AMI Aptio Native SpeedStep UEFI Modding
detailed guide with all essential tools
(works on all latest Sandy Bridge motherboards and notebooks)
Hi everyone. I'm here to share my bios modding experience. It was a long road before I had a native speedstep. I want to thank dgsga in general for his bios unlock guide, as mine is fully based on it. I also thank carlicous for his great posthttp://forum.noteboo...88-post141.html
up here, explaining UEFI bios MSRs modding. It was a pleasure working with guides from applelife.ru (hi Clover EFI!) andhttp://www.insanelym...howtopic=271573
Dell guide from Mohamed Khairy (IDT Apple HDA!). I would never change my opinion now: 15R is most hackintoshable notebook I ever had. Thank you all!
Lets start with the tools you need. It's basically:
- Latest (A10 on the moment) bios package from Dell site. Simply unpack the ROM file:
C:\Users\Владислав>cd "C:\Users\Владислав\Desktop\Dell 15R UEFI" C:\Users\Владислав\Desktop\Dell 15R UEFI>N5110A10.exe /writeromfile- Latest Phoenix Tool (202 included)
- Latest MMTool (or not latest, not important in fact, 4.50 is here)
- objdump tool
- HEX Editor (included one for you)
- Flash tool
I created an archive which I upload for you, with all essential tools included. I do not upload a modded bios as it's your responsibility if you brick something.
Dell 15R UEFI.zip 9.45MB 218 downloads
The process itself:
1. Start Phoenix Tool and select your ROM file. It has some information for you, press OK twice. Do not close it just now.
2. Use MMTool to locate your PowerManagement module. It's confirmed to have GUID
for all latest Aptio bioses.
3. Find this file (choose the largest one, mine is 16Kb), copy to another place and disassemble it:
C:\Users\Владислав>cd "C:\Users\Владислав\Desktop\Dell 15R UEFI" C:\Users\Владислав\Desktop\Dell 15R UEFI>objdump -m i386 -b binary -D 8C783970-F 02A-4A4D-AF09-8797A51EEC8D_1_276.ROM > PowerManagement.asm
4. Take a look at the code in output file. We need to unlock bit 15 of MSR 0xE2. The 0xf is lock bit. Search for
0f ba e8 0fand look above for
mov $0xe2,%ecxThis is the place we need to mod.
5. As dgsga explains, we need to jump unconditionnaly, not allowing the setting of bit lock.
The requied change is
6. This is a code from my bios in fact:
2724: b9 e2 00 00 00 mov $0xe2,%ecx 2729: e8 8e 09 00 00 call 0x30bc 272e: 48 dec %eax 272f: 89 44 24 30 mov %eax,0x30(%esp) 2733: 0f ba f0 0f btr $0xf,%eax 2737: 89 44 24 30 mov %eax,0x30(%esp) 273b: 80 fb 01 cmp $0x1,%bl 273e: 75 08 jne 0x2748 2740: 0f ba e8 0f bts $0xf,%eax 2744: 89 44 24 30 mov %eax,0x30(%esp)Open hex edit and patch the module file with
75 08 0F BA E8 0F 89 44 24 30to
EB 08 0F BA E8 0F 89 44 24 30and click on save.
7. Get back to Phoenix. Select Dell as manufacturer. In advanced tab tick
Allow user to modify other modules No SLICand finally press Go.
8. It will ask you to perform your modifications to modules. Replace the module in DUMP folder with your edited one. Press OK.
8. It will create a new bios file, which you only left to flash. The flash tool is included.
Everything is done on Windows 8 Release Preview running in native mode.