Jump to content

[UEFIPatch] UEFI patching utility

BIOS patch power management UEFI

  • Please log in to reply
1577 replies to this topic

#81
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 383 posts
  • Gender:Male
  • Location:Deggendorf, Germany
You are a lucky one. It seems that only NVRAM is writable and other BIOS addresses are protected by some non-standard protection, so FPT can't write to that space. Normally errors like that lead to BIOS corruption, but this time all things went OK.
Thanks again for testing. I think I must remove PMAP from public access, because too many system have issues and it can lead to bricked machine too easy.

UPD: Removed. Sorry for posting it too early.

You are fine now, no need to do anything else.

#82
oSxFr33k

oSxFr33k

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 791 posts
  • Gender:Male
  • Interests:Sound and Graphic Design. Electronics in general.
This is why I never have been able to modify the CpuPei module as many others were able to do so on their desktop motherboards from the speedstep forum. It looks like the power management module was nested? I know I looked in all the modules in the past and never was able to find the patch areas that others were able to do using hex editors etc. So my patched Bios takes care any and all possible

locking MSR 0xE2's? I do not have any new menus in the Bios that I can see.




Nested PowerManagement module at 00F900EC patched
AMI nest module at 000B7720 patched.
Phoenix nest modules not found.
CpuPei module at 0027C2C0 not patched: Patch pattern not found.
Output file generated.


Thanks Again!!

#83
pere

pere

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 726 posts
Hello CodeRush, very nice job you are doing here!

I do own a Toshiba Laptop L750, with Insyde H2O Bios and Core I5, i have tried your app under Snow leopard 10.6.8 and it gave me "Illegal instruction" as others.

Here is the link for my bios if you wanna take a look onto it: https://dl.dropbox.c...39/test/BIOS.fd .

Thanks in advance.

#84
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 383 posts
  • Gender:Male
  • Location:Deggendorf, Germany
There are different approaches to BIOS compression between vendors.
ASUS desktop boards (AMI) use Tiano compression and every EFI module is compressed on it's own.
ASUS laptop boards (AMI) use Tiano and one big nest module, to which a half of BIOS is compressed.
MSI desktop boards (AMI) use LZMA and compression for every module.
ASRock desktop boards (AMI) use LZMA and nest module.
Phoenix and InsydeH2O are using LZMA and/or Tiano combined with nest module (or even nest module inside another nest module, WNTGD.jpg :)).
Phoenix SCT 2.0 on Dell machines are using nest module inside of RAW file.

Normally there is only one place in BIOS that sets the lock up, so if was patched and boots - it must work. There is no additional menus or something for AMI BIOSes, just a PM patch.

pere, here is your patched BIOS.
This "illegal instruction" bug is present because I only have 10.8.2 and Apple sucks at backward compatibility.
Install GCC 4.7 from homebrew or macports and CMake from official site and build your own 10.6.x-compatible version of PMPatch, if you wish.

#85
pere

pere

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 726 posts
Wow... Thanks so much for your lightning response.

Will try the bios later and report here. :)

Posted Image

#86
LoLL

LoLL

    InsanelyMac Protégé

  • Members
  • PipPip
  • 68 posts
Try on VAIO SVS bios :

vaio$ PMPatch R2087H4.ROM R2087H4_pmpatched.ROM
PMPatch 0.5.10
PowerManagement modules not found.
AMI nest modules not found.
Trying to apply patch #1
Nested PowerManagement2.efi module at 0099816A not patched: Unknown module state.
Nested PowerManagement2.efi module at 00B308C8 patched.
Phoenix nest module at 000A0048 patched.
CpuPei modules not found.
Output file generated.
vaio$

Seems OK, no ?

So now, need to flash and try....

#87
ameris_cyning

ameris_cyning

    I don't know what to write here

  • Donators
  • 956 posts
  • Gender:Male
  • Location:My apartment
  • Interests:OSx86, female anatomy, electronic music, Clover EFI
Does not properly create a BIOS image (fails secure flash session) on Asus p8b75-m

#88
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 383 posts
  • Gender:Male
  • Location:Deggendorf, Germany
Try this method, it works on Asus B75 and Q77-based boards.

