[UEFIPatch] UEFI patching utility

[s0niqu3]

Here's an updated bios (0903) for Asus Maximus VI Impact if anyone cares to test it. Patched on windows 8 x64:

C:\...\Desktop\asus stuff>PMPatch MAXIMUS-VI-IMPACT-ASUS-0903.C
AP MAXIMUS-VI-IMPACT-ASUS-0903-PATCHED.CAP
PMPatch 0.5.13
PowerManagement modules not found.
PowerMgmtDxe/PowerManagement2.efi module at 002C21D0 patched.
AMI nest modules not found.
Phoenix nest modules not found.
CpuPei module at 0067E1C0 not patched: Patch pattern not found.
CpuPei module at 0077E1C0 not patched: Patch pattern not found.
Output file generated.

MAXIMUS-VI-IMPACT-ASUS-0903-PATCHED.CAP.zip

[nadia p.]

kenny, I have found the code that actially sets a locking bits, but there are no place to mod it, and it uses NVRAM to store default values anyway.

Thank you very much. :beer:

BIOS and SPI lock setup butes are definitely in NVRAM, storage "StdDefaults", variable name "Setup", offset 0xB0 (SMI) and 0xB1 (BIOS) from the beginning of storage.

That offsets are constant, because there is simply a storage of SB_SETUP_DATA structure.

If someone with ASUS Z87 board with UBF support willing to test the unlock - post here, I will make it.

 

Hi guys,

 

I have 2 new Z87 boards to help test with.

 

    1) Asus Z87-Pro / Part #: 90MB0DT0-M0AAY0

    2) Gigabyte GA-Z87X-UD5 TH / Part #: not sure sorry, it just arrived today.

 

I'd like to help offer doing what I can to help the cause.

 

I've used PMpatch to attempt to patch the Asus Z87-Pro bios 1504 and attempted to load it using the Asus Bios Flashback button and inserting the USB drive into the green bios port with the renamed file using Asus Bios Renamer utility. I'm unsure if it was actually loaded since I don't know how to tell.

 

I'm quite new at this but willing to do what I can if I can help you as well as others.

[cahhee]

Works on asrock b75m-dgs, had to use version .11 though, thanks for your work!

[SENTRy_SD]

Hej, hab es mal mit dem F.43 Bios meines HP ELitebook 2170p probiert, über FTK mit dem SPI-Unlock.

Benötigst Du die Datei auch?

Hej, I tried it with an Elitebook 2170p Bios Version F43, via FTK and the SPI-Unlock.

Do you need the file as well?

 

Regards Chris

 

 

hier das erste Ergebnis/this is the first result:

PMPatch 0.5.13

PowerManagement modules not found.

PowerMgmtDxe/PowerManagement2.efi modules not found.

AMI nest modules not found.

Trying to apply patch #1

Nested PowerMgmtDxe/PowerManagement2.efi module at 00D2C528 patched.

Segmentation fault: 11

das zweite (hab sudo vergessen)/the second (forgot to use sudo)

PMPatch 0.5.13

PowerManagement modules not found.

PowerMgmtDxe/PowerManagement2.efi modules not found.

AMI nest modules not found.

Trying to apply patch #1

Nested PowerMgmtDxe/PowerManagement2.efi module at 00D2C528 patched.

[amokk]

Hi Fix It Felix Jr.,

 

Just to report my Asus N550JV can be flashed with "afuwinx64 /gan" without the ami unlock.

Now, I can boot 10.8.5 without patched kernel!!!

 

Thank you for your help and CodeRush who create this great tool.

Thanks!!

I confirm that this works without issues on my Asus N550JV.

Thank you guys for great support and special thanks to CodeRush for his nice pmpatch tool!

[jeep_]

Is there something that I can do to investigate what is happening when I am trying to flash BIOS on Intel NUC D54250WYK.

 

On a Mac there is no output file:

$ sudo ./PMPatch WY0021.BIO WY0021i5.BIO
Password:
PMPatch 0.5.13PowerManagement modules not found.
PowerMgmtDxe/PowerManagement2.efi modules not found.
Trying to apply patch #1
Nested PowerMgmtDxe/PowerManagement2.efi module at 00577D34 patched.

With Windows there is a output file:

http://www.tonymacx86.com/hardware-parts/110898-haswell-nuc-technical-specs.html#post704656

 

When trying to flash, the NUC just reboots. 

 

WY0021x.bio.zip

[CodeRush]

SENTRy_SD, you shall not use FTK on non-ASUS boards, please use dump/patch/reflash strategy and external SPI-programmer, if possible. HP BIOSes are protected with digital signatures and therefore very hard to flash.

