[UEFIPatch] UEFI patching utility

[giacomoleopardo]

My Gigabyte GA Z170X Gaming 3 is on its way. I've patched successfully the latest non-beta BIOS with the latest patches for 1151. Does anybody have any clue to how to flash it? afudos method? Or just the Gigabyte flash utility?

[Aigors]

My Gigabyte GA Z170X Gaming 3 is on its way. I've patched successfully the latest non-beta BIOS with the latest patches for 1151. Does anybody have any clue to how to flash it? afudos method? Or just the Gigabyte flash utility?

As far i know you can flash with Gigabyte Utility, if i remember well bios doesn't have any signature 

[giacomoleopardo]

As far i know you can flash with Gigabyte Utility, if i remember well bios doesn't have any signature 

Unfortunately Gigabyte QFlash Utility doesn't allow patched bios to be flashed. With AFUDOS BIOS.BIN /O command to dump the original bios gives me "BIOS Write protected" error. Any clue? I would use SPI Programmer but first of all I can't even dump the original file to be patched, then I wouldn't try flashing since the bios chip is soldered to the motherboard.

[zahak]

Hi guys

 

I'm trying to install El Captain on my desktop. But I couldn't reach to Installer and after 2 or 3 second, apple logo appeared, system reboot.

Someone here told me that the problem is in BIOS and I have to disable IOAPIC in my bios. But this option in hidden in my bios.

So I decided to use this guide to active this option in my bios. I've downloaded my BIOS from www.gigabyte.com and extract H81MS2PV.F9 from that in 8MB in size.

But the AMIBCP.exe told me that the file is not Aptio V.  (The input image is not Aptio V.)

Any suggestion please?!

 

thanks a milliom

[Kynyo]

Hello everyone! I don't know if i'm posting into correct section but I'd like to update my Management Engine FIrmware and UEFITool gives me this error:

reconstructIntelImage: reconstructed body size F80000h (16252928) is smaller then original 1000000h (16777216) 

So, it's that normal, or it because i'm trying to modify a genuine gigabyte BIOS file?

Actually, I saw that ME Region it's unlocked, so it's not a problem replacing the firmware with a new version. It seems pretty comod because otherwise I have to flash it from Windows using specific tools and i want to put directly into BIOS using this UEFITool feature.

@CodeRush, thanks for this great tool, it's really helping the entire community!

[Aigors]

Unfortunately Gigabyte QFlash Utility doesn't allow patched bios to be flashed. With AFUDOS BIOS.BIN /O command to dump the original bios gives me "BIOS Write protected" error. Any clue? I would use SPI Programmer but first of all I can't even dump the original file to be patched, then I wouldn't try flashing since the bios chip is soldered to the motherboard.

As far i know you can't use spi on Gigabyte mobo, you have to desolder main chip and read it with spi, i was tring with clips, no lucky, mis spi tell me to much current absorbed 

[giacomoleopardo]

This method is working with GA-Z170X Gaming 3 - bios F5b for

- IOAPIC Value patch

- Unlock 0xE2 module

- Flash with old EFIFlash utility

 

Unfortunately Asus bios (tried on Z170 Pro) is locked, afudos not working, neither efiflash or BUpdater (Asus dos tool). Of course, Asus doesn't have soldered chips, so hopefully SPI Programmer should do the job (not tested yet)

[CodeRush]

Kynyo, it's a bug in both Gigabyte descriptor and UEFITool, will try to get rid of it, thanks for pointing me out.

You can use hex editor to replace the ME region manually, but I don't recommend doing it at all, use FwUpdLcl to update the existing one, if nothing blocks ypu from it.

[CodeRush]

giacomoleopardo, is that Skylake patchset working on your board? If so, I will add it to the next UEFIPatch release.

You can try BIOS flashback or this method (use google translate).

[Aigors]

This method is working with GA-Z170X Gaming 3 - bios F5b for

- IOAPIC Value patch

- Unlock 0xE2 module

- Flash with old EFIFlash utility

 

Unfortunately Asus bios (tried on Z170 Pro) is locked, afudos not working, neither efiflash or BUpdater (Asus dos tool). Of course, Asus doesn't have soldered chips, so hopefully SPI Programmer should do the job (not tested yet)

I have a spi programmer and works very well with asus chips, but you need a clips to read and flash onboard.

Buy a very strong clip, i bought a cheap programmer but i had to change standard clip with one from pomona, the standard that comes with programmer. was a {censored}.

Another way is desolder chip and solder soic 8 sockets, so you can remove flash without hot air station, i'm following this way for laptop in which i would like put Ozmosis 

[giacomoleopardo]

giacomoleopardo, is that Skylake patchset working on your board? If so, I will add it to the next UEFIPatch release.

You can try BIOS flashback or this method (use google translate).

Yes it is. Confirmed

# SiInit | Skylake
299D6F8B-2EC9-4E40-9EC6-DDAA7EBF5FD9 10 P:75080D00800000:EB080D00800000
299D6F8B-2EC9-4E40-9EC6-DDAA7EBF5FD9 12 P:75080D00800000:EB080D00800000

working on GA-Z170X Gaming 3 as posted above on #1867. Also the old EfiFlash version posted from vonmolk does work to flash gigabyte bios. Also the AMIBCP 5.01 method to add IOAPIC value.

Still on Asus I need to try that method you linked.

 

I have a spi programmer and works very well with asus chips, but you need a clips to read and flash onboard.

Buy a very strong clip, i bought a cheap programmer but i had to change standard clip with one from pomona, the standard that comes with programmer. was a {censored}.

Another way is desolder chip and solder soic 8 sockets, so you can remove flash without hot air station, i'm following this way for laptop in which i would like put Ozmosis 

 

Thanks. I know how to flash  with SPI. I do that with Raspberry. And no need to desolder anything, cause on Gigabyte EfiFlash does work. The issue is now on Asus Z170 Pro. Still working with Kernel PM flag in clover config.plist, though.

[Kynyo]

Kynyo, it's a bug in both Gigabyte descriptor and UEFITool, will try to get rid of it, thanks for pointing me out.

You can use hex editor to replace the ME region manually, but I don't recommend doing it at all, use FwUpdLcl to update the existing one, if nothing blocks ypu from it.

Ok, Thanks!

[zakkaz96]

PMPatch works on BIOSes for that board. Method to flash it is linked 4 message above.

H81M-E-ASUS-0605.pm.zip

H81M-K for ASUS?!

[amgclk65]

Good New Year to Everyone. 

Im working with a cheap ecs broad. H81H3-I. I used UEFIpatch to patch the bios. But I'm still needing Null Kext to boot. Can Someone Verify the Bios is Patched correctly for me? Any help would be great. 

B.rom.zip

[CodeRush]

It's patched correctly.

[amgclk65]

It's patched correctly.

Thanks for looking into that & your valueable tools CodeRush!

Ill have to dig into why its still needing Null kext to boot.

[2bad0]

Maybe your model identifier is set to one which still uses power kext

[korital]

Trying to download the UEFIPatch files but the website (github.com) they are supposedly hosted on is down and I cannot access them.

 

Can someone upload the latest version here or somewhere else and send me a link.

Thanks!

[oSxFr33k]

{censored}.

Now you need hardware SPI programmer to dump your current BIOS, make new working image from that dump and then flash it back.

Because it's a laptop and SPI chip is soldered to the board, you also need to desolder and resolder it. 

I will add a warning to the FAQ.

If you have a non-ended warranty - just use it now.

 

I know this post is old but why can't you read the chip with the proper SoiC 8 clip with your Chip programmer make the fixes then flash it back the same way while the chip is still soldered to board?

 

It is possible to read a non bricked chip and save that as a backup in case it gets bricked then flash it back with Chip Programmer while chip is still soldered to the Laptop Motherboard?

I found another option for AMI Aptio : ) suggested and more reliable:

 

SCEWIN_64 /o /s nvram.txt /h Hii.db /v /q

 

open the extracted nvram.txt with notepad++ and search for

 

Setup Question    = SMI Lock

Token    =78    // Do NOT change this line

Offset    =88

Width    =01

BIOS Default    =[01]Enabled

Options    =[00]Disabled    // Move "*" to the desired Option

         *[01]Enabled

 

Setup Question    = BIOS Lock

Token    =79    // Do NOT change this line

Offset    =89

Width    =01

BIOS Default    =[00]Disabled

Options    =*[00]Disabled    // Move "*" to the desired Option

         [01]Enabled

 

Setup Question    = GPIO Lock

Token    =7A    // Do NOT change this line

Offset    =8A

Width    =01

BIOS Default    =[00]Disabled

Options    =*[00]Disabled    // Move "*" to the desired Option

         [01]Enabled

 

Setup Question    = BIOS Interface Lock

Token    =7B    // Do NOT change this line

Offset    =8B

Width    =01

BIOS Default    =[00]Disabled

Options    =*[00]Disabled    // Move "*" to the desired Option

         [01]Enabled

 

on my P8Z77-V LX the options appear twice, so you'll have to change it twice.

As explained in the dump move the wildcard (*) to the required option and change Default from

 

BIOS Default    =[01]Enabled to

BIOS Default    =[00]Disabled

 

save the nvram.txt and flash back with command

 

SCEWIN_64 /i /s nvram.txt

 

afterwards I do a globalreset with,

 

fpt -greset

 

it maybe an important step!

 

tested succesfully from linux with flashrom.

 

best regards

 

Is SCEWIN_64  part of the AMI tools you can download from AMI?  Will flashrom work on the new Raspberry Pi3 with Raspberian_Jessie linux version?  I tried the link and it brings me to AMU pdf files unless I need to use the drop down menu to grab this file?  If so what is the filename that AMI has given it because SCEWIN_64 is not a file on its own must be part of one of their package files?  You mentioned you have a Linux version of this working?  Do you have a link to this as well?

 

Will this method work on an Asus Laptop UEFI Bios?

 

With an EEPROM SPI Programmer like the ESP2010 or my old Xeltek 580U Pro I got working in windows 10 with a Guide on a 64 bit USB driver and Mod to the SP3000 programmer EXE can one dump the entire bios chip contents as a backup then re-write to that chip in the event of a complete brick with Bios Locks in place?  Also while the chip is soldered to the board can it be read and written to from another PC/Laptop with the programmer and proper SoiC 8 Clip?

 

Thanks

[Aigors]

I know this post is old but why can't you read the chip with the proper SoiC 8 clip with your Chip programmer make the fixes then flash it back the same way while the chip is still soldered to board?

 

It is possible to read a non bricked chip and save that as a backup in case it gets bricked then flash it back with Chip Programmer while chip is still soldered to the Laptop Motherboard?

Not all soldered chips can be readed with cilp, for example i can't read my HP 6560b laptop bios chip with clip, i had to desoldered and read with spi programmer, to solve this issue i found a usefull soic8 sockets can be soldered on pcb, in this way you can do all the try ypu want.

My specific spi flasher have a curent protection, so if current flow it's high then setup, simply refuse to read chip, maybe some component on pcb need to much current than programmer can deliver.

 

You can try to read another non bricked bios chip, but in most cases you copy information that are related only to device where you can read chip, for example ethernet mac address, maybe service tag or uuid of the device.

[oSxFr33k]

Not all soldered chips can be readed with cilp, for example i can't read my HP 6560b laptop bios chip with clip, i had to desoldered and read with spi programmer, to solve this issue i found a usefull soic8 sockets can be soldered on pcb, in this way you can do all the try ypu want.

My specific spi flasher have a curent protection, so if current flow it's high then setup, simply refuse to read chip, maybe some component on pcb need to much current than programmer can deliver.

 

You can try to read another non bricked bios chip, but in most cases you copy information that are related only to device where you can read chip, for example ethernet mac address, maybe service tag or uuid of the device.

 

 

Nice do you have a link to the Soic 8 socket I can solder to the board?   The chip fits in it nicely?

[Aigors]

Nice do you have a link to the Soic 8 socket I can solder to the board?   The chip fits in it nicely?

http://siliconkit.com/ocart/index.php?route=product/product&product_id=81%E2%80%8B

http://www.dediprog.com/pd

[chriz74]

PMPatch is obsolete and not supported by me anymore.

I have developed the successor of it, UEFIPatch, which is both more universal and reliable, and uses UEFITool's engine for proper UEFI modification.

Combined topic about all my UEFITool-based utilities is here, sources and binaries are available on GitHub.

Bug reports are welcome. 

 

To any new readers of this topic: it's you who takes all the risk of bricking your board, it's you who is responsible for all things that you do to your PC, not me or any other developer out there!

BIOS modifications are risky by their nature, please be aware of it and don't blame me if anything is gone wrong for you.

 

 

Old PMPatch post and FAQ is in spoiler below:

 

 

I wrote an utility to patch modern UEFI BIOSes from different vendors to prevent them from locking MSR 0xE2 and therefore make the system with patched BIOS compatible with native OS X power management.

It's tested on AMI, Phoenix and Insyde UEFI BIOSes and it works.

 

This patch works on boards based on 5th, 6th, 7th and 8th series of Intel chipsets, so NM10 and similar ones are supported - there is nothing to patch in that BIOSes.

 

The utility is BSD-licensed and available on GitHub.

Compiled versions for Windows and OS X are here.

Latest version is 0.5.14

 

Usage: pmpatch /path/to/original.bios /path/to/patched.bios

 

This program can produce corrupt BIOS images, try them on your own risk.

Please attach AIDA64's or DarwinDumper's report file to your "PMPatch didn't work for me" message.

Thank you in advance.

 

F.A.Q.

1. I have many "... not found" messages in program output, is it bad?

-- No, if the last message is "Output file generated", it's OK to have any other messages.

 

2. I have patched my BIOS, can you guarantee it will work after flashing?

-- No, but there are many people with patched BIOSes of all kinds, and very few negative reports.

 

3. I can't flash my patched BIOS due to "security verification failed", what can I do?

-- If you have ASUS board with USB BIOS Flashback support, use it to flash your modified BIOS.

-- If you have AMI UEFI BIOS (all modern desktop boards now have one, DO NOT TRY IT ON NOTEBOOKS), then you can use this method.

-- If you have non-AMI BIOS, I don't know any 100% working method except using external programmer, which are cheap and fast nowadays. 

 

4. Program version for OS X crashes with "Segmentation fault" message, what to do now?

-- It's a known issue with LZMA compression code compiled by Apple compilers, please try using version for Windows.

 

 

 

what happened to uefipatch? There's no binary on github.

[dragonmel]

can this be used to add hfsplus-64.efi to a intel s5520HC bios 

 

thanks

[Aigors]

It depends on security signing of BIOS,

 

Inviato dal mio NX507J utilizzando Tapatalk