#89
pere

pere

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 726 posts
CodeRush, big success here.

Flashed the bios you patched for me and i was able to successfully use native powermanagement on ML.

Also used your app on ML, and as you said, it works perfectly.

I will update my blog with this big news for Toshiba SandyBridge Laptops users.

Thanks so much.

Posted Image

#90
taney

taney

    InsanelyMac Protégé

  • Members
  • Pip
  • 42 posts
  • Gender:Male
  • Location:Southern California

There is little to no difference between AMI BIOSes on modern ASUS desktops and ASUS laptops, so I can't see why it won't work.
The main problem is again with flashing, because EZ Flash or BUpdater can refuse to flash a modified BIOS and I don't know how to bypass that protection, but there is a way to integrate a patch into BIOS without taking much risk:
1. Download Intel Flash Programming Tool compatible with your laptop. You can try FPT v8 (99% chance to work) from my FTK toolset.
2. If you are using FTK, go to Win32 or Win64 folder and run biosbkp.bat as Administrator using right-click menu.
3. I'm assuming you can boot to Windows on your laptop, if not - here is an image of DOS-bootable USB-Flash with FTK, that can be written with dd, named FTK_x.y.z_bin.zip.
4. Anyway, run Command Prompt as Administrator and cd to FTK/Win32 or FTK/Win64 folder.
5. Enter fpt -bios -d bck.bin command, if it ends with green "FPT Operation Passed" message - you have now a dump of your BIOS region.
6. Patch this dump file with PMPatch, producing bck.mod file. Copy that modified file to FTK/Win32 or FTK/Win64 folder.
7. Flash your modified dump back by executing fpt -bios -f bck.mod command. If it doesn't fails and green "FPT Operation Passed" message is present - you are done.
8. Reboot and see what happens. I can't guarantee anything, but there is only a little chance of fail, as I see it.
You can try it on your desktop board first to see it working.
I'm thinking about an automated solution for that, because it's easy to a write a batch file for doing all of that things in one seat. Will do it a bit later when I have more time for programming.


Thanks so much! I'll have a gander when I have some free time. I appreciate all your help.

#91
ameris_cyning

ameris_cyning

    I don't know what to write here

  • Donators
  • 956 posts
  • Gender:Male
  • Location:My apartment
  • Interests:OSx86, female anatomy, electronic music, Clover EFI

Try this method, it works on Asus B75 and Q77-based boards.


You rule

Thank you

Does anyone know of a tool that will allow me to test this in OS X? I skimmed through this thread and I did not see one so forgive me if I am blind.

#92
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 383 posts
  • Gender:Male
  • Location:Deggendorf, Germany
I don't know an OS X tool able to read MSRs, but checking if this patch works is rather simple: boot without NullCPUPM.kext and with vanilla AppleIntelCPUPM.kext. If it boots - it works.
No vendor except Gigabyte has balls to modify standard PowerManagement module code, that is why there is one patch for like 95% boards on the market.
So if your BIOS is patched, flashed and boots - native PM will work.

#93
pere

pere

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 726 posts
Blog updated with link to your thread Here.

Thanks again CodeRush.

#94
taney

taney

    InsanelyMac Protégé

  • Members
  • Pip
  • 42 posts
  • Gender:Male
  • Location:Southern California

There is little to no difference between AMI BIOSes on modern ASUS desktops and ASUS laptops, so I can't see why it won't work.
The main problem is again with flashing, because EZ Flash or BUpdater can refuse to flash a modified BIOS and I don't know how to bypass that protection, but there is a way to integrate a patch into BIOS without taking much risk:
1. Download Intel Flash Programming Tool compatible with your laptop. You can try FPT v8 (99% chance to work) from my FTK toolset.
2. If you are using FTK, go to Win32 or Win64 folder and run biosbkp.bat as Administrator using right-click menu.
3. I'm assuming you can boot to Windows on your laptop, if not - here is an image of DOS-bootable USB-Flash with FTK, that can be written with dd, named FTK_x.y.z_bin.zip.
4. Anyway, run Command Prompt as Administrator and cd to FTK/Win32 or FTK/Win64 folder.
5. Enter fpt -bios -d bck.bin command, if it ends with green "FPT Operation Passed" message - you have now a dump of your BIOS region.
6. Patch this dump file with PMPatch, producing bck.mod file. Copy that modified file to FTK/Win32 or FTK/Win64 folder.
7. Flash your modified dump back by executing fpt -bios -f bck.mod command. If it doesn't fails and green "FPT Operation Passed" message is present - you are done.
8. Reboot and see what happens. I can't guarantee anything, but there is only a little chance of fail, as I see it.
You can try it on your desktop board first to see it working.
I'm thinking about an automated solution for that, because it's easy to a write a batch file for doing all of that things in one seat. Will do it a bit later when I have more time for programming.


