Jump to content
CodeRush

[UEFIPatch] UEFI patching utility

1,988 posts in this topic

Recommended Posts

Advertisement

For Dell machines with Phoenix Secure Core Tiano UEFI 2.0, such as Vostro 3750, L502x etc you can apply the patch straight to the .exe you have got from Dell.

Then flash it as if it was a stock updater thereafter. As said in the original post it will unlock all the advanced menus available for a particular machine you are patching for. The patch sequence used in this utility has originated from bios-mods, you can read this article for in-depth details on the advanced menus.

Share this post


Link to post
Share on other sites

k3nny, FTK for Windows is easier to use and don't have any CAP verification at all, but I still don't recommend to flash BIOS under Windows - it's way too risky.

Any other system program or driver can interfere with flashing process and make unpredictable results. With strong antivirus or virtual machine enabled this chance is rather high.

It's less dangerous to use flashrom under Linux or OS X, but DOS or is still better, because nothing can interfere with flashing process in single task system (if a bunch of drivers and/or TSR's don't loaded, of course).

More to say, flashing with non-Asus tools leads to individual data loss, so now you have to restore your SMBIOS UUID, LAN MAC and Motherboard S/N using FD44Editor and then reflash BIOS to write the restored data.

Read my post on [H] linked above.

Share this post


Link to post
Share on other sites

buoo, yes and no.

The pattern to find is also 75080fbae80f89442430, but there are 6 different patch variants that the program is trying to perform.

I have made an analysis of that assembly (warning, crappy Google-translate from Russian) and now is a bit more complex then just patching 0x75 to 0xeb.

Different patch variants are needed because after 0x75 to 0xeb patch the compressed module is often 1 byte bigger than original and there are BIOS versions that don't have even 1 byte of free space to insert it.

Share this post


Link to post
Share on other sites

Lenovo ThinkPad R61i 8932-FDG (Phoenix)

Not an UEFI, can't be patched with this program.

Intel SC5520SC

Has different module organisation and doesn't have PowerManagement or CpuPei modules to patch.

Is a patch required for this board to work with native AppleICPM.kext? Is there any patched BIOS for this board anywhere?

Share this post


Link to post
Share on other sites

Lenovo ThinkPad R61i and Intel SC5520SC require patching AICPUPM.kext. I haven't seen anyone who patched Intel EFI BIOSes.

 

EDIT: about Lenovo:

 

UEFI BIOS Version 8JET42WW (1.36) 
UEFI BIOS Date 2012-05-15

Share this post


Link to post
Share on other sites

oswaldini, 8JET42WW can be patched by version 0.5.9 after unpacking, BIOS file to patch is $0A8J000.FL1

There is no problem to patch Intel EFI file, the main problem is to flash patched file to BIOS chip on Intel boards.

I don't know any method to flash modified Intel BIOSes with standard Intel tools, but I do know two methods to unlock access to whole BIOS and flash it with Intel Flash Programming Tool.

Another possible way to flash modified BIOS is described by phpdev32 in his mail:

I can report that the Intel DQ77KB thin mITX build I made this weekend worked just fine. Naturally I tested the newest ROM with PMPatch before I even bought the parts (just to be safe)' date=' but the F7 BIOS flasher worked just fine. I'm pretty sure the recovery flash didn't work, restarted several times without flashing, but that isn't critical. I imagine anyone wanting to repair the BIOS could flash the stock first using recovery, then flash the patched using F7 after rebooting.[/quote']

Share this post


Link to post
Share on other sites

The utility is BSD-licensed and available on GitHub.

Compiled versions for Windows and OS X are here.

Latest version is 0.5.9

 

Much better and easier than doing it under windows with Phoenix tools and an hex editor. :)

Thumb up.

 

I need testers with different boards from different vendors to make the utility better, so if you have enough courage or a spare BIOS chip - please try it and report in this topic.

Thank you in advance.

