Jump to content
Download-Fritz

EFI Variable Store on Aptio V (Haswell-E and up)

194 posts in this topic

Recommended Posts

On some Z97 ASUS motherboards, for example Z97-C write to NVRAM worked with BIOS to versions 2403. Later version not preserve NVRAM. 

 

Does that help, if I asked some from my friends who have this motherboard for making dumps from version which preserve and don't preserve NVRAM? 

Share this post


Link to post
Share on other sites
Advertisement

 

On some Z97 ASUS motherboards, for example Z97-C write to NVRAM worked with BIOS to versions 2403. Later version not preserve NVRAM. 
 
Does that help, if I asked some from my friends who have this motherboard for making dumps from version which preserve and don't preserve NVRAM? 

 

 

Yes, please.

But do not dump NVRAM with DarwinDumper, but dump "Firmware Memory Map". Please also attach the ROMs used.

Share this post


Link to post
Share on other sites

Yes, please.

But do not dump NVRAM with DarwinDumper, but dump "Firmware Memory Map". Please also attach the ROMs used.

@D-F Just thought I'd throw my research into the mix. I have found that you can enable NVRAM writes in Asus AptioV bioses my replacing the NvramSmi SMM module with the combined SMM/DXE NvramSmi module (same GUID) from older bioses that allow NVRAM writes. You also need to delete the NvramSmiDxe driver module when you do this replacement. Unfortunately this only seems to work for Asus boards. Have tried using the combined SMM/DXE module in ASRock bioses but no go. So it seems to be that NvramSmi implementation is where the issue lies, unfortunately I don't know how to proceed from here...

Share this post


Link to post
Share on other sites

@D-F Just thought I'd throw my research into the mix. I have found that you can enable NVRAM writes in Asus AptioV bioses my replacing the NvramSmi SMM module with the combined SMM/DXE NvramSmi module (same GUID) from older bioses that allow NVRAM writes. You also need to delete the NvramSmiDxe driver module when you do this replacement. Unfortunately this only seems to work for Asus boards. Have tried using the combined SMM/DXE module in ASRock bioses but no go. So it seems to be that NvramSmi implementation is where the issue lies, unfortunately I don't know how to proceed from here...

 

Pls up Memory Map dumps with the combined and the separate drivers, thx (from Shell and OS X pls)

Share this post


Link to post
Share on other sites

Sorry for double-posting, but I need to bump.  ;)

Please someone try this: https://www.dropbox.com/s/zu5jixphkr4elk0/OsxAptioFix2Drv.efi?dl=0

I tell you... if this one should give you VarStore r/w access, storm the AMI headquarters and slaughter them all.

This will give UEFI wrong addresses for virtually mapped RT_data regions, so the system might not boot, fail randomly during RT or not shutdown properly.

 

EDIT1: nevermind, this will not work... hold on, will update the post with a new bin soon.

EDIT2: This could work now... link updated.

Share this post


Link to post
Share on other sites

 

EDIT2: This could work now... link updated.

 

Kernel panic :"pmap_map_bd: Invalid kernel address\n"@/Library/Caches/com.apple.xbs/Sources/xnu/xnu-3789.21.3/osfmk/i386/pmap_x86_common.c:2211

 

post-1775856-0-37313200-1479062181_thumb.jpg

Share this post


Link to post
Share on other sites

Kernel panic :"pmap_map_bd: Invalid kernel address\n"@/Library/Caches/com.apple.xbs/Sources/xnu/xnu-3789.21.3/osfmk/i386/pmap_x86_common.c:2211

 

attachicon.gifIMG_4617.JPG

 

Hmm, we can't test it then, but I have a horrible foreseeing for what could be the reason. Would you be ready to flashed a modded fw? GA has "DualBIOS" afterall...

Share this post


Link to post
Share on other sites

I can flash bios without any risk. I have Usb Flash Back on board, and a hardware SPI programmer. I have a copy of the contents of the flash.

Share this post


Link to post
Share on other sites

Hmm, we can't test it then, but I have a horrible foreseeing for what could be the reason. Would you be ready to flashed a modded fw? GA has "DualBIOS" afterall...

I am ready to test.

I currently use Gigabyte BIOS F4 (newer ones have problem recognizing my RAMs).

Share this post


Link to post
Share on other sites

Yes, please.

But do not dump NVRAM with DarwinDumper, but dump "Firmware Memory Map". Please also attach the ROMs used.

 

Dumps from two version of BIOS - 0217 preserve NVRAM, 0412 have broken NVRAM.

 

If you need any more dumps, tell me what you want, I'll do it.

 

https://dl.dropboxusercontent.com/u/19801500/tmp/NVRAM%20Maximus%20VII%20Impact%20Clover%203922.zip

Share this post


Link to post
Share on other sites

@D-F

Unfortunately I no longer use my Asus rig, CPU and memory now in ASRock motherboard. I can, however, do modded firmware testing as have an SPI programmer so let me know if I can help in any way

Share this post


Link to post
Share on other sites

The ASUS only has NvramSmi (dual DXE + SMM) as far as I can see, while the GA has DXE and SMM separate... ASUS AiO Smi driver is also far smaller than GA's Dxe.

Furthermore, the ASUS one seems to work like Aptio IV while GA's works EDK2-style from what I saw till now. I'm not sure what could cause both methods to just fail.

I suppose AMI made an update and both vendors copied the changesi into their codebases, while ASUS was likely using an older one.

 

Expect not to hear any news for some time, this is not going to be  1-day-task. :)

Share this post


Link to post
Share on other sites

Nvram works for Asus: Z170-Pro, Z170-Pro Gaming, Z170-Deluxe and Z170M-Plus (or H170M-Plus). Don't remember BIOS version (always last at the time I work with PC). If I get one of this PC back I will do dumps.

Share this post


Link to post
Share on other sites

Did you found anything useful regarding NVRAM? Bcz we have problem with writing nvram on Dell XPS 9550.

 

I'm rather busy in the last few days and that won't change for a bit... didn't find anything yet. If anyone else wants to look into it, feel free to. :D

Share this post


Link to post
Share on other sites

I'm rather busy in the last few days and that won't change for a bit... didn't find anything yet. If anyone else wants to look into it, feel free to. :D

 

A few days ago, you had suspicions on what might be the reasons. Would you mind sharing them ?

Share this post


Link to post
Share on other sites

I'm rather busy in the last few days and that won't change for a bit... didn't find anything yet. If anyone else wants to look into it, feel free to. :D

 

Yeah, i can understand you. Same for me. Still trying to make owners of my laptop happy - making a lot of hacking around in every free moment that i can catch.

But if you can guide me into at least some exact places where to look - maybe i will find a minute to look. Who knows, maybe i will find something useful. Can be very useful list of places in clover to investigate (at least approximately, i'm good on gathering code :) )

Also if you have any info how storing user data into NvRam is working overall - can be very good. This is part of UEFI that i don't know at all (but have experience hacking and repairing internal nvram storage in my bios :) )

Also, is there any way to check from Linux or Win if NvRam is write-accessible at all?

Share this post


Link to post
Share on other sites

A few days ago, you had suspicions on what might be the reasons. Would you mind sharing them ?

 

My best guess was that the SMM portion of the driver would be calling ConvertPointer() on the CommBuffer - as SMM runs in physical mode though, that would break things if physical != virtual. As far as I know, physical = virtual on Windows and Linux, at least also (one physical address can have multiple virtual ones), which would have explained why it worked there (does it even?). But I didn't find anything the the driver that hints at that yet.

 

Can be very useful list of places in clover to investigate (at least approximately, i'm good on gathering code :) )

 

Nothing in Clover can help you and the code you would be looking for is not open.

Share this post


Link to post
Share on other sites

My best guess was that the SMM portion of the driver would be calling ConvertPointer() on the CommBuffer - as SMM runs in physical mode though, that would break things if physical != virtual. As far as I know, physical = virtual on Windows and Linux, at least also (one physical address can have multiple virtual ones), which would have explained why it worked there (does it even?). But I didn't find anything the the driver that hints at that yet.

 

 

Nothing in Clover can help you and the code you would be looking for is not open.

 

You mean problem is inside of kernel? Yeah, don't like using Hopper too much...

Share this post


Link to post
Share on other sites

My best guess was that the SMM portion of the driver would be calling ConvertPointer() on the CommBuffer - as SMM runs in physical mode though, that would break things if physical != virtual. As far as I know, physical = virtual on Windows and Linux, at least also (one physical address can have multiple virtual ones), which would have explained why it worked there (does it even?). But I didn't find anything the the driver that hints at that yet.

 

 

Nothing in Clover can help you and the code you would be looking for is not open.

 

How are you detecting which portion of memory in memmap is used for SMM? I'm trying to understand how things are working, maybe there can be some help from me :) Bcz my nvram is also not working

Share this post


Link to post
Share on other sites

How are you detecting which portion of memory in memmap is used for SMM? I'm trying to understand how things are working, maybe there can be some help from me :) Bcz my nvram is also not working

 

You can't, but it is known that it's RT_data. I was basically just verifying that AptioFix applied its fixed properly (i.e. RT_code -> MMIO).

DXE and SMM share a buffer to communicate with, while DXE needs to access it virtually (called by macOS) and SMM physically (triggered via an SMI by the DXE drv).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×