Jump to content

[UEFIPatch] UEFI patching utility


CodeRush
1,981 posts in this topic

Recommended Posts

ctroncosor, I can't be fixed because it wasn't broken at the first place.

You need SPI programmer to dump your BIOS chip, patch this dump with PMPatch and flash it back. That is the only working way I know for Intel BIOS mods.

Link to comment
Share on other sites

ctroncosor,

 

if you have linux, you can try to dump the rom with flashrom, upload a rom dump and logfile

create a logfile with

 

flashrom -p internal -VV >flashlog.txt

 

create the dump with

 

flashrom -p internal:laptop=this_is_not_a_laptop -r backup.rom

 

let's see what's inside. The flashlog will show if there's any kind of bios write protection enabled.

It can be done from a live-cd / stick too ;)

Link to comment
Share on other sites

Ok when you have time could you look at it because when i tras about this i read it was rather dangerous.

 

ctroncosor:

 

I went through this with my Haswell (Intel) motherboard. I was successful as I documented here but it is definitely not the easiest thing to do. 

  • Like 1
Link to comment
Share on other sites

Motherboard : Asrock B85M-ITX

 

Update : New version 2.0 BIOS have MSR unlocked - http://www.asrock.com/mb/Intel/B85M-ITX/?cat=Download&os=BIOS

 

BIOS : 1.90 ( http://www.asrock.com/mb/Intel/B85M-ITX/?cat=Download&os=BIOS )

 

--------------

*credit to Mr. Light Server System post #772

Flash the original 1.90 bios first from asrock! and then flash the patched bios with DOS!

Flashed with AMIBIOS Flash Utility ( http://www.ami.com/Support/amibiossupport/ )

with AFUDOS utility From Aptio folder :

make a usb freedos bootable disk with Rufus : http://rufus.akeo.ie/
copy afudos from Aptio folder there and

  Backup: AFUDOS bios.bin /o

  boot to windows and patch the file with : pmpatch bios.bin bios-pmpatched.bin
 
  boot to dos again and apply: AFUDOS bios-pmpatched.bin /gan

(i have not tried to install osx yet but the bios patched and flashed OK) - *** update : tested works :)


*****************************

IF YOU TRY TO FLASH BACK THE BIOS WITH WINDOWS IT WILL BRICK YOUR MOTHERBOARD!!

i tried on windows 8,1 with afuwinx64.exe and windows crashes in the middle of bios erasing!
after reboot i had a black screen with no post!

but found that you can still save the motherboard (after i got the fear from black screen alright...)

copy with another computer the InstantFlash Bios file from asus to the freedos bootable
usb stick that you create with Rufus , insert it to the motherboard usb 2.0 slot of the dead computer,
turn it on and will be flashed back, thanks to asrock for this undocumented feature

(its good to have your hdd disconnected during the boot).
 




 

  • Like 1
Link to comment
Share on other sites

Hello, i flashed modified firmware on P8H77V-LE, and it has bricked, and i recovered it only with a help of hardware programmer. I used afuwin method (Backup: AFUwin bios.bin /o; patch the file with : pmpatch bios.bin bios-pmpatched.bin; apply: AFUwin bios-pmpatched.bin /gan). Which method should i use now to patch my bios now and dont brick my m\b again?

Link to comment
Share on other sites

edward_ntn,  programmer is always an option.

AFU /GAN isn't a reliable method, I know, but it's the only method that just works (or just doesn't in your case). You can try to remove SMI Lock and BIOS Lock using AMIBCP, transfer your board data with FD44Editor (or FD44Copier) and then flash the resulting BIOS on a programmer. After that, you can use FPT or any other flasher, but remember to remove that lock in every new image, so they remain disabled after reflash.  

Link to comment
Share on other sites

edward_ntn,  programmer is always an option.

AFU /GAN isn't a reliable method, I know, but it's the only method that just works (or just doesn't in your case). You can try to remove SMI Lock and BIOS Lock using AMIBCP, transfer your board data with FD44Editor (or FD44Copier) and then flash the resulting BIOS on a programmer. After that, you can use FPT or any other flasher, but remember to remove that lock in every new image, so they remain disabled after reflash.  

 

I found another option for AMI Aptio : ) suggested and more reliable:

 

SCEWIN_64 /o /s nvram.txt /h Hii.db /v /q

 

open the extracted nvram.txt with notepad++ and search for

 

Setup Question    = SMI Lock

Token    =78    // Do NOT change this line

Offset    =88

Width    =01

BIOS Default    =[01]Enabled

Options    =[00]Disabled    // Move "*" to the desired Option

         *[01]Enabled

 

Setup Question    = BIOS Lock

Token    =79    // Do NOT change this line

Offset    =89

Width    =01

BIOS Default    =[00]Disabled

Options    =*[00]Disabled    // Move "*" to the desired Option

         [01]Enabled

 

Setup Question    = GPIO Lock

Token    =7A    // Do NOT change this line

Offset    =8A

Width    =01

BIOS Default    =[00]Disabled

Options    =*[00]Disabled    // Move "*" to the desired Option

         [01]Enabled

 

Setup Question    = BIOS Interface Lock

Token    =7B    // Do NOT change this line

Offset    =8B

Width    =01

BIOS Default    =[00]Disabled

Options    =*[00]Disabled    // Move "*" to the desired Option

         [01]Enabled

 

on my P8Z77-V LX the options appear twice, so you'll have to change it twice.