 

Tested on my Asus P8B-WS, bios 2106 (previously patched) with a Xeon E3-1230v2.

Works without any problem, a binary file compare show differences with my "hand-patched" bios but I can't see any differences under UEFI bios screens nor working under ML 10.8.2

Sleeps and wakes as usual, speedstep is the same using the same SSDT with modified iMac12_2.plist :

 

MSRDumper PStatesReached: 16 20 27 33 35 36 37.

 

Nice work !

Share this post


Link to post
Share on other sites

I can't see any differences under UEFI bios screens nor working under ML 10.8.2

It's normal, for AMI UEFI it only patches PowerManagement module and nothing more. Thank you for report.

Share this post


Link to post
Share on other sites

Did not work for me on Intel DZ77GA70K. I press F7 and then select .bio file and PC reboots and tries to flash but then reboots again and boots into Windows.

 

C:\>pmpatch GA0061.bio GA0061A.bio
PMPatch 0.5.9
PowerManagement module at 0045CC8C patched.
AMI nest modules not found.
Phoenix nest modules not found.
CpuPei module at 001FE83C not patched: Patch pattern not found.
Output file generated.

Share this post


Link to post
Share on other sites

Intel is famous for difficulties on flashing modified BIOSes...

I know a way to overcome it, but it isn't simple.

Please download FTK for Windows from the link in third post, then open Administrator console, cd to FTK/Win32 and execute fpt -i command.

I need the output to guide you further.

Share this post


Link to post
Share on other sites

Intel is famous for difficulties on flashing modified BIOSes...

I know a way to overcome it, but it isn't simple.

Please download FTK for Windows from the link in third post, then open Administrator console, cd to FTK/Win32 and execute fpt -i command.

I need the output to guide you further.

 

C:\FTK_0.9.4_win\Win32>fpt -i

Intel (R) Flash Programming Tool. Version:  8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel(R) Z77 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

   --- Flash Devices Found ---
   W25Q64BV    ID:0xEF4017    Size: 8192KB (65536Kb)

   --- Flash Image Information --
   Signature: VALID
   Number of Flash Components: 1
    Component 1 - 8192KB (65536Kb)
   Regions:
    Descriptor - Base: 0x000000, Limit: 0x000FFF
    BIOS	   - Base: 0x1C0000, Limit: 0x7FFFFF
    ME		 - Base: 0x003000, Limit: 0x1BFFFF
    GbE	    - Base: 0x001000, Limit: 0x002FFF
    PDR	    - Not present
   Master Region Access:
    CPU/BIOS - ID: 0x0000, Read: 0x0B, Write: 0x0A
    ME	   - ID: 0x0000, Read: 0x0D, Write: 0x0C
    GbE	  - ID: 0x0118, Read: 0x08, Write: 0x08

Total Accessable SPI Memory: 8192KB, Total Installed SPI Memory : 8192KB

FPT Operation Passed

Share this post


Link to post
Share on other sites

OK, as we can see, ME and GbE regions are locked, BIOS region is not.

Execute fpt -bios -d dump.bin command, if it works, patch this dump.bin file with PMPatch (pmpatch dump.bin mod.bin) and flash patched file with FPT by executing fpt -bios -f mod.bin command. If it works, reboot your computer.

Share this post


Link to post
Share on other sites
C:\FTK_0.9.4_win\Win64>fpt -bios -f mod.bin

Intel (R) Flash Programming Tool. Version:  8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel(R) Z77 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

   --- Flash Devices Found ---
   W25Q64BV    ID:0xEF4017    Size: 8192KB (65536Kb)


Error 280: Failed to disable write protection for the BIOS space!

Share this post


Link to post
Share on other sites

It's won't be so easy, as I thought but there is a way to unlock BIOS from this kind of lock. It is described here and can be dangerous, but I tried it like 10 times and it worked.

You need to disable Intel AntiTheft before trying it.

After unlocking access to all regions, you can make a dump of Descriptor region by executing fpt -desc -d desc.bin, and edit it with Hex-editor to remove locks completely.

