Intel's workstation laptop processors run hot. In the past, one way to prevent constant throttling and heat soaking your cooling system used to be undervolting. Then people discovered undervolting could in some scenarios trigger errors in calculations, but nobody cared. Until researchers showed it could also be used to leak secrets from SGX security enclaves, which is used in some DRM solutions, and Intel responded by recommending all the firmware and laptop vendors locked down undervolting.
Most vendors followed Intels recommendation, and as a result on most 8th, 9th, 10th and 11th generation processors, undervolting is disabled by default.
But, in some cases this ability can be restored by changing two (typically hidden) UEFI settings, called CFG Lock and Overclocking Lock (despite the name, disabling the overclocking lock will not let you overclock non-K variants of Intels processors. Sorry to disappoint).
On this page, I'll provide step-by-step instructions to find and change this setting on your system using only open-source tools running on Linux (or UEFI). I've succesfully used this method on several laptops, mostly from Dell, running 8th, 9th and 11th gen processors. I've also run into some (mostly ThinkPads from Lenovo) which were locked down in a way I was unable to bypass, so your mileage may vary.
This method persists across BIOS updates, so you really should only have to do this whole song and dance once.
Maybe it just works for you? Try to undervolt your processor using intel-undervolt:
Edit /etc/intel-undervolt.conf to contain some undervolt settings, for example undervolt CPU, cache and GPU by 50mV:
undervolt 0 'CPU' -50
undervolt 1 'GPU' -50
undervolt 2 'CPU Cache' -50
Note: make sure NOT to enable the intel-undervolt.service or intel-undervolt-loop.service systemd units, or any other method of applying these settings at start up until your are certain that your system is stable enough to boot and edit these values again. I recommend running a benchmark to stress the CPU after succesfully changing the undervolt settings to make sure you have a stable system.
Apply these settings:
sudo intel-undervolt apply
If this works, your firmware vendor has not locked undervolting on your system, and you can just not worry about all the other steps and enjoy your unlocked firmware.
Download https://www.intel.com/content/www/us/en/download/19392/intel-converged-security-and-management-engine-version-detection-tool-intel-csmevdt.html
Run the tool and check Intel ME version:
*** Intel(R) ME Information ***
Engine: Intel(R) Converged Security and Management Engine
Version: 15.0.45.2411
Download the CSME System Tools for your version (in my case, 15.0) from Level1Techs
Extract and run the FPT binary (found under Flash Programming Tool/LINUX64 in the archive) to dump your BIOS to an image file:
chmod a+x FPT
sudo ./FPT -D bios_dump.rom -bios
Download UEFIExtract, UEFITool & UEFIFind from github.com/LongSoft/UEFITool
Open bios_dump.rom in uefitool:
./uefitool bios_dump.rom
Search for text "overclocking lock"
Double click the search result, extract file "as is"
Next, we need to find out where our UEFI firmware stores the settings we're interested in changing. UEFI stores it's settings (and all the labels and descriptions for displaying them in menus) in UEFI Internal Form Representation, a binary format. We need to extract these forms from the file we created in step 2:
Download IFRExtractor from github.com/LongSoft/IFRExtractor-RS
Convert the ffs file generated above to text:
./ifrextractor File_DXE_driver_Setup_Setup.ffs
The relevant settings are called "Overclocking Lock" and "CFG Lock", so lets find them:
$ grep -i "Overclocking lock" File_DXE*.txt
File_DXE_driver_Setup_Setup.ffs.1.0.en-US.ifr.txt: OneOf Prompt: "Overclocking Lock", Help: "Enable/Disable Overclocking Lock (BIT 20) in FLEX_RATIO(194) MSR ", QuestionFlags: 0x10, QuestionId: 0x132, VarStoreId: 0x3, VarOffset: 0xDF, Flags: 0x10, Size: 8, Min: 0x0, Max: 0x1, Step: 0x0
$ grep -i "cfg lock" File_DXE*.txt
File_DXE_driver_Setup_Setup.ffs.1.0.en-US.ifr.txt: OneOf Prompt: "CFG Lock", Help: "Configure MSR 0xE2[15], CFG Lock bit", QuestionFlags: 0x10, QuestionId: 0x131, VarStoreId: 0x3, VarOffset: 0x43, Flags: 0x10, Size: 8, Min: 0x0, Max: 0x1, Step: 0x0
Note down the VarStoreId and VarOffset, in my case both are in VarStore 0x03, with offsets 0xDF and 0x43 respectively.