 

jeep_, same sh*t, different vendor. Look up in this topic, there was an example of successfull Intel flashing using RaspberryPi as external SPI flasher.

[Demonbane]

the patched bios can not be flashed in, my maschine is Acer V5-573G, do you have an idea what i supporse to do? 

 

Vielen Dank auf jeden Fall!

[mcsmart]

Oh nein, I guess I spoke too soon.

 

While the patching tool itself does, what it's supposed to do, I experienced one major drawback: It completely messed up the UEFI firmware on my MSI-H87M-G43.

 

Short story:

• I guess the NVRAM or (maybe?) other parts of the firmware might get corrupted

Long story:

• The board worked just as normal for a few days with the PMPatched firmware
• After rebooting from Windows I noticed that my "Linux Boot Manager" entry was missing in the F11 boot selection menu
• I thought: not a big deal, let's add it again with efibootmgr on Linux, which I did.
• I rebooted again, but it still was not there. This is where the odd part starts.
• I entered the UEFI firmare menu through the <DEL> key and I was shocked: almost all of the firmware options (system time, options for on-board devices, boot options, factory reset, etc.) were missing. Oh Nein!
• I disconnected the power, let it sit there for a while and turned it back on. Now I could not even get into the UEFI firmware with <DEL>. It was just stuck at "entering BIOS...". Now I was stuck with a non-bootable system.
• {censored}! I did a CMOS reset (disconnect power, set CLR_CMOS jumper, let it sit there for a while, removed the jumper). This still did not help. After turning the thing back on I got a message "CMOS cleared, press <DEL> to enter setup". I pressed <DEL>. Nothing happened. {censored}! Sh*t! Oh Nein!
• I disconnected the power, removed the CMOS battery, set the CLR_CMOS and disconnected all SATA drives. I let it sit there for 30 minutes.
• I put back the CMOS battery, removed the CLR jumper, started up without any drives and I could finally get to the UEFI firmware again. All options were where they were supposed to be. I immediately flashed the unpatched BIOS. Everything was fine.
• Then I felt adventurous and flashed the patched BIOS again. I did a factory reset. Everything was working as expected, register 0xE2 was unlocked. Just after one day this sh*t started again (missing bootloader entries, corrupt firmware setup). I went through this torture one more time and managed to flash the official BIOS again, which is running for over a week now without any issues (except that 0xE2 is write-protected).

I am sorry that I can not really provide any more technical details. But maybe you have an idea of what could have gone wrong here.

 

 

Thanks for making PMPatch.

[CodeRush]

It's definitelly an NVRAM corruption, but I have no idea what is the cause of it. If you can avoid using PMPatch - I would recomment to do that and use either Clover autopatch or patched kext. I simply have no time to debug such type of issues, sorry.

[mcsmart]

It's definitelly an NVRAM corruption, but I have no idea what is the cause of it. If you can avoid using PMPatch - I would recomment to do that and use either Clover autopatch or patched kext. I simply have no time to debug such type of issues, sorry.

Okay, I guessed that. I am already using Clover (with autopatching enabled) but the kernel (Darwin 13.0) only loads if my firmware is PMPatched. Without a PMPatched firmware my system reboots instantly either after boot.efi hands off control to the kernel (when using Clover) or when Chimera loads mach_kernel. That's kinda hard to debug, because I am not getting any backtraces... Could this reboot/reset be triggered by the firmware when it detects an invalid MSR access?

 

Does PMPatch really only affect 0xE2's state? I would guess that 0xE2 should only affect AppleIntelCPUPowerManagement.kext and not the kernel itself (at least not in such an early state), but maybe this has changed with Mavericks?

 

Thanks & schönes Wochenende

[CodeRush]

 

 

Could this reboot/reset be triggered by the firmware when it detects an invalid MSR access?

Yes, I think so. I have reports that Maverick kernel checks explicitly for 0xE2 write access, but I don't know for sure. Appears to be so.

 

 

Does PMPatch really only affect 0xE2's state?

It should. But the code is too simple and straightforward to check for issues like that. UEFITool has much better support of altering BIOS structure without harm, but it's still in very early development phase.

Once it be ready, you should use it to avoid such BIOS corruption problems.But right now you can try try to patch your BIOS manually using PhoenixTool and see if it prevent NVRAM from corruption.

[mcsmart]

Alright, thanks for your help. Since the Mavericks kernel really does not work with a locked 0xE2 MSR (further reading) I guess I am going to try to swap my board.

