Jump to content

[UEFIPatch] UEFI patching utility


CodeRush
1,981 posts in this topic

Recommended Posts

Now the motherboard will not read the patched file from the usb stick

It's normal. Use FTK toolset linked above to flash this patched BIOS.

Download FTK for Windows, unpack it, rename your patched BIOS file to bios.bin, copy it to FTK/Win32 or FTK/Win64 folder and run biosrefl.bat as Administrator. Then run poweroff.bat as Administrator.

Link to comment
Share on other sites

@CodeRush,

 

Tried and looks like the flashing failed:

 

 

Platform: Intel(R) HM65 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid
   --- Flash Devices Found ---
   W25Q32BV    ID:0xEF4016    Size: 4096KB (32768Kb)
PDR Region does not exist.
GBE Region does not exist.
- Erasing Flash Block [0x200000] -  20% complete.
Error 7: Hardware sequencing failed. Make sure that you have access to target fl
ash area!
Trying to erase the same block (iteration: 2)
Error 7: Hardware sequencing failed. Make sure that you have access to target fl
ash area!
Trying to erase the same block (iteration: 3)
Error 7: Hardware sequencing failed. Make sure that you have access to target fl
ash area!
Failed to erase this block 3 times!!
Flashing modified BIOS failed. Please report in PMPatch topic on InsanelyMac.com
forum. Exiting.
Press any key to continue . . .
PowerManagement Autopatcher v0.1
This program will dump your BIOS region,
patch it with PMPatch and flash the resulting file back to BIOS chip.
WARNING: BIOS flashing is dangerous and requires exclusive access to SPI chip.
Please disable any antivirus software,
virtualisation or sandboxing tools before running this batch file.
Press any key to continue if you are ready.
Press any key to continue . . .
Reading BIOS dump to dump.bin file.
Intel (R) Flash Programming Tool. Version:  8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.
Platform: Intel(R) HM65 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid
   --- Flash Devices Found ---
   W25Q32BV    ID:0xEF4016    Size: 4096KB (32768Kb)

- Reading Flash [0x400000] 2560KB of 2560KB - 100% complete.
Writing flash contents to file "dump.bin"...
Memory Dump Complete
FPT Operation Passed
Patching dump.bin with PMPatch
PMPatch 0.5.10
PowerManagement modules not found.
Trying to apply patch #1
Nested PowerManagement module at 00A480EC patched.
AMI nest module at 000B7720 patched.
Phoenix nest modules not found.
CpuPei module at 0027C2C0 not patched: Patch pattern not found.
Output file generated.
Flashing modified BIOS dump to BIOS chip
Intel (R) Flash Programming Tool. Version:  8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.
Platform: Intel(R) HM65 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid
   --- Flash Devices Found ---
   W25Q32BV    ID:0xEF4016    Size: 4096KB (32768Kb)
PDR Region does not exist.
GBE Region does not exist.
- Erasing Flash Block [0x200000] -  20% complete.
Error 7: Hardware sequencing failed. Make sure that you have access to target fl
ash area!
Trying to erase the same block (iteration: 2)
Error 7: Hardware sequencing failed. Make sure that you have access to target fl
ash area!
Trying to erase the same block (iteration: 3)
Error 7: Hardware sequencing failed. Make sure that you have access to target fl
ash area!
Failed to erase this block 3 times!!
Flashing modified BIOS failed. Please report in PMPatch topic on InsanelyMac.com
forum. Exiting.
Press any key to continue . . .

Link to comment
Share on other sites

It was too late and I lucked in. It booted fine. I tried to use winflash from ASus website and it would not let me install a stock rom because of the differences of the rom and file.

 

So I booted into the Bios and used EASY FLASH and installed the stock rom.

 

I went one step further and used EASY FLASH to update to the patched rom and it works!!!

 

I can boot now without a speedstep patched AICPM kext.

 

Thanks so much!!

 

What exactly will the procedure you mentioned do?

 

EDITED:

 

Could I still be in danger or I am past that stage? In other words if I take out the battery and let all the Caps discharge could I run into an issue or am I safe now?

 

Did you still want to remote in and check it out?

  • Like 1
Link to comment
Share on other sites

You are a lucky one. It seems that only NVRAM is writable and other BIOS addresses are protected by some non-standard protection, so FPT can't write to that space. Normally errors like that lead to BIOS corruption, but this time all things went OK.

