenovo laptops used to be awesome. I'm typing this on a T410 and I'd still recommend an old Lenovo laptop for lots of purposes. I've heard mostly bad things about their newer offerings.
Considering the damage a 3rd party battery can potentially cause, I can see where Lenovo is coming from.
Of course there's also the aspect of securing margins on accessories, but there's also the aspect of making sure people's machines don't go up in flames or fail in ways that might trigger expensive repairs (which Lenovo will have to pay for if the device is still in warranty)
Well, the big TrackPoint patents are going to be expiring before too long so maybe someone else will be able to make good laptops for use without the touch pad?
If you want a cheaper battery wouldn't it be simpler and safer to replace the cells in an old Lenovo battery than to buy one of these dubious copies? That way the charge electronics are all correct and you can also control that the cells are good quality. There are even places that will do that for you if you're worried about poor soldering or other issues with doing this kind of swap.
>wouldn't it be simpler and safer to replace the cells
Dunno about safe but I've bought maybe 5 unofficial replacement li ion batteries for thinkpads, 2 for the iphone and will probably get one for my macbook. It takes about 1 min - go on ebay click buy, arrives in the post. It's hard to get much simpler than that until this recent lock down stuff. I've had no problems except the cheap knock offs don't generally last quite as long as the originals did when new.
The monitoring circuits in some batteries will permanently disable them if the cells are disconnected, and need a special programmer to reset them the way they came from the factory.
Nice article, that was a really enjoyable read. But one of the things that stuck out to me was:
> The last four bytes of the EC firmware image clearly appeared to be a checksum, and there were some other locations that consistently varied as well. I guessed (correctly) that if I programmed an image with the wrong checksums the EC would fail to boot and I would have a brick on my hands, so trial and error was not a very good option.
I was under the impression that the checksum is validated before flashing? Isn't that the primary purpose of checksums in ROM images?
It's not possible to verify the checksum before flashing in this scheme. The EC is the only device that can calculate the checksum (1), and its RAM is probably smaller than its Flash. So there isn't enough RAM to receive the entire update, checksum, and then flash. It needs to stream to flash. So the checksum is either checked after flashing, after which it's too late to go back, or it's checked by the EC during boot, which is again too late.
There are better ways of doing this, but based on the article it seems the EC didn't implement them.
(1) We know this because the checksums are calculated on the decrypted image, and only the EC has the keys to decrypt the image.
Well this is very interesting- I had no idea there was a BMC-like embedded controller for laptops. There is a standard way to update the BMC firmware: "ipmitool hpm upgrade". Also sometimes the server will have a JTAG header or even a socket for the flash chip.
[+] [-] yason|10 years ago|reply
I haven't let go of the 80's and I still think if you buy a car, phone, laptop, compact disc or a video disc, then it's yours because you paid for it in your own money. From that standpoint it's simply inexcusable for manufacturers to try to re-own parts of a device they've already sold to someone.
[+] [-] nine_k|10 years ago|reply
If a battery works with the laptop, it's guaranteed to be a tested compatible one. Quickly slapping up a counterfeit and selling it as a brand-name thing won't work.
A battery ua a critical device, prone to fires or blasts if made improperly. One such incident would significantly tarnish the brand. Thus the over-reaction.
I wish there wad an open spec for certified batteries, to allow for third-party fixes and replacements, though.
[+] [-] sathackr|10 years ago|reply
And then the user will sue Lenovo because Lenovo didn't tell him he couldn't put a Lenovo battery in it. Even though that has nothing to do with it, it will still cost Lenovo possibly millions in legal defense costs, unless they opt to settle out of court, and anyone who doesn't bother to learn the truth will simply conclude that Lenovo laptops are dangerous because one caught on fire.
It's the same reason McDonald's coffee cups now say "Caution: Contents Hot" on them.
[+] [-] tim333|10 years ago|reply
[+] [-] userbinator|10 years ago|reply
I suppose the whole "safety culture" around lithium cells in laptops has yet to change, but high-quality 18650 cells have been available on the open market for several years now, with all the accompanying products that use them (torches, vapes, power banks, etc.) The general public handling bare lion cells has increased significantly, whereas the amount of incidents related to cells catching fire etc. doesn't seem to have increased correspondingly. The majority seem to be from lipo "pouch cells" which are definitely far more fragile and less resistant to abuse. (They're also higher density = more energy to cause excitement when things go wrong, this is the type that's been causing the hoverboard fires.) 18650s are more robust and it's hard to cause a fire unless they're seriously abused (e.g. severe overcharge or physical damage.)
Given that you can buy empty power banks and add your own cells like this...
http://www.aliexpress.com/item/1Pc-6-X-18650-Battery-Case-Us...
...it's odd that I haven't found similar battery cases for laptops. (Or maybe they do exist and I'm just using the wrong keywords. If they do, please say so; that seems like a great product to have.)
[+] [-] Anechoic|10 years ago|reply
This may in part be due to certification and testing methodologies [0] for battery packs. The issue is that not all cells/battery packs go through this testing, so unless the batteries have been appropriately certified, there are restrictions on the handling and transportation of these batteries (for example non UN 38.3-rated cells are not allowed on planes [1]).
CE manufacturers test and certify the batteries in their products ([2], [3], [4] for example) which is why Amazon can ship them by air and passengers can carry them on planes. The issue is that 3rd party batteries may be uncertified and possibly unsafe. Lenovo doesn't want to take responsibility for an uncertified battery in one of their laptops downing an airliner [5] so they disallow the use of batteries they haven't certified. I doubt this is a nefarious scheme and more about potential liability.
(at my company we use lithium-ion battery packs for our field equipment and had to become very familiar with these issues when IATA promulgated their lithium/lithium-ion battery pack shipping rules a couple of years ago.
[0] http://phmsa.dot.gov/pv_obj_cache/pv_obj_id_D4B2D17039E70621...
[1] http://www.iata.org/whatwedo/cargo/dgr/Documents/lithium-bat...
[2] https://www.lenovo.com/lenovo/us/en/Lenovo_Battery_DoC_Lette...
[3] https://www.apple.com/legal/more-resources/docs/apple-produc...
[4] http://www.dell.com/downloads/global/corporate/environ/compl...
[5] http://news.yahoo.com/fires-involving-lithium-batteries-plan...
[+] [-] qb45|10 years ago|reply
[+] [-] Joeboy|10 years ago|reply
Lenovo laptops used to be awesome. I'm typing this on a T410 and I'd still recommend an old Lenovo laptop for lots of purposes. I've heard mostly bad things about their newer offerings.
[+] [-] pilif|10 years ago|reply
Of course there's also the aspect of securing margins on accessories, but there's also the aspect of making sure people's machines don't go up in flames or fail in ways that might trigger expensive repairs (which Lenovo will have to pay for if the device is still in warranty)
[+] [-] Symmetry|10 years ago|reply
[+] [-] davidovitch|10 years ago|reply
[+] [-] pedrocr|10 years ago|reply
[+] [-] xnzakg|10 years ago|reply
[+] [-] tim333|10 years ago|reply
Dunno about safe but I've bought maybe 5 unofficial replacement li ion batteries for thinkpads, 2 for the iphone and will probably get one for my macbook. It takes about 1 min - go on ebay click buy, arrives in the post. It's hard to get much simpler than that until this recent lock down stuff. I've had no problems except the cheap knock offs don't generally last quite as long as the originals did when new.
[+] [-] userbinator|10 years ago|reply
[+] [-] craig131|10 years ago|reply
> The last four bytes of the EC firmware image clearly appeared to be a checksum, and there were some other locations that consistently varied as well. I guessed (correctly) that if I programmed an image with the wrong checksums the EC would fail to boot and I would have a brick on my hands, so trial and error was not a very good option.
I was under the impression that the checksum is validated before flashing? Isn't that the primary purpose of checksums in ROM images?
[+] [-] fpgaminer|10 years ago|reply
There are better ways of doing this, but based on the article it seems the EC didn't implement them.
(1) We know this because the checksums are calculated on the decrypted image, and only the EC has the keys to decrypt the image.
[+] [-] jhallenworld|10 years ago|reply
[+] [-] otec|10 years ago|reply
[deleted]
[+] [-] deadgrey19|10 years ago|reply