Jump to content
CodeRush

[UEFIPatch] UEFI patching utility

1,988 posts in this topic

Recommended Posts

Confirmed working on Asus p8p67 Rev.3 B3. Kills onboard audio (

Realtek ALC892)

in OS X But that was expected (sound works fine in linux and windows). No power management kexts needed and speedstepping (overclocking) now works on my 2600k.

Share this post


Link to post
Share on other sites
Advertisement

I got two mobs here:

 

nVidia 790i Ultra

Intel DX48BT2

 

Are these worth trying considering the security stuff associated with the Intel and that the nVidia board isn't exactly common/popular?

Share this post


Link to post
Share on other sites

Hi CodeRush!

Just wanted to ask you what exact command do I need to use from the FTK to flash the patched BIOS to my MoBo?

In your post on Hardforum you describe the list of commands that FTK has, but I am confused between biosrefl and reflash.

Also, to k3nny, I noticed that you have the same motherboard as me (asus p8z77-v lk), so I ask if you can describe your flashing process step by step, if you can, please?

biosrefl is enough.

 

OK, thanks.

 

What does this mean?

 

CpuPei module at 003DC1C0 not patched: Patch pattern not found.

There are two separate places for 0xE2 register lock. Onl old ME7 BIOSes is was in CpuPei module, in new ME8 BIOSes it is in PowerManagement module. So, if PM module is patched, there is a little chance that CpuPei has a lock string to patch. But in case that a lock is present in both modules, I must check both of them. In your case PM is patched, in CP there is no pattern to patch. It's OK.

 

I got two mobs here:

 

nVidia 790i Ultra

Intel DX48BT2

 

Are these worth trying considering the security stuff associated with the Intel and that the nVidia board isn't exactly common/popular?

Not an UEFI BIOS in both cases, AFAIK. Nothing to do here. :(

Share this post


Link to post
Share on other sites

Hi code Rush,

Your patcher worked well, and also, what mean the Phoenix patch after the powermanagement patch ?

But then, the flashing failed :( .. it seems I've got an RSA signed bios as I get on reboot "InsydeH2o secure flash - invalid firmware image " ( VAIO SVE1712C5E )

With FTK, it tells me that the regions are locked, here's the output with "fpt -i" command

 

Intel (R) Flash Programming Tool. Version: 8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel(R) HM76 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

--- Flash Devices Found ---
W25Q64BV ID:0xEF4017 Size: 8192KB (65536Kb)

--- Flash Image Information --
Signature: VALID
Number of Flash Components: 1
    Component 1 - 8192KB (65536Kb)
Regions:
    Descriptor - Base: 0x000000, Limit: 0x000FFF
    BIOS     - Base: 0x180000, Limit: 0x7FFFFF
    ME         - Base: 0x001000, Limit: 0x17FFFF
    GbE     - Not present
    PDR     - Not present
Master Region Access:
    CPU/BIOS - ID: 0x0000, Read: 0x0B, Write: 0x0A
    ME     - ID: 0x0000, Read: 0x0D, Write: 0x0C
    GbE     - ID: 0x0118, Read: 0x08, Write: 0x08

Total Accessable SPI Memory: 8192KB, Total Installed SPI Memory : 8192KB

FPT Operation Passed

 

After allowing writing region with pinmod, will the same code aply to unlock by a patch as you said here ?

After unlocking access to all regions, you can make a dump of Descriptor region by executing fpt -desc -d desc.bin, and edit it with Hex-editor to remove locks completely.

This values are to be set:

locki.png

 

 

Regards

Share this post


Link to post
Share on other sites

Thanks CodeRush!

Successfully flashed my MB with a PMPatched .cap file and FTK. You rule!

Asus p8z77-v lk motherboard, flashed in ms-dos mode as advised.

I have retained the patched bios file and backup.bin file created by FTK. Do you need them for further research?

Share this post


Link to post
Share on other sites

1. What mean the Phoenix patch after the powermanagement patch?

2. After allowing writing region with pinmod, will the same code aply to unlock by a patch as you said here ?

1. Your PowerManagement module is located inside another big module, I call it "nest". There are 2 kinds of nest modules with different UUIDs, one I have found on AMI BIOSes and another on Phoenix. The nest module must be unpacked, PM module inside of it must be patched and nest module must be repacked and reinserted. So says the output.