Thanks again for testing. I think I must remove PMAP from public access, because too many system have issues and it can lead to bricked machine too easy.

 

UPD: Removed. Sorry for posting it too early.

 

You are fine now, no need to do anything else.

Link to comment
Share on other sites

This is why I never have been able to modify the CpuPei module as many others were able to do so on their desktop motherboards from the speedstep forum. It looks like the power management module was nested? I know I looked in all the modules in the past and never was able to find the patch areas that others were able to do using hex editors etc. So my patched Bios takes care any and all possible

locking MSR 0xE2's? I do not have any new menus in the Bios that I can see.

 

 

Nested PowerManagement module at 00F900EC patched

AMI nest module at 000B7720 patched.

Phoenix nest modules not found.

CpuPei module at 0027C2C0 not patched: Patch pattern not found.

Output file generated.

 

 

Thanks Again!!

Link to comment
Share on other sites

There are different approaches to BIOS compression between vendors.

ASUS desktop boards (AMI) use Tiano compression and every EFI module is compressed on it's own.

ASUS laptop boards (AMI) use Tiano and one big nest module, to which a half of BIOS is compressed.

MSI desktop boards (AMI) use LZMA and compression for every module.

ASRock desktop boards (AMI) use LZMA and nest module.

Phoenix and InsydeH2O are using LZMA and/or Tiano combined with nest module (or even nest module inside another nest module, WNTGD.jpg :)).

Phoenix SCT 2.0 on Dell machines are using nest module inside of RAW file.

 

Normally there is only one place in BIOS that sets the lock up, so if was patched and boots - it must work. There is no additional menus or something for AMI BIOSes, just a PM patch.

 

pere, here is your patched BIOS.

This "illegal instruction" bug is present because I only have 10.8.2 and Apple sucks at backward compatibility.

Install GCC 4.7 from homebrew or macports and CMake from official site and build your own 10.6.x-compatible version of PMPatch, if you wish.

  • Like 1
Link to comment
Share on other sites

Try on VAIO SVS bios :

 

vaio$ PMPatch R2087H4.ROM R2087H4_pmpatched.ROM

PMPatch 0.5.10

PowerManagement modules not found.

AMI nest modules not found.

Trying to apply patch #1

Nested PowerManagement2.efi module at 0099816A not patched: Unknown module state.

Nested PowerManagement2.efi module at 00B308C8 patched.

Phoenix nest module at 000A0048 patched.

CpuPei modules not found.

Output file generated.

vaio$

 

Seems OK, no ?

 

So now, need to flash and try....

Link to comment
Share on other sites

CodeRush, big success here.

 

Flashed the bios you patched for me and i was able to successfully use native powermanagement on ML.

 

Also used your app on ML, and as you said, it works perfectly.

 

I will update my blog with this big news for Toshiba SandyBridge Laptops users.

 

Thanks so much.

 

Capture.png

  • Like 1
Link to comment
Share on other sites

There is little to no difference between AMI BIOSes on modern ASUS desktops and ASUS laptops, so I can't see why it won't work.

The main problem is again with flashing, because EZ Flash or BUpdater can refuse to flash a modified BIOS and I don't know how to bypass that protection, but there is a way to integrate a patch into BIOS without taking much risk:

1. Download Intel Flash Programming Tool compatible with your laptop. You can try FPT v8 (99% chance to work) from my FTK toolset.

2. If you are using FTK, go to Win32 or Win64 folder and run biosbkp.bat as Administrator using right-click menu.

3. I'm assuming you can boot to Windows on your laptop, if not - here is an image of DOS-bootable USB-Flash with FTK, that can be written with dd, named FTK_x.y.z_bin.zip.

4. Anyway, run Command Prompt as Administrator and cd to FTK/Win32 or FTK/Win64 folder.

5. Enter fpt -bios -d bck.bin command, if it ends with green "FPT Operation Passed" message - you have now a dump of your BIOS region.

6. Patch this dump file with PMPatch, producing bck.mod file. Copy that modified file to FTK/Win32 or FTK/Win64 folder.

7. Flash your modified dump back by executing fpt -bios -f bck.mod command. If it doesn't fails and green "FPT Operation Passed" message is present - you are done.

8. Reboot and see what happens. I can't guarantee anything, but there is only a little chance of fail, as I see it.

You can try it on your desktop board first to see it working.