As explained in the dump move the wildcard (*) to the required option and change Default from

 

BIOS Default    =[01]Enabled to

BIOS Default    =[00]Disabled

 

save the nvram.txt and flash back with command

 

SCEWIN_64 /i /s nvram.txt

 

afterwards I do a globalreset with,

 

fpt -greset

 

it maybe an important step!

 

tested succesfully from linux with flashrom.

 

best regards

  • Like 10
Link to comment
Share on other sites

Huge thanks for this. Will be tested and linked in FAQ ASAP.

 

Found chipset "Intel Z77" with PCI ID 8086:1e44. Enabling flash write... Root Complex Register Block address = 0xfed1c000

GCS = 0xc64: BIOS Interface Lock-Down: disabled, Boot BIOS Straps: 0x3 (SPI)

Top Swap : not enabled

...

 

Maximum FWH chip size: 0x100000 bytesSPI Read Configuration: prefetching enabled, caching enabled,

BIOS_CNTL = 0x09: BIOS Lock Enable: disabled, BIOS Write Enable: enabled

SPIBAR = 0x00007f09fb9c7000 + 0x3800

0x04: 0xe008 (HSFS)

HSFS: FDONE=0, FCERR=0, AEL=0, BERASE=1, SCIP=0, FDOPSS=1, FDV=1, FLOCKDN=1

Reading OPCODES... done

OP Type Pre-OP

op[0]: 0x02, write w/ addr, none

op[1]: 0x03, read w/ addr, none

op[2]: 0x20, write w/ addr, none

op[3]: 0x05, read w/o addr, none

op[4]: 0x9f, read w/o addr, none

op[5]: 0x01, write w/o addr, none

op[6]: 0x00, read w/o addr, none

op[7]: 0x00, read w/o addr, none

Pre-OP 0: 0x06, Pre-OP 1: 0x00

0x06: 0x0000 (HSFC)

HSFC: FGO=0, FCYCLE=0, FDBC=0, SME=0

0x08: 0x00000000 (FADDR)

0x50: 0x0000ffff (FRAP)

BMWAG 0x00, BMRAG 0x00, BRWA 0xff, BRRA 0xff

0x54: 0x00000000 FREG0: Flash Descriptor region (0x00000000-0x00000fff) is read-write.

0x58: 0x07ff0180 FREG1: BIOS region (0x00180000-0x007fffff) is read-write.

0x5C: 0x017f0001 FREG2: Management Engine region (0x00001000-0x0017ffff) is read-write.

0x60: 0x00001fff FREG3: Gigabit Ethernet region is unused.

0x64: 0x00001fff FREG4: Platform Data region is unused.

0x74: 0x00000000 (PR0 is unused)

0x78: 0x00000000 (PR1 is unused)

0x7C: 0x00000000 (PR2 is unused)

0x80: 0x00000000 (PR3 is unused)

0x84: 0x00000000 (PR4 is unused)

0x90: 0x84 (SSFS)

SSFS: SCIP=0, FDONE=1, FCERR=0, AEL=0

0x91: 0xf94240 (SSFC)

SSFC: SCGO=0, ACS=0, SPOP=0, COP=4, DBC=2, SME=0, SCF=1

0x94: 0x0006 (PREOP)

0x96: 0x043b (OPTYPE)

0x98: 0x05200302 (OPMENU)

0x9C: 0x0000019f (OPMENU+4)

0xA0: 0x00000000 (BBAR)

0xC4: 0x00802005 (LVSCC)

LVSCC: BES=0x1, WG=1, WSR=0, WEWS=0, EO=0x20, VCL=1

0xC8: 0x00002005 (UVSCC)

UVSCC: BES=0x1, WG=1, WSR=0, WEWS=0, EO=0x20, VCL=0

0xD0: 0x00000000 (FPB)

...

=== Region Section ===

FLREG0   0x00000000

FLREG1   0x07ff0180

FLREG2   0x017f0001

FLREG3   0x00001fff

FLREG4   0x00001fff

 

--- Details ---

Region 0 (Descr.) 0x00000000 - 0x00000fff

Region 1 (BIOS  ) 0x00180000 - 0x007fffff

Region 2 (ME    ) 0x00001000 - 0x0017ffff

Region 3 (GbE   ) is unused.

Region 4 (Platf.) is unused.

 

=== Master Section ===

FLMSTR1  0xffff0000

FLMSTR2  0xffff0000

FLMSTR3  0xffff0118

 

--- Details ---

      Descr. BIOS ME GbE Platf.

BIOS    rw    rw  rw  rw   rw

ME      rw    rw  rw  rw   rw

GbE     rw    rw  rw  rw   rw

 

OK.

The following protocols are supported: FWH, SPI.

 

full dump attached :)

lockstats.txt

Link to comment
Share on other sites

Thats a remarkable breakthrough in removing the bios region lock @Mr. Light Server System

Wish more people were *an adventurer like you* and never *took an arrow in the knee* ;)

 

Thanks, I own two spi flashers, a self-soldered rayer_spi and a TIAO USB Multi Protocol Adapter,

so I can try everything at home without taking any risk, but however I'd wait first for success reports on Z87 boards.

  • Like 1
Link to comment
Share on other sites

×
×
  • Create New...