In step 4, we'll need the VarStore name to change the setting, so let's find that next. At the top of the file containing the settings, there's a list of the different VarStores in the IFR:
$ head -n20 File_DXE_driver_Setup_Setup.ffs.1.0.en-US.ifr.txt
Program version: 1.5.1, Extraction mode: UEFI
FormSet Guid: E14F04FA-8706-4353-92F2-9C2424746F9F, Title: "Intel Advanced Menu", Help: "Intel Advanced Menu Settings"
Guid Guid: 0F0B1735-87A0-4193-B266-538C38AF48CE, ExtendedOpCode: Class, Class: 0x2
Guid Guid: 0F0B1735-87A0-4193-B266-538C38AF48CE, ExtendedOpCode: SubClass, SubClass: 0x0
DefaultStore DefaultId: 0x0, Name: "Standard Default"
DefaultStore DefaultId: 0x1, Name: ""
VarStoreEfi Guid: 72C5E28C-7783-43A1-8767-FAD73FCCAFA4, VarStoreId: 0x2, Attributes: 0x7, Size: 0x44C, Name: "SaSetup"
VarStoreEfi Guid: 5432122D-D034-49D2-A6DE-65A829EB4C74, VarStoreId: 0x4, Attributes: 0x7, Size: 0x8F, Name: "MeSetup"
VarStoreEfi Guid: B08F97FF-E6E8-4193-A997-5E9E9B0ADB32, VarStoreId: 0x3, Attributes: 0x7, Size: 0x28E, Name: "CpuSetup"
VarStoreEfi Guid: 4570B7F1-ADE8-4943-8DC3-406472842384, VarStoreId: 0x5, Attributes: 0x7, Size: 0x7EC, Name: "PchSetup"
VarStoreEfi Guid: AAF8E719-48F8-4099-A6F7-645FBD694C3D, VarStoreId: 0x6, Attributes: 0x7, Size: 0x7, Name: "SiSetup"
VarStoreEfi Guid: EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9, VarStoreId: 0x1, Attributes: 0x7, Size: 0xAEC, Name: "Setup"
VarStore Guid: E770BB69-BCB4-4D04-9E97-23FF9456FEAC, VarStoreId: 0xF000, Size: 0x1, Name: "SystemAccess"
VarStoreEfi Guid: EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9, VarStoreId: 0x7, Attributes: 0x7, Size: 0x1, Name: "PciBusSetup"
VarStore Guid: EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9, VarStoreId: 0x100B, Size: 0xB1, Name: "SetupVolatileData"
VarStore Guid: E59376D7-2DD9-42A3-9EC8-1D71D5E3C1EC, VarStoreId: 0x8, Size: 0x2, Name: "OsProfile"
VarStore Guid: EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9, VarStoreId: 0x100C, Size: 0x2F, Name: "SetupCpuFeatures"
VarStore Guid: B08F97FF-E6E8-4193-A997-5E9E9B0ADB32, VarStoreId: 0x13BD, Size: 0x8, Name: "CpuSetupVolatileData"
VarStore Guid: EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9, VarStoreId: 0x13DC, Size: 0x2, Name: "TbtSetupVolatileData"
VarStore Guid: 5432122D-D034-49D2-A6DE-65A829EB4C74, VarStoreId: 0x1108, Size: 0x11, Name: "MeSetupStorage"
So VarStore 0x03 is named "CpuSetup" in this case.
To modify these hidden settings, we'll be booting into a UEFI shell and using setup_var.efi to modify the memory. Setting up a UEFI shell and adding extra executables can be somewhat of a hassle, so I've prepared a zip file for your convenience
Download setup_var_efi_boot_stick.zip
Format a USB stick to FAT32 (using the mkfs.vfat command or any tool you please) and extract the contents of the zipfile to the root of the stick, then boot from said stick.
Once booted, you should be presented with a UEFI shell prompt
From this prompt, run the following commands, substituting your offsets and VarStore name identified in the previous step:
fs0:
.\setup_var.efi CpuSetup:0xOffset1=0x0
.\setup_var.efi CpuSetup:0xOffset2=0x0
This should disable both locks and allow you to undervolt your processor. Try step 0 again and you shouldn't have more luck!
The filesystem might be different, depending on the order in which your storage devices were scanned by the UEFI firmware. You'll see a list of filesystems at the top of your screen when starting the prompt.
Here's a screenshot of the whole thing on my computer, taken using a Soviet era potato:
Note: if you run into an error with code 0x8 or GRUB_EFI_WRITE_PROTECTED, your firmware vendor has locked down these settings in way can't be circumvented by this method. Sorry.