Hey,
First, i'd like to salute this community for being all for sharing and progress through collaboration. I'm believe that unlocking the BIOS I have have could help a lot of people, it's on the HP Pavillion 15 cx0056wm laptop, but it's very on other cx00xxx laptops, if not the same, it mentioned the model with
[censored] in the BIOS. Hp for some reason decided to not provide an option to access advanced settings, it's not cool, it makes the laptop like a "
black box".
Anyways, I started looking for modded BIOS updates, didn't find any for that laptop, but a lot of people are looking for it as mentioned, so I decided to research doing it on my own. I need to disable CFG-Lock to be able to run Mac, because it uses the MSR 0x0E CPU register which is protected by the BIOS by default, that's why I'm using version F.21 and not the latest one, the latest one doesn't seem to have it at all, not sure if that means that it's disabled by default, but I don't want to try and not be able to downgrade.
I found a really cool tool that's been leaked from Intel, they later decided to publish it themselves anyways, it's called Insyder BIOS Editor (InsydeH2O_03.04/H2OEZE) it allows seeing the BIOS menu and replacing different modules, but I don't have a tool to modify the exported file, so I had to find another way. I found out about a cool guide that's especially for Hp laptops, it consists getting the .bin, using PhoenixTool (to get the .rom files, but I used UEFITool to find the GUID since it has search) to export two EFI structures, DXE core and SetupUtility, then using a Hex editor to find the data offsets of the menu tabs and finally using IDA Pro to find the display tabs conditional checks to determine whether to view them or not based on the manufacturer's settings, patching them using a Hex Editor, and loading them into the original bin using the Insyder tool to be ready flashing. I believe that I can just enable the settings through Insyde tools, change the default settings, that is, but i'm interested in solving it for others too, if that works then I could do without patching it, but I rather have all the settings in the BIOS, so it's a win-win.
I'm at the point where I need to find the offsets in the structure using a Hex Editor, but I can't find non of the menu options written in the format mentioned in the guide, with space and 0x00 between bytes, nor through their regular names, I only found Advanced mentioned, but it could be something else, someone more experience might know.
I skipped that step just to try, loaded the .rom into IDA and looked for the byte sequence mentioned in the guide for menu header data and I found them , but I need the tabs offsets to know exactly where to look.
The question is, could the EFI structure data be encrypted on top of the regular compression? I checked the decompress option upon extracting. Why is Hp making it hard on the modding community
Guide link:
https://dlscrib.com/unlock-bios_588a1b8b...3_txt.html
F.21 BIOS update link (for model cx0056wm):
https://ftp.hp.com/pub/softpaq/sp100501-...100754.exe
HxD (Hex Editor):
https://mh-nexus.de/en/downloads.php?product=HxD20
IDA Pro (free version):
https://www.hex-rays.com/products/ida/su..._freeware/
IFRExtract (could be needed using other methods, like the extract module method using Insyde Editor, the output needed to be modified after, so it need to be decrypted/decompress if it's encrypted/compresses before being able to edit it, and then a way to recompile is needed after, the replace module in Insyde Editor is to be uses after, I left it as an attatchement)
I've attatched the things needed in the process, in case someone wants to try.
I'd appreciate it if anyone could shed some light, i'm still only a beginner when it comes to BIOS modding, I only get the general idea
P.s: I got the bios bins from the official exe through making a recovery USB, although the USB recovery mode didn't work for me to flash, I used the update feature. The .fd files in BIOSUpdate.exe extracted didn't load in the Insyder Editor. To update later I'll try the USB hotkey method while having the .bin in the USB, seems to be a common option.