Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
lenovo z570 Advanced Menu Unlocked
Last Post: Brunobox99
Today 10:02 AM
» Replies: 9
» Views: 6099
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: djcostyro
Today 06:48 AM
» Replies: 1783
» Views: 499675
Lenovo ThinkCentre M700 10GS - Kaby Lake...
Last Post: tommi22012
Today 04:42 AM
» Replies: 11
» Views: 3799
[Request] Lenovo T550 Whitelist removal
Last Post: Dudu2002
Today 04:37 AM
» Replies: 5
» Views: 1149
[REQUEST] Acer PT715-51 (Triton 700) ins...
Last Post: Dudu2002
Yesterday 10:49 AM
» Replies: 24
» Views: 12352
[REQUEST] Acer Aspire 9300 BIOS Unlock
Last Post: Geortor
11-26-2024 04:01 PM
» Replies: 10
» Views: 2237
[Request] Asus H110M-R Mainboard - Xeon ...
Last Post: kusslegyen
11-26-2024 02:04 PM
» Replies: 14
» Views: 6778
LGA771 Bios Microcode for HP dc7800 sff
Last Post: Netuser232
11-26-2024 01:27 PM
» Replies: 136
» Views: 92094
Dell Vostro 3500 full unlocked
Last Post: kamilchno
11-26-2024 10:51 AM
» Replies: 0
» Views: 88
Bios logo
Last Post: Nkosenhle
11-26-2024 10:43 AM
» Replies: 0
» Views: 89
Gigabyte AORUS 5 (KB/SB/MB) BIOS Unlock
Last Post: Dudu2002
11-26-2024 10:41 AM
» Replies: 18
» Views: 4827
[REQUEST] Lenovo G580 (5ECNxxWW) Whiteli...
Last Post: Dudu2002
11-26-2024 09:09 AM
» Replies: 1730
» Views: 672748
[REQUEST] Lenovo Thinkpad X230(i) (G2ETx...
Last Post: willow25565
11-26-2024 02:06 AM
» Replies: 1090
» Views: 451749
[REQUEST] Lenovo Thinkpad Edge E430 & E5...
Last Post: RuryGame
11-25-2024 06:23 PM
» Replies: 494
» Views: 171415
2x CPU Dell Workstation BIOS modding
Last Post: William P
11-25-2024 03:30 PM
» Replies: 0
» Views: 123
[REQUEST] Lenovo T440(S) (GJETxxWW) Whit...
Last Post: Dudu2002
11-25-2024 01:28 PM
» Replies: 492
» Views: 186173
[Request] ECS P6LX-A bios mod for HDD si...
Last Post: pdesrosiers
11-24-2024 11:20 PM
» Replies: 0
» Views: 376
Sony Vaio AW11Z - Support for Quad CPU -...
Last Post: lala2025
11-24-2024 08:19 PM
» Replies: 12
» Views: 3897
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
11-24-2024 06:14 PM
» Replies: 1
» Views: 228
[REQUEST] Bios for packard bell tj65 wit...
Last Post: THECAIDA
11-24-2024 03:49 PM
» Replies: 2
» Views: 182

[AMI Aptio] How do I safely verify if my mod has been flashed?
#1
Hello, I'm currently trying to mod the UEFI/BIOS of a notebook to enable hidden features such as Intel vt-d and I'm having trouble to tell if my modified ROM was actually flashed or if the mod was actually applied correctly to the ROM file in the first place.

Now I'm wondering if there is a safe of to verify these things. (I was thinking about something like changing the version number that is displayed in the UEFI/BIOS setup.)

Here is all the information on what I used/did:

Notebook: Gigabyte P35X v4
OS: Windows 10 (x64)
BIOS/UEFI info:
  • AMI APTIO 2.17.1249. Copyright © 2018 American Megatrends, Inc.
  • Project Name: P35V4
  • BIOS FW Version: FD0C
  • Build Date and Time: 07/31/2018 12:30:16
  • EC FW Version: F01A
  • ME FW Version 9.1.30.1008
  • Access Level: Administrator
Modding tool: AMIBCP v5.0.1 (x64)
Tool to extract the ROM from the self-extracting archive: 7-Zip

What I did:
  • I downloaded the latest "BIOS" (Version: FB0C FD0C - 2018/08/03) from the official download page
     
  • I flashed it by simply running the downloaded exe (a self-extracting archive) and clicking OK.
     
  • After a reboot, I manually extracted the self-extracting archive that I just ran, using 7-Zip.
     
  • I found two ROM files (P35V4BF.B0C and P35V4BF.D0C) in this folder: \extracted_files\BIOS\BIOS.BIN\ each 8.192 KB in size.
     
  • I started AMIBCP and opened the first ROM and in the "Setup Configuration" tab navigated to \\Setup\Advanced\ and changed the "Access/Use" of the Control Group Structure "Hidden Function" from Default to USER. Then I simply saved it, overwriting the the original ROM file.
     
  • Then I did the same with the second ROM file.
     
  • And finally I launched a powershell in \extracted_files\ and ran .\SmartFlash.exe
     
  • I got the same prompt that I got for flashing the official ROM and accepted by clicking OK. The upload progress etc looked fine, I got no errors.
     
  • After a reboot I checked the UEFI/BIOS setup and it looked exactly the same. No new functions no new Build version or date.
     
  • I booted into Windows again and opened the two ROM files with AMIBCP again and my changes still appeared to be there.
     
  • I also tried flashing the ROMs by copying them into \extracted_files\BIOS\AUFUEFI\WIN64\ opening a powershell in the directory and running .\afuwinx64.exe .\P35V4BF.B0C and .\afuwinx64.exe .\P35V4BF.D0C but again no errors and the UEFI/BIOS setup looked the same.

So it seems to me like the ROM has been modified, but maybe wasn't actually flashed OR maybe changing the "Hidden Function" from "Default" to "USER" doesn't actually enable these features as other people have said it would.

Any help would be greatly appreciated.

Edit: It indeed didn't get flashed. There seems to be some sort of security check. I guess you can only flash ROMs that are signed. Well, I figured out how to bypass that with afuwinx64.exe, but ended up bricking the notebook for now. I assume this is because there are two ROM files... maybe they have to be flashed to different memory regions? I don't know. I hope I can figure out how to flash the ROMs using an SPI programmer.
find
quote
#2
It was possibly flashed, but the changes you made may not be what you think, or don't work that way for this BIOS etc.
.BOC BIOS is for non-RAID setup board (Launched by P.Bat)
.DOC BIOS is for RAID enabled board (Launched by RAID.Bat)

Gigabyte rarely if ever implements security check or signatures etc. Nothing in the BIOS or flashing tools appears to look for a security check or signature etc. Probably incorrect AFU used, or incorrect options used with AFU, or could be incorrect AMIBCP edit done, hard to know for sure, but yes, you will be able to recover with a flash programmer and SOIC8 test clip cable.

Don't write anything to either chip before you get a verified and validated dump from each, checked by opening in BIOS tools and making sure it looks like a BIOS and is not simply FF or 00. Programmer software can verify an invalid BIOS dump, so you have to check to be 100% sure you have a good backup made before you write anything, this way you can try to save your board specific details and put back in new BIOS before you program (Serial, UUID, LAN MAC ID etc)
Here's a guide on getting setup and using - https://www.bios-mods.com/forum/Thread-G...programmer

As for your actual edit, "Hidden Function" is enabled by default, so the only change you need to make, if any, would be to disable that if you want it disabled. Setting user visibility would only let you see the option setting, which is enabled by default. I checked setup module, AMITSE/SetupData, and both NVRAM entries for this and it's enabled at every location, so you already have whatever you thought it was going to give you. The only other thing you can do with this is disable it, and yes you can make it visible if you want to see the option enabled in the BIOS on Advanced page, but you should use AMIBCP 5.02.0023 or 5.02.0031, the 5.01 is much older than these and could be the cause of the brick (if not the AFU Flashing method)
find
quote
#3
(03-04-2019, 04:23 AM)Lost_N_BIOS Wrote: It was possibly flashed, but the changes you made may not be what you think, or don't work that way for this BIOS etc.
.BOC BIOS is for non-RAID setup board (Launched by P.Bat)
.DOC BIOS is for RAID enabled board (Launched by RAID.Bat)

Gigabyte rarely if ever implements security check or signatures etc.   Nothing in the BIOS or flashing tools appears to look for a security check or signature etc.  Probably incorrect AFU used, or incorrect options used with AFU, or could be incorrect AMIBCP edit done, hard to know for sure, but yes, you will be able to recover with a flash programmer and SOIC8 test clip cable.

Don't write anything to either chip before you get a verified and validated dump from each, checked by opening in BIOS tools and making sure it looks like a BIOS and is not simply FF or 00.  Programmer software can verify an invalid BIOS dump, so you have to check to be 100% sure you have a good backup made before you write anything, this way you can try to save your board specific details and put back in new BIOS before you program (Serial, UUID, LAN MAC ID etc)  
Here's a guide on getting setup and using - https://www.bios-mods.com/forum/Thread-G...programmer

As for your actual edit, "Hidden Function" is enabled by default, so the only change you need to make, if any, would be to disable that if you want it disabled.  Setting user visibility would only let you see the option setting, which is enabled by default.  I checked setup module, AMITSE/SetupData, and both NVRAM entries for this and it's enabled at every location, so you already have whatever you thought it was going to give you.  The only other thing you can do with this is disable it, and yes you can make it visible if you want to see the option enabled in the BIOS on Advanced page, but you should use AMIBCP 5.02.0023 or 5.02.0031, the 5.01 is much older than these and could be the cause of the brick (if not the AFU Flashing method)

Thank you so much for your reply. I'm up and running again. Flashing with the test clip worked flawlessly.

I actually just need to have Intel VT-d enabled. At the moment the only related option I have in the setup is "Intel Virtualization Technology", but that is apparently just Intel VT-x.
I was hoping the option would appear if I changed the Hidden Function thing in some way. But maybe that option isn't what I am looking for at all.
I think this one might be what I need:

[Image: 40u3Zh.jpg]

But from what I can tell it is enabled already which is kind of weird because when I boot into Linux I can't use the feature as if it was disabled.

Any ideas?


Oh and one more thing, I found features related to iGPU <-> dGPU muxing do you know what exactly these do?  
I'm planning to fully assign one of the GPUs to a virtual machine and it would be neat if I could e.g. change which GPU is directly connected to the internal monitor and which is connected to a specific external output.
[Image: 2AYFzR.jpg]
find
quote
#4
I checked, and VT-d is enabled by default in NVRAM/AMITSE/SetupData (What you change with AMIBCP), and it's enabled b default in the setup module as well. So yes, even if you cannot see this it's enabled by default. Virtualization is also enabled by default, and this must be enabled for VT-d function to work, so leave enabled.

Here is explanation on the GPU settings you asked about
http://leshcatlabs.net/forums/printthread.php?tid=55

Can you see "Chipset" in the BIOS? If yes, can you see "Chipset >> System Agent" page? If not, I can enable those for you.
Does your CPU support VT-d, if you are unsure what is your CPU?
find
quote
#5
(03-08-2019, 12:44 AM)Lost_N_BIOS Wrote: I checked, and VT-d is enabled by default in NVRAM/AMITSE/SetupData (What you change with AMIBCP), and it's enabled b default in the setup module as well.  So yes, even if you cannot see this it's enabled by default.  Virtualization is also enabled by default, and this must be enabled for VT-d function to work, so leave enabled.

Here is explanation on the GPU settings you asked about
http://leshcatlabs.net/forums/printthread.php?tid=55

Can you see "Chipset" in the BIOS?  If yes, can you see "Chipset >> System Agent" page? If not, I can enable those for you.  
Does your CPU support VT-d, if you are unsure what is your CPU?

Thank you, that link was very helpful! Also, you seem to correct about VT-d being enabled. After further investigation the feature actually seems to be available to my Linux system. The reason why I can't use it might be that  secure boot is enabled... at least people have reported that disabling secure boot solved the problem for them.
But I'm a bit scared that I won't be able to boot into my Windows when I do that. The only available option that I can see right now was names something like "Delete all secure boot variables".
Is there maybe a way to simply get a switch in the setup to enable/disable secure boot without deleting things that I don't even understand?


And can you explain why some options don't have names or appear multiple times? E.g.:
[Image: 0png6G.jpg]
find
quote
#6
I thought so, about VT-d. Disable secure boot is fine, as far as windows loading after that. You do not need to delete the keys, but you can if you want, next time you go to enable you'll have the option to reload stock keys, but it's fine to leave them as-is you only need to disable secure boot if that is what you found you need to do for VT-d

Duplicates in AMIBCP are ones not used, or hidden/suppressed, often with different available options (But not always). Blank items are often spaces, but can also be hidden/suppressed/unused entries as well. YOu can tell the space ones as they'll be the same "Handle" in all areas of the BIOS you go into.

