Jump to content

[UEFIPatch] UEFI patching utility

BIOS patch power management UEFI

  • Please log in to reply
1704 replies to this topic

#1221
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 412 posts
  • Gender:Male
  • Location:Deggendorf, Germany

ByteWorkz, here is your patched file:Attached File  E7680IMS.C30.PM.zip   1.94MB   10 downloads

 



#1222
ericsia-ES

ericsia-ES

    If you able to solve question ask by him, you are Brilliant !

  • Members
  • PipPipPip
  • 150 posts
  • Gender:Male
It's unfair, I just imply add a newbie back my name and you unwilling to teach me anything.. I just want to use your software and support you. Please teach me.... :(

#1223
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 412 posts
  • Gender:Male
  • Location:Deggendorf, Germany

What can I teach you? How to unpack your BIOS image from exe file? It's possible, but how can you flash that modified BIOS, even if you manage to unpack and modify it?

I don't know any 100% working method of flashing modified Dell BIOSes except external SPI programmer (which I'm using for my Vostro 3360 BIOS), and I don't want to be a reason for your bricked PC.

You don't need to patch your BIOS, because you don't understand, what that patch does at the first place. It's not a miraculous "make-my-system-OSX-compatible" thing, it just removes lock from 0xE2 MSR, that is used for CPU power management.

Please try using patched AppleIntelCPUPowerManagement.kext first. If your OSX crashes with this kext patched - seek a source of failure in other topics of this forum. I'm not an OSX guru in any way, so I simply can't help you any further, sorry about that.



#1224
ByteWorkz

ByteWorkz

    InsanelyMac Protégé

  • Members
  • PipPip
  • 60 posts
  • Gender:Male
  • Location:Amsterdam, Netherlands

ByteWorkz, here is your patched file:attachicon.gifE7680IMS.C30.PM.zip

Thanks so much for your help CodeRush



#1225
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 412 posts
  • Gender:Male
  • Location:Deggendorf, Germany

ByteWorkz, you can do it yourself next time using the guide linked in my signature. It's easier then posting and waiting, BTW. :)



#1226
ericsia-ES

ericsia-ES

    If you able to solve question ask by him, you are Brilliant !

  • Members
  • PipPipPip
  • 150 posts
  • Gender:Male

What can I teach you? How to unpack your BIOS image from exe file? It's possible, but how can you flash that modified BIOS, even if you manage to unpack and modify it?
I don't know any 100% working method of flashing modified Dell BIOSes except external SPI programmer (which I'm using for my Vostro 3360 BIOS), and I don't want to be a reason for your bricked PC.
You don't need to patch your BIOS, because you don't understand, what that patch does at the first place. It's not a miraculous "make-my-system-OSX-compatible" thing, it just removes lock from 0xE2 MSR, that is used for CPU power management.
Please try using patched AppleIntelCPUPowerManagement.kext first. If your OSX crashes with this kext patched - seek a source of failure in other topics of this forum. I'm not an OSX guru in any way, so I simply can't help you any further, sorry about that.

You are external SPI programmer?

#1227
BlackSheep VS RustyNail

BlackSheep VS RustyNail

    InsanelyMac Sage

  • Members
  • PipPipPipPipPip
  • 363 posts
  • Gender:Male
  • Location:Mödling, Austria

You are external SPI programmer?

it's a piece of hardware



#1228
ericsia-ES

ericsia-ES

    If you able to solve question ask by him, you are Brilliant !

  • Members
  • PipPipPip
  • 150 posts
  • Gender:Male

it's a piece of hardware


Got it, thank you.. How silly I lol

#1229
tampit

tampit

    InsanelyMac Protégé

  • Members
  • Pip
  • 1 posts

I have an Asus N750JV i7 laptop and I'd like to use your patch.

 

Here's the output pmpatch gives me:

 

 

PMPatch 0.5.14

PowerManagement modules not found.
PowerMgmtDxe/PowerManagement2.efi modules not found.
Trying to apply patch #1
Nested PowerMgmtDxe/PowerManagement2.efi module at 001D7184 patched.
Gap module inserted after repacked module.
AMI nest module at 00080848 patched.
Phoenix nest modules not found.
CpuPei module at 0059C310 not patched: Patch pattern not found.
Output file generated.

 

Is it safe to flash it?

 

What tool should I use for flashing? I suppose EZ flashing inside UEFI won't work.

 

Asus has posted a modified winflash on their website which lacks the backup option. http://dlcdnet.asus....7_8_VER2420.zip. Shall I flash the patched bios with it or use Phoenix PFlash? Or your FTK (Flash ToolKit)?

Thank you.



#1230
Gringo Vermelho

Gringo Vermelho

    The Jan Bird fix

  • Supervisors
  • 6,121 posts
  • Gender:Male
  • Location:Brazil

You shall try them all until you find one that works.

 

You shall read the first post in this topic to learn whether your BIOS was patched or not.

 

The question is not "is it safe to flash it". Either it will flash or it won't.

 

If the idea of flashing a patched BIOS makes you uncomfortable then use one of the other available means to circumvent the locked register, like a patched AppleIntelCPUPowerManagement.kext.

The end result is exactly the same - the only difference is that you have to patch it again whenever Apple updates it.



#1231
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 412 posts
  • Gender:Male
  • Location:Deggendorf, Germany

I have found a solution of BIOS Lock problem for Phoenix and Insyde BIOSes, that have PchBiosWriteProtect.efi driver.

This driver can be patched to disable SMI Lock and BIOS Lock completely.

 

BIOS Lock is set here:

48 8B 0D 6D 08 00 00 mov         rcx,qword ptr [00000ED8h] ; LPC registers base is stored in memory
B2 FE                mov         dl,0FEh                   ; 0xFE is (NOT 0x01), 0x01 is BIOSWE, i.e. disable BIOS write
48 81 C1 DC 00 00 00 add         rcx,0DCh                  ; 0xDC is BIOS_CNTL register offset
E9 5F 01 00 00       jmp         00000000000007D8          ; Jump to write function

This code is a part of SMI handler, that sets BIOSWE bit to 0 right after flashrom tries to set it to 1. Changing 0xFE to 0xFF will disable it.

 

SMI Lock is set here:

48 8B 0D 42 08 00 00 mov         rcx,qword ptr [00000ED8h] ; LPC registers base is stored in memory 
48 83 64 24 48 00    and         qword ptr [rsp+48h],0     ; Some stack variable is now 0, not related
B2 20                mov         dl,20h                    ; 0x20 is SMI_BWP, i.e enable SMI generation after BIOSWE set to 1 
48 81 C1 DC 00 00 00 add         rcx,0DCh                  ; 0xDC is BIOS_CNTL register offset
E8 02 01 00 00       call        00000000000007AC          ; Call of write function

This code is part of procedure, that registers SMI handler above. Changing 0x20 to 0x00 will disable the registration and handler itself.

After both modifications BIOSWE=1 and SMM_BWP=0 in BIOS_CNTL register, that allows flashrom to work normally.

Descriptor locks can still prevent access to ME and Descriptor regions, but BIOS region will now be free from stupid useless protections.

 

I haven't tried it yet, but I'm pretty sure it will work as supposed. Feel free to try it and post the result. :)



#1232
BlackSheep VS RustyNail

BlackSheep VS RustyNail

    InsanelyMac Sage

  • Members
  • PipPipPipPipPip
  • 363 posts
  • Gender:Male
  • Location:Mödling, Austria

I have found a solution of BIOS Lock problem for Phoenix and Insyde BIOSes, that have PchBiosWriteProtect.efi driver.

This driver can be patched to disable SMI Lock and BIOS Lock completely.

 

BIOS Lock is set here:

48 8B 0D 6D 08 00 00 mov         rcx,qword ptr [00000ED8h] ; LPC registers base is stored in memory
B2 FE                mov         dl,0FEh                   ; 0xFE is (NOT 0x01), 0x01 is BIOSWE, i.e. disable BIOS write
48 81 C1 DC 00 00 00 add         rcx,0DCh                  ; 0xDC is BIOS_CNTL register offset
E9 5F 01 00 00       jmp         00000000000007D8          ; Jump to write function

This code is a part of SMI handler, that sets BIOSWE bit to 0 right after flashrom tries to set it to 1. Changing 0xFE to 0xFF will disable it.

 

SMI Lock is set here:

48 8B 0D 42 08 00 00 mov         rcx,qword ptr [00000ED8h] ; LPC registers base is stored in memory 
48 83 64 24 48 00    and         qword ptr [rsp+48h],0     ; Some stack variable is now 0, not related
B2 20                mov         dl,20h                    ; 0x20 is SMI_BWP, i.e enable SMI generation after BIOSWE set to 1 
48 81 C1 DC 00 00 00 add         rcx,0DCh                  ; 0xDC is BIOS_CNTL register offset
E8 02 01 00 00       call        00000000000007AC          ; Call of write function

This code is part of procedure, that registers SMI handler above. Changing 0x20 to 0x00 will disable the registration and handler itself.

After both modifications BIOSWE=1 and SMM_BWP=0 in BIOS_CNTL register, that allows flashrom to work normally.

Descriptor locks can still prevent access to ME and Descriptor regions, but BIOS region will now be free from stupid useless protections.

 

I haven't tried it yet, but I'm pretty sure it will work as supposed. Feel free to try it and post the result. :)

 

Is it a NVRAM variable which could be patched potentially from UEFI shell, is it accessible?

 

 

Memory Commands — EFI Shell. Commands for listing and managing memory, EFI variables, and NVRAM details.

default

Set the default NVRAM values.

dmem

Dump memory or memory mapped IO.

dmpstore

Display all EFI variables.

memmap

Display the memory map.

mm

Display/modify MEM/IO/PCI.



#1233
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 412 posts
  • Gender:Male
  • Location:Deggendorf, Germany

Potentially - yes, but I don't know one. Needs further testing.



#1234
BlackSheep VS RustyNail

BlackSheep VS RustyNail

    InsanelyMac Sage

  • Members
  • PipPipPipPipPip
  • 363 posts
  • Gender:Male
  • Location:Mödling, Austria

Potentially - yes, but I don't know one. Needs further testing.

 

I dumped the whole store using dmpstore -all > outfile.txt

328KB, a lot of variables inside ;)

What I could do now: flash a locked bios, dump again and compare what's changed.

EZFlash keeps the NVRAM widespread intact.

Attached Files



#1235
CodeRush

CodeRush

    InsanelyMac Sage

  • Developers
  • 412 posts
  • Gender:Male
  • Location:Deggendorf, Germany

NVRAM will not be changed after that modification, no need to do it. 

 

UPD: I didn't found any NVRAM-related code, and BIOS lock is set only in PBWP.efi.

"SMI Lock" from PchInitDxe.efi is in fact not related to BIOS lock in BIOS_CNTL register and must be left untoched.



#1236
gustavobgs

gustavobgs

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 124 posts
Hello, I am trying to install the mavericks 
but my motherboard is not accepting .. 
 
she is a asus Z87-c, it needs flash bios corrected? 
 
Sorry my english is bad


#1237
PimentelX86

PimentelX86

    InsanelyMacaholic

  • Local Moderators
  • 2,938 posts
  • Gender:Male
  • Location:Area 51

Hello

 

This patch is to patch AICPUPM for locked Bios

 

I past i gave to you a solution to install OSX and with that solution AICPUPM was patch... so AICPUPM is already patched.

 

Try boot like i said to you.



#1238
FelipeZ

FelipeZ

    InsanelyMac Protégé

  • Members
  • PipPip
  • 58 posts

Does this looks oK? 

./PMPatch bios/isflash.bin bios/isflash_patched.bin
PMPatch 0.5.14
PowerManagement modules not found.
PowerMgmtDxe/PowerManagement2.efi module at 0075333E not patched: Unknown error.
AMI nest modules not found.
Trying to apply patch #1
Nested PowerMgmtDxe/PowerManagement2.efi module at 0001FFE2 not patched: Unknown module state.
Nested PowerMgmtDxe/PowerManagement2.efi module at 00254430 patched.
Nested SmmPlatform module at 0001FFBE not patched: Unknown module state.
Nested SmmPlatform module at 00263CB0 not patched: Patch pattern not found.
Phoenix nest module at 00312CC8 patched.
CpuPei modules not found.
Output file generated.

Do I need windows to flash it? 



#1239
Gringo Vermelho

Gringo Vermelho

    The Jan Bird fix

  • Supervisors
  • 6,121 posts
  • Gender:Male
  • Location:Brazil

1. Please, you and everybody else, stop asking that question. Read the first post in this topic and then decide for yourself if it looks ok.

 

2. The answer to that is usually no. You need a way that allows you to flash a patched BIOS. To learn what your options are, read the BIOS section of your motherboard manual, go to the discussion forum of your motherboard on the manufacturer's website etc.



#1240
FelipeZ

FelipeZ

    InsanelyMac Protégé

  • Members
  • PipPip
  • 58 posts

Too sad, I tried patching the bin and putting it back into the .EXE and then install it with FreeDOS but the installer just give me a message: "Test." and flashes nothing :/

Any1 with a success history on flashing a patched bios into a dell notebook?







Also tagged with one or more of these keywords: BIOS, patch, power management, UEFI


6 user(s) are reading this topic

0 members, 6 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   PHP hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy