Jump to content

[UEFIPatch] UEFI patching utility


1,981 posts in this topic

Recommended Posts

Ok, I just think about it everytime: you should not loose your smbios data, that's why I meant to upgrade from ezflash in uefi, then dump nvram.txt with sce and we'll unlock it again.

OK, I know you want me to upgrade to 2403 first from ezflash so I don't loose my bios settings, but

But will this work:

1. Currently on 2303, scewin the already edited 2303 nvram.txt back with SCEWIN_64 /i /s nvram.txt.

2. Reboot and fpt -d bios.bin to backup current bios.

3. fpt -rewrite -f bios-patched.bin to flash 2303 to PMPatched 2403.

4. Reboot and re-apply settings in bios.

 

Would this work?

What would be the problems with doing it this method?

Hey First of all thanks to Code Rush your UEFI tool is awesome.

 

So I have the same Mobo like Arkanis the Z9PED8WS and I have also tried several tools to unlock the MSR - fpt doesn't work because it won't get access to write on the Chip - EZFlash (Builtin BIOS flash utility) gives me security failures and afuwin/ afudos does the same. So I tried the procedure of Light Server for the 8th Gen Chipsets ( /gan method) and bricked my BIOS Chip :D

 

Luckily I have 2 Backup Chips and I also ordered a SPI Programmer to reprogram the bricked one...

 

However the MSR is still locked and I really want to unlock it so maybe k3nny could you describe what you did with arkanis BIOS dump and how did he flash his chip?

 

Thank you in advance

@Niklas Oestergaard:

You should stick to the /gan method provided by LightServer, which is linked on the first page.

 

After you made a dump, open it in UEFITool, find and extract the PowerManagement module body. PMPatch won't be able to patch it yet, but CodeRush posted a manual patch a few pages back.

Replace the needed bytes, reintegrate the patched module body back with UEFITool and flash it using afudos /gan.

 

The patch worked for Arkanis and chofete.

@k3nny

 

Thx for your fast reply.

 

I actually did that and it bricked my chip - maybe it's because I did this in Windows so I think I'll try again in DOS :D

 

When I open my dump (from afuwin) in UEFI tool it says ME region could be damaged - is that normal or should I worry about this?

@Niklas Oestergaard:

 

You probably don't have read access to the ME region and it fails to read out any valid content while dumping. I don't know how it affects a flash using /gan, but I suppose it doesn't, as the others probably had the same descriptor settings as you.

I tried the same in DOS and bricked my second BIOS Chip - I also reset CMOS and SMBUS but System won't boot.

 

I think I'll have to wait until the SPI Programmer is in the mail to do this ... Any idea why it didn't work? ME Region or AFU Flash utility? :/

Ok well first I booted into DOS and made a dump with: afudos /o backup.rom

Then I restart and booted into Windows 8 and patched the Dump with UEFI tool (changed 0f ba 6c 24 38 0f to 0f ba 74 24 38 0f) and saved the new modbios.rom to DOS stick.

Again restart and boot into DOS and typed: afudos modbios.rom /gan

 

Afudos ran read erase write and verify and seemed to be successful.

 

After restart board won't boot so I reset the jumpers and battery but no boot screen

 

I've read of this hotflash thing a lot but won't this short circuit my hardware? :/

Hotswap means: boot up with a functional bios chip, remove it while mobo is running and plugin a non functional bios (< that's the hotswap) (chip),

it will write back the functional bios on the chip ; ) just shut down the running pc and the running bios is burnt into the eeprom again.

If not, you can still use afuwin to flash a functional backup.rom. However removing the bios chip while running won't disturb the boards functionality.

 

With ASUS I recommend using the sce_win method. You'll find it in my signature.

So you mean boot with the functional BIOS Chip into the BIOS, remove it and plug in the bricked one and then save changes?

 

Does the sce_win method unlock MSR? Or is it only for being able to flash the Chip with afuwin/afudos?

 

Thank you in advance

So you mean boot with the functional BIOS Chip into the BIOS, remove it and plug in the bricked one and then save changes?

 

Does the sce_win method unlock MSR? Or is it only for being able to flash the Chip with afuwin/afudos?

 

Thank you in advance

 

Hi Niklas,

 

>>> So you mean boot with the functional BIOS Chip into the BIOS, remove it and plug in the bricked one and then save changes?

 

yes, boot up, while powered up unplug the running bios chip, it's shadowed into the RAM, then plugin the bricked chip - watch out for the direction, there's a notch - and then shutdown the pc.

now your bios should be restored onto the chip.

 

>>> Does the sce_win method unlock MSR? Or is it only for being able to flash the Chip with afuwin/afudos?

 

no, but it enables flashes from dos with flashrom ; ) by coreboot to flash whatever you need.

afudos need a capsule header, not good, I'm not sure with Intel FPT, maybe the C602 chipset is unsupported.

flashrom is anyway the best choice cause it's writing the whole ROM, not just some modules like afu does in some cases.

Ok well something strange happened - I wanted to do this Hotswap and flash the backup on the Bricked BIOS Chip:

I booted into windows 8, swapped the Chip, started afuwin and as soon as I selected the file - the Computer restarts (so there was no flashing I believe) but this time he boots up normally - with the bricked chip. :D

I thought well ok let's see if MSR is unlocked so I booted into windows 8 and made a fresh dump, opened in UEFITool and it's unlocked.

However HWMonitor doesn't show me either Speedstep nor turbo but that's because I don't have a SSDT I think (will check that later).

I also did a Geekbench test and the result was 36K which is a little more than before I think. Then I made the Geekbench test in Windows and the result is 38K (I think it's due to turbo) but it's only showing me 800Mhz Ram which was 1600mhz before I also double checked this with CPUZ but also 800Mhz :( - so is this a Windows 8 energy saving thing or is it due to unlocked MSR?

 

Thanks in advance

Ok I got it all working :)

I found out the reason for bricking the BIOS Chips was because of BIOS version 3202 - Arkanis and chofete used 5404 which works without problem.

For those with the same Mobo: After you patched MSR you have to use rampagedev's AppleIntelCPUPowermanagement.kext and use a SSDT to get Turbo and Speedstep working.

Anyway thank you very much guys you're awesome!

could someone please take a look at this output?

What's wrong? if you read output file generated, the patching goes rigth 

  • 2 weeks later...

Hello everbody,

 

I have a MAXIMUS VI HERO C2 with the latest bios v1402.

I patched the bios with pmpatch v0.5.14, could someone please take a look if it seems right ?

 

Thank's you.

Yes it's ok, when you read 

Output File Generated 

the bios have been patched right 

Hey Nikolaj, can you upload the compiled version again.. downloads are not available anymore.

 

Or let us know how to compile from source.. I tried with gcc on OSX but am getting some errors.. I'm not a C guy so it's a bit over my head.

 

Or could someone PM me the compiled latest version. Thanks!

 

 

I have a quick question. I'm using G750JX from ASUS and it's using AMI UEFI bios.. considering that the warning is not to try this on a laptop, is that still valid with the latest UEFI bios for laptops from ASUS?

 

 

Thanks everyone.. 

Hello,

i tried to make Hackintosh with my Z87-G45 gamming MSI motherboard and i would to flash my bios but PMPATCH is no longer available with the link give in the first topic of this post.

Can you send me a valid link ?

Thanks a lot.

(i'm french guy sorry for my english)

It was not me who removed binaries, it's a bug on sendspace side, but I think it's time to drop PMPatch 0.5 support at once and make a new version based on UEFITool code base.

It's a hard times for me now because of my new job and final stages of my master thesis, but I think this new PMPatch will soon be ready.

I have reuploaded Windows build, OSX will be ready soon.

Hi there,

 

First, thank you guys for your efforts! I appreciate everything you've done for the community!

 

I'm using a P8C WS with BIOS 3601, which has the infamous BIOS security lock. To date, I haven't found a solution to flash the pmpatched 3601 BIOS over my actual one - my mainboard refuses to flash via EZ Flash (Security verification failed), doesn't offer USB Flashback (only Crashfree BIOS, which is actually EZ Flash - there is a mysterious ASUS_USBFLASHBACK module in MMTool, but obviously there is no documentation for P8C WS, also it's lacking the Flashback button) and it has the BIOS security lock, so FTK isn't working aswell.

 

One of the methods I've tried, was flashing the oldest 3xxx BIOS available (which is 3010) and trying to flash via FTK to pmpatched 3601. This works, because BIOS Security Lock was introduced in BIOS 3108. But it still leaves me with a weird BIOS interface, which has many hidden, unfunctional menus enabled. So, I flashed stock 3601 BIOS over the FTK-flashed one and have a fully working, stock BIOS again.

 

Still, I'm wondering, if flashing a pmpatched 3601 over a stock 3601 will work better. However, this is not possible atm, since the BIOS security lock is enabled. Now, I found CodeRush's post (I'm referring to http://www.insanelymac.com/forum/topic/285444-pmpatch-uefi-patching-utility/page-33?do=findComment&comment=1944166) about disabling BIOS lock. Should I try this, or are there currently any better methods (or projects in the works), I'm not aware of? Couldn't resigning the modified BIOS and flashing it with EZ Flash be an option (or what does the security verification of EZ Flash do at all)? Haven't found any public methods for signing BIOSes though.

Hi tolga9009,

 

it should make no difference at all, if you have an unmodified BIOS or one with a patched PowerManagement module. Except for the locked 0xE2 register of course.

 

In case you plan to flash a locked BIOS multiple times, you might find it more comfortable to use the "gan" switch or to change the "BIOS Lock" setting with AMIBCP.

  • Slice pinned this topic
×
×
  • Create New...