This values are to be set:

locki.png

Then you can flash modified Descriptor region by executing fpt -desc -f desc.bin and modified BIOS region by fpt -bios -f mod.bin. If all things goes without error, then modified BIOS is finally flashed.

This way it dangerous and can lead to BIOS loss, so I don't recommend to try it unless you have to.

Share this post


Link to post
Share on other sites

No thanks. I don't want to risk to break anything, i can't afford to buy another board if this breaks. I rathed use NullCPU or patch DSDT. There is no AntiTheft on this motherboard.

 

I don't understand why it works to flash with F7 on Intel DQ77KB http://www.insanelym...y/#entry1878932 but not on my board, they have similar BIOS.

 

My motherboard has Intel® BIOS Vault Technology but so does DQ77KB.

 

Virtually incorruptible BIOS that provides fault-tolerant and secure firmware operating and upgrade environments.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By glasgood
      CLOVER DUAL BOOT MOJAVE & WINDOWS 10 GUIDE 
       

       
       
      INCLUDES  MBR / LEGACY BIOS  TO  GPT / EFI CONVERSION
      USING MBR2GPT TOOL
       
       
      PREREQUISITE: Two physical discs ( SSD’s or HDD’s )
       
       
       
       
       
      STEP 1 - Clover dual boot configuration 
       
      Open config.plist with Clover Configurator
       
      Boot
       Legacy = PBR Timeout = True ( will remove the Timeout countdown, from Clover boot menu)  

       
      GUI 
      Scan / Custom
       Entries = True  Tool = True  Legacy = False ( removes extra Windows 10 entries )  
      Hide Volume
      - Preboot ( macOS Preboot )
      - Recovery ( macOS Recovery )
       

       
      So at boot you will have two options: boot macOS Mojave or Windows 10 
       
       
       
       
       
       
       
      ————————————————————
       
       
      STEP 2 - Using a drive without Windows 10 installed
       
      Disconnect system drive that contains your macOS Mojave install from computer ( This is so that Windows does not overwrite existing macOS Mojave boot loader )
       
      Proceed with a Windows 10 UEFI install.  
      After installation reconnect macOS Mojave Drive, the Windows installation should now be detected and usable in Clover. 
      If Windows 10 is not detected or able to boot,  then verify you installed Windows 10 as UEFI and not MBR ---->  ( Read step 2 - For a drive with Windows 10 installed )
       
       
      OR
       
       
       
      STEP 2 - Using a drive with Windows 10 already installed
       
      Verify your Windows install is  GPT / UEFI or MBR / Legacy BIOS.   
      If Windows install is GPT UEFI then Windows 10 install is ready to use at Clover boot menu, you should be able to boot into Windows directly from Clover boot screen. 
       

       
       
      But if  Windows drive is detected at Clover boot screen, but when booting Windows you get a black screen with a cursor on the top left,
      then this is most likely because Windows drive is MBR ( Legacy BIOS ).  You can easily convert MBR to GPT using  Windows MBR2GPT tool ( this saves hours work having to reinstall Windows 10 and setting up all your applications again  ) 
       
      If Windows 10 install is MBR / Legacy BIOS  then simply convert to GPT / UEFI  following instructions below ( read video summary and view video )
       
       
      ** To use Windows 10  MBR2GPT tool  you must have Windows 10 version 1703 ( creators update  ) or later and less than 3 partitions on 
      the Windows 10 drive **
       
      Video summary:
       
      Confirm Windows 10 drive is MBR Legacy BIOS ( in Windows Disk Management ) Reboot into Windows PE ( Advanced Startup ) Convert from MBR Legacy BIOS to GPT UEFI ( using commands below ) mbr2gpt /validate mbr2gpt /convert Restart Verify Windows 10 drive has changed to GPT UEFI ( in Windows Disk Management )  
       
       
       
      After conversion Windows 10 is ready to use at the Clover boot menu 
       
       
       
      STEP 3 - Stop Windows Boot manager from overriding Clover boot manager
       
      How to stop Windows boot manager from overriding your Hackintosh Clover boot manager when using dual booting between macOS and Windows
       
       
       
       
       
       
    • By SoThOr
      This was spurred on from a discussion in the Clover General thread. Where there was a debate on bcdedit being able create/read/edit (U)EFI Boot entries. I didn't think it appropriate to post all this information there and somebody may want to make use of this and its likely to get lost in that massive thread.
       
      Out of curiosity I decided to see if I could create an EFI entry using bcdedit. What can I say I like a challenge.  Whilst is not a documented method by Microsoft, as it turns out in a round about way it IS possible to create an EFI entry using bcdedit and these are the steps I went through to add UEFI Shell located on a USB stick to the EFI entries. 
       
      Third party software is available that can create and edit UEFI entries from Windows with better support and more features. I'm just making this information available in case those options are unavailable. 
       
      DISCLAIMER - This is not a supported method. Use at your own risk. I recommend backing up your BCD/Firmware variables/settings beforehand.
       
      1) Copy {bootmgr} entry.
      C:\Windows\System32>bcdedit /copy {bootmgr} /d "UEFI Shell" The entry was successfully copied to {34e8383c-73a7-11e9-9cb0-94de8078a7b5}. 2) Edit the new entry using the new GUID bcdedit generated in the copy step.
        a) Set the device and path for UEFI shell on my USB stick.
      bcdedit /set {34e8383d-73a7-11e9-9cb0-94de8078a7b5} device partition=G: bcdedit /set {34e8383d-73a7-11e9-9cb0-94de8078a7b5} path \EFI\SHELL\SHELLX64.efi   b) Clean up some of the stuff that was copied from {bootmgr} (optional as far as I can tell, just makes things tidier in bcdedit)
      3) Put the new EFI entry first in boot order. (optional)
       
      After completing the steps above, here is what "bcdedit /enum firmware" shows:
       
      I shutdown my computer and when I turned my computer back on it booted up into UEFI Shell. After exiting the shell my PC went on to boot Windows.
      Here is the resulting dump using "bcfg boot dump -v" from that shell:
       
      You may notice that the shell shows as "Windows Boot Manager" in the bcdedit output. This I believe is because of the "WINDOWS" at the beginning of the option data that bcdedit added to the EFI Boot entry. I also believe this why bcdedit shows my Windows 8 installation as "Firmware Application" because it has no option data. I don't know how to remove this data using bcdedit nor do I know how the option data, that bcdedit adds, will affect other EFI applications.

      There might be a way to create the EFI entry without copying the Windows entry but if there is I'm unable to find any documentation on how one would do so. If you use the create command then it just puts it in the BCD and I'm unaware of a way to tell it to create it in EFI instead, other than by doing the above.
    • By d2a
      So I'm finally joining the grown-ups and trying to set up a new(ish) hack. In the past I've used legacy Clover with my old Gigabyte board and thought I knew what I was doing. But I've been trying to get a UEFI Clover-based install to work and it's going nowhere.
       
      My new system (listed as SysB in sig) is a Gigabyte Z97X-UD3H-BK rev1.1 with firmware F6, an i7 4790K CPU and 4x4GB Corsair 1866MHz. I have the firmware settings set as per various guides and thought this should be a pretty painless transition...
       
      I have successfully run the installer for El Cap several times, but can't get the machine to boot reliably - it seems to change behaviour each boot. Sometimes boot hangs at the Gigabyte logo after choosing boot volume via F12, sometimes it boots to clover but displays no bootable drives, sometimes displays ElCap SSD in Clover but wont boot from it with kernel cache error, and occasionally it will boot all the way.
       
      What I'd like to know is:
       
      Should I update the mobo firmware to the latest version? This board has two more recent Bios software downloads, but they wont allow me to drop back to the version currently installed. I'm nervous to update unless this is likely to be the culprit. Is this just a UEFI issue? If the simple answer is just go legacy mode, maybe I should just avoid the issue... FInally, does anyone else have a working clover install on this board they could share with me? I think I've got it set up as it should be but the strange inconsistent boot behaviour makes me wonder... Thanks
    • By kromakey
      Hello ,
       
      Just changed my CPU to a E5450 to be able to Run Mojave , but now I can not run not even EL Capitan    (it was working well with CORE2DUO)
       
      I already flashed a modified bios to be able to recognise the CPU.
       
      here some print screens from Verbose :
       
      https://photos.app.goo.gl/kqWauSu5GZ9Kogxh7
       
      https://photos.app.goo.gl/F6kL5YbiFBqLcGyz6
       
       
      AZUS P5K PRO  - CPU E5450 - NVIDIA 9600GT - 5G RAM 
       
       
      ANY HELP is APPRECIATED
       
      Thanks/Obrigado
       
      Kromakey 
       
       
       
       
    • By ciriousjoker
      TLDR:
      I'm trying to boot MacOS on a Chromebook without UEFI. I'm stuck at getting the bootloader (Chameleon/Clover) to work.  
      My setup / context:
      I have an Acer Chromebook Spin 13.
      Available ports:
      2 x USB-C 1 x USB-A 3.0 MicroSD Slot No USB A 2.0 (I've read that Clover has problems with USB 3.0) Firmware:
      There's no UEFI firmware available and by default, it doesn't even allow booting anything other than ChromeOS. Thanks to MrChromebox (big shoutouts!), I flashed a custom legacy bios that allows me to boot anything linux related. This bios is flashed into the RW_LEGACY section of the existing bootloader (coreboot afaik) and doesn't have any configuration options. If I have to change a setting, I could try compiling his bios payload myself with the specific setting enabled.  
      What I've tried so far:
      Chameleon attempts:
      Only selected setting was "Install chameleon on the chosen path", rest was unselected.
       
      1 - Install chameleon first without restoring the basesystem:
      Output:
      > boot0: GPT
      > boot0: done
      (hangs; pressing power button once shuts down
      Chameleon installation log is attached as "Chameleon_Installer_Log_BEFORE".
       
      2 - Install Chameleon after restoring the base system:
      Output:
      > boot0: GPT
      > boot0: GPT
      > boot0: doneboot1: /boot       <- Exactly like that, no line break in between
      (hangs; pressing power button once shuts down)
       
      I haven't been able to reproduce #2 after wiping the drive and doing the same thing again. Subsequent attempts have resulted in either #1 of either Chameleon or Clover.
      Chameleon installation log is attached as "Chameleon_Installer_Log_AFTER".
       
      Clover attempts:
      I tried multiple settings and configurations, but all of them boiled down to either one of these.
       
      1 - Doesn't do anything, just hangs at "Booting from usb..."
      2 - Boots into the blue/grey mode as shown in the attached images.
      According to MrChromebox, this could be an old Tianocore DUET It doesn't detect anything (cpu frequency, ram, partitions or disks)  
      I've read pretty much every article, github readme and other types of documentation for coreboot, tianocore, clover, chameleon and MrChromebox' rw_legacy payloads and right now, I'm totally clueless as to what to try next...
       
      A few questions that came up:
      Why does chameleon hang? What is it looking for, /boot was clearly written to the disk by the Chameleon installer? What exactly is the blue/grey image? According to MrChromebox, it could be Tianocore DUET Where does it come from? Clover? The mainboard itself? Why does the blue/grey thing not detect my processor frequency or any partitions/drives? Can I use some sort of DUET bootloader to chainload Clover?  
      If you guys could answer any of them or if you have any other guesses or information as to what's happening, I'd be really happy!
      Chameleon_Installer_Log_BEFORE.txt
      Chameleon_Installer_Log_AFTER.txt





×