2. Yes.

 

Successfully flashed my MB with a PMPatched .cap file and FTK. You rule!

Asus p8z77-v lk motherboard, flashed in ms-dos mode as advised.

I have retained the patched bios file and backup.bin file created by FTK. Do you need them for further research?

No, I have about 10 backups of this board and need no more. :)

Glad to help.

Share this post


Link to post
Share on other sites

@CodeRush,

Sorry for going a bit off-topic but would it be possible to create a utility that patches nVida or ATi vbios to add native resolution to the cards' VESA modes? I'm basically talking about a GUI utility to automate the process described here: http://www.insanelymac.com/forum/topic/211294-information-on-vesa-modes-in-atinvidia-bios/page__hl__%20vesa%20%20mode

 

I think this'll help a lot of people and thought that you're probably the only one who could create such a utility.

Share this post


Link to post
Share on other sites

@Dr. Hurt, I'm in the middle of business trip now and I can't write anything, but I will look at that topic after I return to Germany. About 5-10. Mar., if nothing goes wrong.

Share this post


Link to post
Share on other sites

Doesn't work with my bios. Is this only for sandy bridge cpus? Or has it worked on any Nehalem ones? I've looked through my bios and I think it might be locking bit 15 in the smmplatform module instead of the usual places because of this function that's in smmplatform. I'd prefer to have someone with more expirence look it over before I change anything. Thanks. I've attached my bios, the powermanagement2 module, and the smmplatform module. v4npyw.png

bios.zip

Share this post


Link to post
Share on other sites

Sorry but, ¿works at asus A55VD laptop?. Like this: http://my.asus.com/N...formance/A55VD/

The patcher itself works on this BIOS, but patched BIOS must be tested.

rush@rush-netbook:~/Downloads/PMPatch/build$ ./PMPatch ~/Downloads/K55VDAS.407 ~/out.bin
PMPatch 0.5.10
PowerManagement module at 001A4F00 patched.
AMI nest modules not found.
Phoenix nest modules not found.
CpuPei module at 005A18D8 not patched: Patch pattern not found.
Output file generated.

 

@donovan6000, thank you, will look at SMM module after 5. Mar.

Share this post


Link to post
Share on other sites

Hi CodeRush,

Thanks for your hard work!

 

I am based on a B75 ASUS motherboard, the model is P8B75-M LX with CPU Intel i5-3550, running fine on Lion 10.7.5 but without any PowerManagement feature (am using NullCPU...).

 

I've just tried PMPatch on Windows and got this:

 

C:\BIOSWORK>PMPatch.exe P8B75-M-LX-ASUS-0803.CAP patched.bios

PMPatch 0.5.10

PowerManagement module at 00296508 patched.

AMI nest modules not found.

Phoenix nest modules not found.

CpuPei module at 00790D88 not patched: Patch pattern not found.

CpuPei module at 007D0D88 not patched: Patch pattern not found.

Output file generated.

-----------------------------------

 

Now, which is the next step to flash this? I suppose the Asus utilities will not allow to patch the modified one for B75 right?

 

Another thing: yesterday I tried the other method, by manually patching using Phoenixtools: have found the famous pattern (change from 75 to eb...) and then successfully flashed the new bios. But I still need the NullCPU kext, without it I have KP on the ApplePowerManagement kext. Do you think your patched bios will differ?

 

Thanks.

S.

Share this post


Link to post
Share on other sites

No I didn't.

 

Is it really necessary to clear CMOS after flashing the BIOS? I think it only clear the user settings as bios passwords, date and other settings, not the bios code.

 

S.

Share this post


Link to post
Share on other sites

I had the same problem earlier and a CMOS reset solved it. Probably it is indeed a bit "overkill" but it worked.

It depends on how you flash the BIOS, I guess.

Share this post


Link to post
Share on other sites

I stumbled here and I say congratulations for the work!