On disabling secure boot mode, you should see an option for this on your actual BIOS security page (One up from your image above.
"Default Secure boot on" If you do not see in the BIOS, set "User" on access level for that setting. If it still does not show up send me an image of your BIOS security page and I'll tell you what to do next. Mainly this will be enable the "Secure Boot Menu" at bottom of the main security page by setting it's access level to User, then inside set User for access level on secure boot and secure boot mode.
find
quote
#7
I just modified the ROM like you told me to. And tried to flash it by simply running the SmartFlash.exe utility that comes with the BIOS update, but it doesn't actually flash it. When I do the same thing using the original ROM file, the flash works though.

Flashing using the "afuwinx64.exe" that came with the BIOS update didn't work either and even throws an error:

Code:
PS C:\users\pc\Downloads\modded_bios2> .\afuwinx64.exe .\P35V4BF.D0C /p /b /n /l
+---------------------------------------------------------------------------+
|                 AMI Firmware Update Utility  v3.04.03                     |
|      Copyright (C)2012 American Megatrends Inc. All Rights Reserved.      |
+---------------------------------------------------------------------------+
Reading flash ............... done
- ME Data Size checking . ok
Secure Flash enabled, recalculate ROM size with signature...
- FFS checksums ......... ok
bd - Error: Requested Rom Hole not available in ROM file.

I'm unsure if I should force the flash by doing ".\afuwinx64.exe .\P35V4BF.D0C /GAN" again because that's how I bricked it previously.
I could of course open the notebook up again and flash the chip externally again if it bricks again, but I'd like to avoid that.

Here's a photo of the "Security" page in the setup:

[Image: 0jBfGI.jpg]
find
quote
#8
Yes, often you cannot flash mod BIOS with stock utility, this is normal and expected. /GAN should not be required, Gigabyte does not usually setup security blocks that would require that, and /GAN only works on some versions and in some BIOS instances

Your error is explained by AFU, one of the /switches you are using is invalid (/L)
Here is the default command line >> afudos %ROMIMG% /p /b /n /s /r /oemcmd:1 /k /shutdown %1 %2 %3

You can use/try that, or simply >> afudos biosfilename.DOC /p /b /n /s /r /k

Thanks for the image, here is what you need to mod in AMIBCP
[Image: FFApOne.png]

If you still can't get it, we can flash BIOS region via FPT. For that, you need to download ME System Tools package V9 from this thread, down in section "C"
https://www.win-raid.com/t596f39-Intel-M...Tools.html

Inside you will find flash programming tool folder, inside that a win/Win32 folder, select that win folder, hold shift and press right click, choose open command window here (not power shell). Then run the following command >> FPTw.exe -bios -d biosreg.bin

Then, modify that file, then reflash using this command >> FPTw.exe -bios -f modbiosreg.bin
find
quote
#9
No success so far. Here is what I tried:

I ran opened a powershell as administrator and then executed:

Code:
.\afuwinx64.exe P35V4BF.D0C /p /b /n /s /r /oemcmd:1 /k
+---------------------------------------------------------------------------+
|                 AMI Firmware Update Utility  v3.04.03                     |
|      Copyright (C)2012 American Megatrends Inc. All Rights Reserved.      |
+---------------------------------------------------------------------------+
- Sample Message: OEM CMD Before Flash Run is OK !!
Reading flash ............... done
- ME Data Size checking . ok
Secure Flash enabled, recalculate ROM size with signature...
- FFS checksums ......... ok
- System ROM ID = P35V4031
- System ROM GUID = 3e99fcdf-51a2-5403-47f6161e47cc528b
- Sample Message: OEM CMD Start to Flash Run is OK !!
Loading capsule to secure memory buffer ... done
18 - Error: Unable to start a Secure Flash session.
- Sample Message: OEM CMD After Flash Run is OK !!
- Sample Message: OEM CMD Before End Run is OK !!


Code:
.\afuwinx64.exe P35V4BF.D0C /p /b /n /s /r /k
+---------------------------------------------------------------------------+
|                 AMI Firmware Update Utility  v3.04.03                     |
|      Copyright (C)2012 American Megatrends Inc. All Rights Reserved.      |
+---------------------------------------------------------------------------+
Reading flash ............... done
- ME Data Size checking . ok
Secure Flash enabled, recalculate ROM size with signature...
- FFS checksums ......... ok
- System ROM ID = P35V4031
- System ROM GUID = 3e99fcdf-51a2-5403-47f6161e47cc528b
Loading capsule to secure memory buffer ... done
18 - Error: Unable to start a Secure Flash session.