Would there be any harm in running PMAP first?

#95
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 383 posts
  • Gender:Male
  • Location:Deggendorf, Germany
taney, PMAP does the same thing automatically, but you don't have any time to react if anything went wrong. Especially if Error 7 will be produced right after erasing BIOS. I don't wand to brick your laptop in any way, so it's better to do things manually and see what happens.

pere, thank you for testing.
I'm developing 0.6 branch now, that uses EFI filesystem traversal instead of pattern matching to find nest and PM modules, so errors like "Unknown module state" that is on your screenshot will be no more.
InsydeH2O BIOSes have a module that has UUIDs of other modules (including PM) inside. This module is not compressed and often lays before actual PM module, that is why it's this error is produced.
I'm adding Toshiba (InsudeH2O) to list of tested configurations.

#96
taney

taney

    InsanelyMac Protégé

  • Members
  • Pip
  • 42 posts
  • Gender:Male
  • Location:Southern California

taney, PMAP does the same thing automatically, but you don't have any time to react if anything went wrong. Especially if Error 7 will be produced right after erasing BIOS. I don't wand to brick your laptop in any way, so it's better to do things manually and see what happens.

pere, thank you for testing.
I'm developing 0.6 branch now, that uses EFI filesystem traversal instead of pattern matching to find nest and PM modules, so errors like "Unknown module state" that is on your screenshot will be no more.
InsydeH2O BIOSes have a module that has UUIDs of other modules (including PM) inside. This module is not compressed and often lays before actual PM module, that is why it's this error is produced.
I'm adding Toshiba (InsudeH2O) to list of tested configurations.


That makes sense. Awesome! Thanks so much for your hard work. Really appreciate it!

#97
eurisko

eurisko

    InsanelyMac Protégé

  • Members
  • Pip
  • 12 posts
  • Location:Lisbon,Portugal

Can you use v1.80?
It works with current version.


I will try tomorrow , will get the results back at you. Thanks for the heads up.

#98
MacintoshHealer

MacintoshHealer

    InsanelyMac Protégé

  • Members
  • Pip
  • 2 posts
patching the newest Zotac Z77-ITX BIOS...


PMPatch 0.5.10
PowerManagement modules not found.
Trying to apply patch #1
Nested PowerManagement module at 00AA1DE4 patched.
Gap module inserted after repacked module.
AMI nest module at 00550048 patched.
Phoenix nest modules not found.
CpuPei module at 0079F380 not patched: Patch pattern not found.
Output file generated.
admin:~ admin$ thanx CodeRush!
-bash: thanx: command not found

#99
BALDY_MAN

BALDY_MAN

    InsanelyMac Sage

  • Members
  • PipPipPipPipPip
  • 262 posts
  • Gender:Male
  • Location:uk
i managed to patch and load latest bios for Asus sabertoothx79 motherboard load ok.
but kp when i remove null cpu power managment kext
so no luck for me
keep up this great work

#100
lewdi

lewdi

    InsanelyMac Protégé

  • Members
  • Pip
  • 4 posts
I can patch the bin inside the cab file, but My HP Elitebook 8460p won't let me load the bios because it needs a signiture match. Any ideas?

Attached Files

  • Attached File  ROM.zip   1.78MB   3 downloads






Also tagged with one or more of these keywords: BIOS, patch, power management, UEFI


3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   PHP hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy