Hello guys! I got Xiaomi Mi Notebook Pro, which have pretty beautiful but useless BIOS (which is InsydeH2O by the way). So, after some research I tried to change variables i need:
- via setup_var method (gave me can't change variable via efi error 0x0....008)
- setup_var2 (said that variable is out of scope).
- I tried Flash Register Protection disabling as described here, but I used Air variables so I guess it doesn't worked.
I don't understand how modders determine which bit in dump is need to be changed, there is no guides about it. But it passed without any errors and nvram changed, so i guess the only working way to change variables without flashing modded BIOS is to change H2OUVE dump and send it to NVRAM.(I don't want to flash modded BIOS as I didn't got SOIC8 clip atm, already ordered it but it's month of waiting).
H2OUVE modding sounds quite easy but as I don't know how to do this (I don't understand the algorithm of changing bits in certain place) it's impossible without community. So, I'm asking for help! I'm attaching the BIOS .bin file and IFR extracted vars, also I uploaded vars.txt dump from H2OUVE.
The modifications i want to use:
- CFG Lock - Disabled
- DVMT Pre-alloc - 64M
- Intel Speed Shift - Enabled
Not necessary but still really pleasured:
- Advanced menu (there is some conditions in bios which can enable it, i guess at least one of them is changable via NVRAM)
- DVMT Max GFX size to MAX
- Flash Protection Range Registers - Disabled (allows to flash modified bios via FPT)
The main reason of the post is to understand how that HEX magic is working at all, I really didn't found any valuable guides, only examples but not actually way to determine what you need to change, for example this piece of PowerShell code patches H2OUVE dump to disable Flash Protected Registers Registers, but I really can't understand what it does, what is offset? Dear modders of this forum, please, explain this, maybe there will be less stupid questions after.
Code:
$location = Get-Location
$bytes = [System.IO.File]::ReadAllBytes("$location\nvram.bin")
$text = [System.Text.Encoding]::Default.GetString($bytes)
$offset_bytes = 0x32, 0x35, 0x30
$offset_text = [System.Text.Encoding]::Default.GetString($offset_bytes)
$offset = $text.IndexOf($offset_text) + 0x1E
$bytes[$offset] = 0x30
[System.IO.File]::WriteAllBytes("$location\nvram.bin", $bytes)
Here you go, vars.txt from stock untouched BIOS 603.
P.S Also, that BIOS is installing via H2OFFT for 64-bit UEFI Shell, which is quite new for me as I get used to exe. It doesn't matter as it doing same operations, but there are some interesting files. For example there is unlockme.sh (which is maybe unlocking Intel ME, because after this it's switching to Manufacture mod), it gives a command SndEcCmd.efi C9E D00. I attached full installer downloaded from Xiaomi site if it's interesting for you. By the way, can I do anything useful with this?
![[-]](https://www.bios-mods.com/forum/images/black/collapse.png "[-]")
![[Valid RSS]](valid-rss.png "Validate my RSS feed")