I'm thinking about an automated solution for that, because it's easy to a write a batch file for doing all of that things in one seat. Will do it a bit later when I have more time for programming.

 

Thanks so much! I'll have a gander when I have some free time. I appreciate all your help.

Link to comment
Share on other sites

I don't know an OS X tool able to read MSRs, but checking if this patch works is rather simple: boot without NullCPUPM.kext and with vanilla AppleIntelCPUPM.kext. If it boots - it works.

No vendor except Gigabyte has balls to modify standard PowerManagement module code, that is why there is one patch for like 95% boards on the market.

So if your BIOS is patched, flashed and boots - native PM will work.

Link to comment
Share on other sites

There is little to no difference between AMI BIOSes on modern ASUS desktops and ASUS laptops, so I can't see why it won't work.

The main problem is again with flashing, because EZ Flash or BUpdater can refuse to flash a modified BIOS and I don't know how to bypass that protection, but there is a way to integrate a patch into BIOS without taking much risk:

1. Download Intel Flash Programming Tool compatible with your laptop. You can try FPT v8 (99% chance to work) from my FTK toolset.

2. If you are using FTK, go to Win32 or Win64 folder and run biosbkp.bat as Administrator using right-click menu.

3. I'm assuming you can boot to Windows on your laptop, if not - here is an image of DOS-bootable USB-Flash with FTK, that can be written with dd, named FTK_x.y.z_bin.zip.

4. Anyway, run Command Prompt as Administrator and cd to FTK/Win32 or FTK/Win64 folder.

5. Enter fpt -bios -d bck.bin command, if it ends with green "FPT Operation Passed" message - you have now a dump of your BIOS region.

6. Patch this dump file with PMPatch, producing bck.mod file. Copy that modified file to FTK/Win32 or FTK/Win64 folder.

7. Flash your modified dump back by executing fpt -bios -f bck.mod command. If it doesn't fails and green "FPT Operation Passed" message is present - you are done.

8. Reboot and see what happens. I can't guarantee anything, but there is only a little chance of fail, as I see it.

You can try it on your desktop board first to see it working.

I'm thinking about an automated solution for that, because it's easy to a write a batch file for doing all of that things in one seat. Will do it a bit later when I have more time for programming.

 

Would there be any harm in running PMAP first?

Link to comment
Share on other sites

taney, PMAP does the same thing automatically, but you don't have any time to react if anything went wrong. Especially if Error 7 will be produced right after erasing BIOS. I don't wand to brick your laptop in any way, so it's better to do things manually and see what happens.

 

pere, thank you for testing.

I'm developing 0.6 branch now, that uses EFI filesystem traversal instead of pattern matching to find nest and PM modules, so errors like "Unknown module state" that is on your screenshot will be no more.

InsydeH2O BIOSes have a module that has UUIDs of other modules (including PM) inside. This module is not compressed and often lays before actual PM module, that is why it's this error is produced.

I'm adding Toshiba (InsudeH2O) to list of tested configurations.

  • Like 1
Link to comment
Share on other sites

taney, PMAP does the same thing automatically, but you don't have any time to react if anything went wrong. Especially if Error 7 will be produced right after erasing BIOS. I don't wand to brick your laptop in any way, so it's better to do things manually and see what happens.

 

pere, thank you for testing.

I'm developing 0.6 branch now, that uses EFI filesystem traversal instead of pattern matching to find nest and PM modules, so errors like "Unknown module state" that is on your screenshot will be no more.

InsydeH2O BIOSes have a module that has UUIDs of other modules (including PM) inside. This module is not compressed and often lays before actual PM module, that is why it's this error is produced.

I'm adding Toshiba (InsudeH2O) to list of tested configurations.

 

That makes sense. Awesome! Thanks so much for your hard work. Really appreciate it!

Link to comment
Share on other sites

patching the newest Zotac Z77-ITX BIOS...

 

 

PMPatch 0.5.10

PowerManagement modules not found.

Trying to apply patch #1

Nested PowerManagement module at 00AA1DE4 patched.

Gap module inserted after repacked module.

AMI nest module at 00550048 patched.

Phoenix nest modules not found.

CpuPei module at 0079F380 not patched: Patch pattern not found.

Output file generated.

admin:~ admin$ thanx CodeRush!

-bash: thanx: command not found

Link to comment
Share on other sites

×
×
  • Create New...