[Jeffrey.C]

Dear Rush Code:

   It seems that it really a wonderful tool for patching the Bios to enable the vanilla AICPUPM.kext.

 

After go through the whole thread, I found it seems that the Dell Latitude E6x20 laptop is unsupported? 

 

I tried your PMPatch in following two ways:

 a. use PmPatch to patch the Dell Original Bios update program.

    1). in Terminal: "./Pmpatch /Users/telanx/Desktop/E6320A18.exe  /Users/telanx/Desktop/E6320A18-Patched.exe."

    2), but it said: 

PMPatch 0.5.13
PowerManagement modules not found.
PowerMgmtDxe/PowerManagement2.efi modules not found.
AMI nest modules not found.
Phoenix nest modules not found.
CpuPei modules not found.

b. use PmPatch to patch the E6320A18.hdr:

    1). in Terminal: "./PMPatch /Users/telanx/Desktop/E6320A18.exe_decompressed.hdr /Users/telanx/Desktop/E6320A18.hdr

    2), but it said:

PMPatch 0.5.13
PowerManagement modules not found.
PowerMgmtDxe/PowerManagement2.efi modules not found.
Trying to apply patch #1
Nested PowerManagement module at 00237BA4 patched.
Segmentation fault: 11

Finally, I couldn't make it.....so, maybe i need to give it up?

 

do you have any ideas? thanks in advance.

 

below is the original bios update program for E6320 from Dell ftp. and the dumped .hdr file from this update program which using the DecompDellBios.py(by JimBoBoob @MDL.) , just for your reference.

 

Attachment 1: Dell Original Bios update program

    File name: E6320A18.exe Download link: http://www.sendspace.com/file/snhhbm

 

Attachment 2: Decompressed .HDR file from the update program.(used the DecompDellBios.py from MDL, credits to JimBoBoob)

    File Name: E6320A18.hdr Download Link:http://www.sendspace.com/file/o93fbu

[CodeRush]

Made a patched file using 0.5.13 for Windows. This segfault is known problem, but I don't have enough time to resolve it, sorry.

E6320A18.hdr.patched.zip

[TheExplorer]

Hey CodeRush,

 

I have an ASRock Z87 Extreme3 Motherboard, and I successfully created a patched BIOS file. But whenever I try to flash it, I get an error "Secure Flash Check Failed."

 

What do you suggest I do? Thanks.

[CodeRush]

TheExplorer, check this method out.

[Jeffrey.C]

Made a patched file using 0.5.13 for Windows. This segfault is known problem, but I don't have enough time to resolve it, sorry.

E6320A18.hdr.patched.zip

Thanks dude,

 

I am so sorry to bring you so much trouble, I should have a try in windows. :-)

 

the following, I need to flash this file to my laptop. and waiting for success.haha

 

by the way, can i use your FTK toolkit to flash the .hdr file? thanks.

[CodeRush]

Jeffrey.C, please don't try FTK on machines that aren't ASUS desktops. It will not work anyway, and may corrupt your current BIOS.

I don't know a 100% working way to flash modified Phoenix and Insyde BIOSes, besides hardware SPI flasher.

[divane]

I am currently trying to patch my bios file but I only have a .cap file. 

 

My mainboard is an ASUS H81M-E and as far as I can see the cap file doesn't work with the PMPatcher. 

 

Is there any other way to do this?

[CodeRush]

PMPatch works on BIOSes for that board. Method to flash it is linked 4 message above.

H81M-E-ASUS-0605.pm.zip

[TheExplorer]

TheExplorer, check this method out.

Thanks man! It worked! Finished installation for Mavericks!

[truongdx0405]

I'm used to open PMPatcher for Dell N4110 with UEFI BIOS version A12 of me! Everything seems pretty good, but I was caught up in an error when I press the FN + F2 key combination on the keyboard, it seems my computer crashes. : (I've tried every way, but it's still there: (I hope you can help me. Thanks so much! Expect news from you soon! These are the original A12 for Dell N4110

http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/inspiron-14r-n4110?driverId=H6PF5&osCode=BIOSA&fileId=3080412997&languageCode=EN&categoryId=BI

 

I am using win 8.1 for my laptop.

[TimeWalker75a]

It's pure UEFI problem and will always happen.. this is one of the reasons Dell disabled UEFI on the factory.

[truongdx0405]

It's pure UEFI problem and will always happen.. this is one of the reasons Dell disabled UEFI on the factory.

I want to experience UEFI (but probably will have to go back and wait for Dell Legacy only! Thank you very much!