Then I saw that the BIOS update actaully contains the fpt program and uses it like "fpt -f %ROMIMG% -ME" in the "flashRAID.BAT".
So I simply used that and ran:

Code:
.\fptw64.exe -f P35V4BF.D0C -ME

Intel (R) Flash Programming Tool. Version:  9.1.10.1000
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.

Platform: Intel(R) HM97 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

   --- Flash Devices Found ---
   MX25L6405D    ID:0xC22017    Size: 8192KB (65536Kb)

PDR Region does not exist.
GBE Region does not exist.

- Reading Flash [0x200000] 2044KB of 2044KB - 100% complete.
- Erasing Flash Block [0x003000] - 100% complete.
- Programming Flash [0x003000]    4KB of    4KB - 100% complete.
- Erasing Flash Block [0x005000] - 100% complete.
- Programming Flash [0x005000]    4KB of    4KB - 100% complete.
- Erasing Flash Block [0x009000] - 100% complete.
- Programming Flash [0x009000]    4KB of    4KB - 100% complete.
- Erasing Flash Block [0x015000] - 100% complete.
- Programming Flash [0x015000]   40KB of   40KB - 100% complete.
- Erasing Flash Block [0x045000] - 100% complete.
- Programming Flash [0x045000]    4KB of    4KB - 100% complete.
- Verifying Flash [0x200000] 2044KB of 2044KB - 100% complete.
RESULT: The data is identical.

FPT Operation Passed

Then I ran what you suggested:

Code:
.\fptw64.exe -bios -d biosreg.bin

Intel (R) Flash Programming Tool. Version:  9.1.10.1000
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.

Platform: Intel(R) HM97 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

   --- Flash Devices Found ---
   MX25L6405D    ID:0xC22017    Size: 8192KB (65536Kb)


- Reading Flash [0x800000] 6144KB of 6144KB - 100% complete.
Writing flash contents to file "biosreg.bin"...

Memory Dump Complete
FPT Operation Passed

Modified the biosreg.bin as explained in your screenshot.
AMIBCP said something like "Saving secured ROM as non secured ROM" when I hit save, I accepted by clicking OK.
And then I flashed it with the f flag as you suggested:

Code:
.\fptw64.exe -bios -f biosreg.bin

Intel (R) Flash Programming Tool. Version:  9.1.10.1000
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.

Platform: Intel(R) HM97 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

   --- Flash Devices Found ---
   MX25L6405D    ID:0xC22017    Size: 8192KB (65536Kb)

PDR Region does not exist.
GBE Region does not exist.

- Reading Flash [0x800000] 6144KB of 6144KB - 100% complete.
- Erasing Flash Block [0x251000] - 100% complete.
- Programming Flash [0x251000]    4KB of    4KB - 100% complete.
- Erasing Flash Block [0x27E000] - 100% complete.
- Programming Flash [0x27E000]    4KB of    4KB - 100% complete.
- Erasing Flash Block [0x421000] - 100% complete.
- Programming Flash [0x421000]  424KB of  424KB - 100% complete.
- Verifying Flash [0x800000] 6144KB of 6144KB - 100% complete.
RESULT: The data is identical.

FPT Operation Passed

Then I rebooted and checked the setup, but it was still the old one...


Edit:
After the reboot I ran the ftp commands you suggested from a normal commanline (opened as administrator) again and this time it actually worked.
I probably shouldn't have done all these different flashes without a reboot inbetween. Or maybe it actually was the fact that I used powershell instead of the traditional commandline at first.

Well, I have the enable/disable secure boot options in the setup now! Thank you so much!



Is there a way to simply make all available options visible in the setup? Like what would happen if I changed the access on all options to "USER"?
find
quote
#10
None of this can/should be ran in PowerShell, use Admin Command prompts only.

FPT Should not be used in this way!! YOu need to make a FPT backup first, then use that, or you will loose your board serial, UUID, and possibly MAC ID etc. Please be careful, or wait, until I direct you on just how to use FPT properly and safely.

I see there at end, you did use FPT as I suggested, so you should be OK! Yes, command prompt only for FPT or AFU

Yes, for anything inside a menu you can already see in BIOS (Main, Boot, Advanced etc) you can set user access level and it will then appear (usually, sometimes other edit might be needed).
find
quote


Forum Jump:


Users browsing this thread: 3 Guest(s)