New: Lenovo BIOS Updates for Intel Spectre and AMT Vulnerabilities

Lenovo BIOS Updates for Intel Spectre and AMT Vulnerabilities
Update vulnerable firmware as documented in Intel Security Advisory INTEL-SA-00088 and Intel-SA-00086

  • Log the BIOS version
  • Assess the vulnerability of the CPU and AMT firmware
  • Abort the firmware update if the system is not vulnerable
  • Check hardware compatibility
  • Suppress the BitLocker recovery prompt during the next reboot, only on BitLocker protected systems
    • The BitLocker recovery prompt is often triggered by BIOS and firmware updates
  • Reconfigure the BIOS installers for unattended installation
  • Install applicable firmware updates
  • Prompt to restart the computer, only in interactive mode

Supported Models
ThinkPad 25
ThinkPad P50
ThinkPad P50s
ThinkPad P51s
ThinkPad P70
ThinkPad T420
ThinkPad T420i
ThinkPad T420s
ThinkPad T420si
ThinkPad T430
ThinkPad T430i
ThinkPad T430s
ThinkPad T430s
ThinkPad T430si
ThinkPad T430si
ThinkPad T440
ThinkPad T440p
ThinkPad T440s
ThinkPad T450 
ThinkPad T450s
ThinkPad T460
ThinkPad T460p
ThinkPad T460s
ThinkPad T470
ThinkPad T470s
ThinkPad T520
ThinkPad T520i
ThinkPad T530
ThinkPad T530i
ThinkPad T540p
ThinkPad T550
ThinkPad T560
ThinkPad T570
ThinkPad W520
ThinkPad W530
ThinkPad W540
ThinkPad W541
ThinkPad W550s
ThinkPad X1
ThinkPad X1 Carbon (1st Gen: 34xx)
ThinkPad X1 Carbon (2nd Gen: 20A7, 20A8)
ThinkPad X1 Carbon (3rd Gen: 20BS, 20BT)
ThinkPad X1 Carbon (4th Gen: 20FB, 20FC)
ThinkPad X1 Carbon (5th Gen: 20K3, 20K4, 20HQ, 20HR)
ThinkPad X1 Hybrid
ThinkPad X1 Yoga (1st Gen: 20FQ, 20FR)
ThinkPad X1 Yoga (2nd Gen: 20JD, 20JE, 20JF, 20JG)
ThinkPad X220
ThinkPad X220 Tablet
ThinkPad X220i
ThinkPad X220i Tablet
ThinkPad X230
ThinkPad X230 Tablet
ThinkPad X230i
ThinkPad X230i Tablet
ThinkPad X240
ThinkPad X240s
ThinkPad X250
ThinkPad X260
ThinkPad X270
Command line arguments
<none> - Minimally interactive install
/u - Unattended install
/s - Silent install
Exit codes
324 - Aborting the mitigation steps because the risk assessment returned "Check with OEM".  Are we missing Intel AMT/MEI/SOL drivers?
325 - Failed to read the assessment results
Common exit codes