 

By cons I have a dual bios Insyde to dump it takes only the first but luckily I had an original bios downloaded from Toshiba :

 

 

Platform: Intel® HM70 Express Chipset

Reading HSFSTS register... Flash Descriptor: Valid

 

--- Flash Devices Found ---

W25Q16BV ID:0xEF4015 Size: 2048KB (16384Kb)

W25Q32BV ID:0xEF4016 Size: 4096KB (32768Kb)

 

--- Flash Image Information --

Signature: VALID

Number of Flash Components: 2

Component 1 - 2048KB (16384Kb)

Component 2 - 4096KB (32768Kb)

Regions:

Descriptor - Base: 0x000000, Limit: 0x000FFF

BIOS - Base: 0x200000, Limit: 0x5FFFFF

ME - Base: 0x001000, Limit: 0x1FFFFF

GbE - Not present

PDR - Not present

Master Region Access:

CPU/BIOS - ID: 0x0000, Read: 0x0B, Write: 0x0A

ME - ID: 0x0000, Read: 0x0D, Write: 0x0C

GbE - ID: 0x0118, Read: 0x08, Write: 0x08

 

Total Accessable SPI Memory: 6144KB, Total Installed SPI Memory : 6144KB

 

FPT Operation Passed

 

 

 

fpt.exe -bios -d PLCSF8dump.fd

 

Intel ® Flash Programming Tool. Version: 8.1.10.1286

Copyright © 2007 - 2012, Intel Corporation. All rights reserved.

 

Platform: Intel® HM70 Express Chipset

Reading HSFSTS register... Flash Descriptor: Valid

 

--- Flash Devices Found ---

W25Q16BV ID:0xEF4015 Size: 2048KB (16384Kb)

W25Q32BV ID:0xEF4016 Size: 4096KB (32768Kb)

 

 

- Reading Flash [0x600000] 4096KB of 4096KB - 100% complete.

Writing flash contents to file "PLCSF8dump.fd"...

 

Memory Dump Complete

FPT Operation Passed

 

 

This one from original Toshiba Bios patched and flashed all right :

 

PMPatch.exe PLCSF8_SLIC.fd PLCSF8_PATCH.fd

PMPatch 0.5.10

PowerManagement modules not found.

AMI nest modules not found.

Trying to apply patch #1

Nested PowerManagement2.efi module at 010368DA not patched: Unknown module state

.

Nested PowerManagement2.efi module at 01238738 patched.

Phoenix nest module at 00222048 patched.

CpuPei modules not found.

Output file generated.

 

How i can dump bios & me region on one file like original Toshiba bios ?

 

Because impossible to flash with just bios (4096KB) with insydeflashutile.

 

 

fpt.exe -me -d PLCSF8MEdump.fd

 

Intel ® Flash Programming Tool. Version: 8.1.10.1286

Copyright © 2007 - 2012, Intel Corporation. All rights reserved.

 

Platform: Intel® HM70 Express Chipset

Reading HSFSTS register... Flash Descriptor: Valid

 

--- Flash Devices Found ---

W25Q16BV ID:0xEF4015 Size: 2048KB (16384Kb)

W25Q32BV ID:0xEF4016 Size: 4096KB (32768Kb)

 

 

 

Error 26: The host CPU does not have read access to the target flash area. To en

able read access for this operation you must modify the descriptor settings to g

ive host access to this region.

Share this post


Link to post
Share on other sites

Hi CodeRush,

 

Thanks for sharing your awesome job!

 

I have a dell xps 17 702x (with i5 2410M)

I use the 0.5.10 version on bios A19, here's the result :

 

PowerManagement modules not found.

AMI nest modules not found.

Nested PlatformSetupAdvancedDxe.efi at 00717238 patched.

Trying to apply patch #1

Nested PowerManagement2.efi module at 00CC3F90 patched.

Phoenix nest module at 00622690 patched.

Dell RAW file checksums corrected.

CpuPei modules not found.

Output file generated.

 

It's seems to work. I didn't try to install osx eversince. I'm new and next time I'm gonna try to understand better what I'm doing...

 

Tschüs!

Share this post


Link to post
Share on other sites

@rocket12, have you tried to flash patched BIOS file with native tools? Can you flash the image dumped with fpt.exe -bios -d image.bin to SPI chip using fpt -bios -f image.bin? If so, patch that image.bin with PMPatch and flash it back.

 

@tibou, all things look good, you can flash this modified BIOS and use native CPUPM in OS X. But if you don't have one and don't plan to install it - no patching is required. BTW, thanks for testing.

 

@all, I have found some interesting info on unlocking access to all regions on HP Elitebook 8560p. Thanks to Thomas S. from [H].

I have an HP Elitebook (Probook) 8560p (i5 and QM67).

On this NB is an descriptor lock and so you can't access the whole BIOS chip.

But there is an "hotkey" to remove the lock:

 

1. Set boot device to USB (and have an USB-Stick with the tools plugged in)

2. Shut down NB. For save work use both line power and battery

3. press the WIN | left arrow | right arrow button (all three together and hold them)

4. power on the NB

5. on the first message on the display release the buttons.

 

You see then an new message on the first line:

HDA_SDO. To lock SPI' date=' do global reset or remove AC & DC then boot after updating SPI.

 

Well, thats it: full dump of BIOS chip is possible, FPT reported no error..

I have not tested full access to flash it [img']http://hardforum.com/images/smilies/wink_anim.gif[/img] (don't want to brick my NB)

Share this post


Link to post
Share on other sites

Coderush - thanks for all your hard work here. I will be testing this on the MSI Z77MA-G45 and the MSI B75MA-P45 over the next few days, and will post back here just to confirm those specific models.

 

Just to be clear, this patch eliminates the need for one of http://biosrepo.wordpress.com/ solutions, correct? Rather than repackaging a specific BIOS (say, 1.4) it actually modifies the latest BIOS (say, 1.7)?

Share this post


Link to post
Share on other sites

Hey Coderush!

 

I have an ASUS p8z77-v LX2.

 

I have patched the bios but i think that my board don't have the USB FLASHBACK

 

 

PMPatch 0.5.10

PowerManagement module at 003FC7C0 patched.

AMI nest modules not found.

Phoenix nest modules not found.

CpuPei module at 007910E8 not patched: Patch pattern not found.

CpuPei module at 007D10E8 not patched: Patch pattern not found.

Output file generated.

 

I have tried with DCPimanager but it return and error.

 

Can u help me?

 

Thank you in advance!!!

 

from DOS with FLASHROM.exe works.

 

with this commands in P8Z77-v LX

i made a backup first (bkup.bat) with:

flashrom -p internal:laptop=this_is_not_a_laptop -r backup.rom

 

flash with Mod.bat contents:

flashrom -p internal:laptop=this_is_not_a_laptop -w mod.rom

 

i have SPI USB programmer if anyone needs to recover and bootblock recovery is not working.. u can send chip to me and i send chip back flashed in Tampa, FL USA

Share this post


Link to post
Share on other sites

@CodeRush is it possible to put inside UEFI BIOS HFSPlus.efi driver ? Can you made option like that for PMPatch ?

It is possible but it's harder then a simple patch. If I will work on it, it will be another project. I'm not a fan of do-all-you-can-imagine kind of utilities, because they are hard to code and debug.

 

Just to be clear, this patch eliminates the need for one of http://biosrepo.wordpress.com/ solutions, correct? Rather than repackaging a specific BIOS (say, 1.4) it actually modifies the latest BIOS (say, 1.7)?

The patch tries to unpack, patch and repack an input file and write a result to output file. It can be 1.4, 1.7, X.Y or even BIOS dump made by FPT or flashrom. Yes, it eliminates a need of BIOSes provided by BiosRepo.

Share this post


Link to post
Share on other sites

The patch tries to unpack, patch and repack an input file and write a result to output file. It can be 1.4, 1.7, X.Y or even BIOS dump made by FPT or flashrom. Yes, it eliminates a need of BIOSes provided by BiosRepo.

 

Excellent! Only the latest BIOS from MSI supports my RAM, but BiosRepo has one from a couple versions ago. I'll test and post results, vielen dank für deine arbeit!

Share this post


Link to post
Share on other sites

from DOS with FLASHROM.exe works

This method isn't good enough on ASUS P8xxx boards because of individual data loss. FTK is mush better. Please read the guide linked in my signature to know more the whole situation with BIOS recovery and data recovery on ASUS P8xxx boards.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By nysander
      I start this topic to make my Lenovo Thinkpad W540 usable with High Sierra
       
      I followed many guides but this one started by @tluck made me most progress: 
      My setup as in signature
       
      I will update first post with statuses of working features:
       
      Graphics:
      Nvidia Quadro - disabled
      Intel HD 4600 - working @ 1920x1080 and 1,5GB RAM (had to set ig-plaform-id as Haswell desktop, mobile do not work)
      using intelGraphicsFixUp.kext
       
      Sound:
      internal speakers and mic works with AppleACL.kext and profile 28

      USB:
      i boot MacOS from USB drive and it works, mouse and pendrive also works
      USB power not work yet, so USB WiFi dongle and iPhone connection not work (no power @ USB)
      IOReq finds only USB 3.0 controller not USB 2.0 even though I have 2 ports USB 3.0 and 2 ports USB 2.0
       
       
      Integrated Camera:
      recognised in IOReq but not working now (probably due to USB)
       
      Bluetooth:
      as USB but works without problem

      Ethernet:
      works with intelMausiEthernet.kext

      Keyboard:
      internal is PS2 so VoodooPS2Controller.kext is needed - some mappings I would like to have different but works

      Touchpad:
      works with VoodooPS2Controller.kext from @tluck topic
       
      Trackpoint:
      One time works mostly not - debugging in progress
       
      Batery Status:
      not working
       
      Integrated WiFi:
      intel -  not working
       
      Sleep / Hibernate:
      not working
       
      Backlight:
      not working
       
      Other found issues:
      besides that graphics works @ 1920x1080 and have a lots of ram window shadows (especially dock shadow) looks bad
       
      External VGA:
      not tested yet
       
      External Mini Display Port / Thunderbolt:
      not tested yet
       
      I will post my clover / debug config later
       
       
    • By prince537
      Hello, I have set up a new desktop Mac and I have this problem. One of my fans is not working but in this picture is showing that you have two fans. could someone help me with this? I'm totally newb.

    • By notacone
      These are the Original iMac17,1 Firmware 0105_B20 ACPI Tables.
      They have been extracted from the firmware file provided in 10.12.4 update, so they are clean and unloaded.
      All tables are available in hex cut/new file/paste order so they are untouched and unloaded.
      I believe these files can serve to better study Skylake architecture implementation in Sierra.
      10.12.4-10.12.6 : IM171_0105_B20-10.12.4.firmware update ACPI Tables.zip
      10.13.0+ : IM171_0110_B00 10.13.0GM ACPI Tables.zip
    • By partha.slg123
      Hackintosh High Sierra 10.13.3 USB Installer Boot Into USB DIrectly Enter Exit Option Menu. Clover Boot Menu Not Showing. Plz Help .................
       

       
      My System Specification :

      CPU : Core i5 6400
      MB : Asus H110M-CS
      RAM : 8GB DDR 4
      HDD : WD 1TB For Windows And WD 500 GB For Hackintosh
      Bootloader : Clover
    • By gorans
      Hi,
       
      after updating HS my WOL stopped working. It worked for sure in El Capitan, not sure in what version of HS stopped to work. I'm using Ozmosis as bootloader and IntelMausiEthernet (in S/L/E) for network. I created ssdt.aml with ssdtPRGen, and put it in EFI/Oz/Acpi/Load/.
      WOL is enabled in BIOS, wake for network access is checked
      pmset -g System-wide power settings: DestroyFVKeyOnStandby 0 Currently in use: standby 0 Sleep On Power Button 1 womp 1 hibernatefile /var/vm/sleepimage powernap 0 networkoversleep 1 disksleep 10 sleep 15 autopoweroffdelay 28800 hibernatemode 0 autopoweroff 0 ttyskeepawake 1 displaysleep 15 standbydelay 10800 If I put machine to sleep, WOL works for a short time, but not working if I let it sleep for a while.
       
      I deleted Ethernet in Network, rebooted and recreated it, but still the same.
       
      Hardware:
      MOBO:     Gigabyte Z97-D3H rev 1.1
      processor:    i5-4460 Haswell
      graphic:    Gigabyte GeForce GT 740 OC GDDR5 2GB (GV-N740D5OC-2GI)
      memory:    2 x 8GB Kingston
      disks:    Samsung SSD 850 EVO 120GB
              Seagate 2TB
              LG DVD±RW
      Sound:     VoodooHDA
      Network:    IntelMausiEthernet.kext
       
      Any advice?
       
      Best regards,
      Goran
×