androdev Posted June 7, 2012 Share Posted June 7, 2012 AMI Aptio Native SpeedStep UEFI Modding detailed guide with all essential tools (works on all latest Sandy Bridge motherboards and notebooks) Hi everyone. I'm here to share my bios modding experience. It was a long road before I had a native speedstep. I want to thank dgsga in general for his bios unlock guide, as mine is fully based on it. I also thank carlicous for his great post http://forum.noteboo...88-post141.html up here, explaining UEFI bios MSRs modding. It was a pleasure working with guides from applelife.ru (hi Clover EFI!) and http://www.insanelym...howtopic=271573 Dell guide from Mohamed Khairy (IDT Apple HDA!). I would never change my opinion now: 15R is most hackintoshable notebook I ever had. Thank you all! Lets start with the tools you need. It's basically: - Latest (A10 on the moment) bios package from Dell site. Simply unpack the ROM file: C:\Users\Владислав>cd "C:\Users\Владислав\Desktop\Dell 15R UEFI" C:\Users\Владислав\Desktop\Dell 15R UEFI>N5110A10.exe /writeromfile - Latest Phoenix Tool (202 included) - Latest MMTool (or not latest, not important in fact, 4.50 is here) - objdump tool - HEX Editor (included one for you) - Flash tool I created an archive which I upload for you, with all essential tools included. I do not upload a modded bios as it's your responsibility if you brick something. Dell 15R UEFI.zip The process itself: 1. Start Phoenix Tool and select your ROM file. It has some information for you, press OK twice. Do not close it just now. 2. Use MMTool to locate your PowerManagement module. It's confirmed to have GUID 8C783970-F02A-4A4D-AF09-8797A51EEC8D for all latest Aptio bioses. 3. Find this file (choose the largest one, mine is 16Kb), copy to another place and disassemble it: C:\Users\Владислав>cd "C:\Users\Владислав\Desktop\Dell 15R UEFI" C:\Users\Владислав\Desktop\Dell 15R UEFI>objdump -m i386 -b binary -D 8C783970-F 02A-4A4D-AF09-8797A51EEC8D_1_276.ROM > PowerManagement.asm 4. Take a look at the code in output file. We need to unlock bit 15 of MSR 0xE2. The 0xf is lock bit. Search for 0f ba e8 0f and look above for mov $0xe2,%ecx This is the place we need to mod. 5. As dgsga explains, we need to jump unconditionnaly, not allowing the setting of bit lock. The requied change is jne 0x2748 to jmp 0x2748 6. This is a code from my bios in fact: 2724: b9 e2 00 00 00 mov $0xe2,%ecx 2729: e8 8e 09 00 00 call 0x30bc 272e: 48 dec %eax 272f: 89 44 24 30 mov %eax,0x30(%esp) 2733: 0f ba f0 0f btr $0xf,%eax 2737: 89 44 24 30 mov %eax,0x30(%esp) 273b: 80 fb 01 cmp $0x1,%bl 273e: 75 08 jne 0x2748 2740: 0f ba e8 0f bts $0xf,%eax 2744: 89 44 24 30 mov %eax,0x30(%esp) Open hex edit and patch the module file with 75 08 0F BA E8 0F 89 44 24 30 to EB 08 0F BA E8 0F 89 44 24 30 and click on save. 7. Get back to Phoenix. Select Dell as manufacturer. In advanced tab tick Allow user to modify other modules No SLIC and finally press Go. 8. It will ask you to perform your modifications to modules. Replace the module in DUMP folder with your edited one. Press OK. 8. It will create a new bios file, which you only left to flash. The flash tool is included. Everything is done on Windows 8 Release Preview running in native mode. Link to comment Share on other sites More sharing options...
androdev Posted June 7, 2012 Author Share Posted June 7, 2012 Updated with tools Link to comment Share on other sites More sharing options...
hisho Posted June 7, 2012 Share Posted June 7, 2012 it worked great,thanks the laptop seems faster Link to comment Share on other sites More sharing options...
Recommended Posts