[NEEDINFO] Variable + Var store in IFR extracted

[mixmid]

Hello, everyone! I have an already modded uefi bios dump -- the whitelist removal and the advanced menu is unblocked. But every item in this advanced menu is not saved properly and therefore does not work. My goal is to enable <Boot Performance Mode> to <Max Battery>, <Turbo Mode> to <Disabled>, i.e to squeeze out max powersaving.

So i have here ->

#################

0x3BBA4 Setting: Boot Performance Mode, Variable: 0x4C {05 A6 9B 00 9C 00 34 00 0A 00 4C 00 00 10 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x3BBCA Default: 8 Bit, Value: 0x0 {5B 0D 00 00 00 00 00 00 00 00 00 00 00}
0x3BBD7 Default: 8 Bit, Value: 0x0 {5B 0D 01 00 00 00 00 00 00 00 00 00 00}
0x3BBE4 Option: Max Performance, Value: 0x0 {09 0E 9D 00 00 00 00 00 00 00 00 00 00 00}
0x3BBF2 Option: Max Battery, Value: 0x1 {09 0E 9E 00 00 00 01 00 00 00 00 00 00 00}
0x3BC00 Option: Auto, Value: 0x2 {09 0E 9F 00 00 00 02 00 00 00 00 00 00 00}
0x3BC0E End of Options {29 02}

#################

0x3BC88 Setting: Turbo Mode, Variable: 0xA {05 A6 A0 00 A1 00 36 00 0A 00 0A 00 00 10 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x3BCAE Default: 8 Bit, Value: 0x1 {5B 0D 00 00 00 01 00 00 00 00 00 00 00}
0x3BCBB Default: 8 Bit, Value: 0x1 {5B 0D 01 00 00 01 00 00 00 00 00 00 00}
0x3BCC8 Option: Disabled, Value: 0x0 {09 0E 03 00 00 00 00 00 00 00 00 00 00 00}
0x3BCD6 Option: Enabled, Value: 0x1 {09 0E 02 00 00 00 01 00 00 00 00 00 00 00}
0x3BCE4 End of Options {29 02}

#################

In a case of  VarOffset & VarStore i know where to find and patch a corresponding register in a uefi variable.

0xC6E8E One Of: BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x17, VarStore: 0x5, QuestionId: 0xA36, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 F5 06 F6 06 36 0A 05 00 17 00 10 10 00 01 00}
0xC6E9F One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 00 00 00}
0xC6EA6 One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 30 00 01}
0xC6EAD End One Of {29 02}
0xC6EAF End If {29 02}

But how to treat the case with Variable: 0x4C as above. How to find which Var Store and the connected uefi variable is needed. The full var stores list is in the attach. Specifically i need the placement of Variable: 0x4C and Variable: 0xA from above.

0x3A435 Var Store: 0x1[261] (Setup) {24 1C AB BA FB 4D 92 13 DE 4F AB B8 C4 1C C5 AD 7D 5D 01 00 05 01 53 65 74 75 70 00}
0x3A451 Var Store: 0x2[69] (System) {24 1D F9 FC 47 E9 01 DD 65 49 B8 08 32 A7 B6 81 56 57 02 00 45 00 53 79 73 74 65 6D 00}
0x3A46E Var Store: 0x3[620] (IccString) {24 20 4B 77 E2 C1 D4 9E 03 41 AE FA 33 B8 14 9E CC F6 03 00 6C 02 49 63 63 53 74 72 69 6E 67 00}
0x3A48E Var Store: 0x4[17] (MeSetup) {24 1E E3 1D 7B FB 5B 29 3C 43 95 A2 09 1F E3 21 8B F9 04 00 11 00 4D 65 53 65 74 75 70 00}
0x3A4AC Var Store: 0x5[39] (AmtSetup) {24 1F BE 56 9F 4B 8E F6 BC 4B 9B AB CD F6 00 F5 2D 30 05 00 27 00 41 6D 74 53 65 74 75 70 00}
0x3A4CB Var Store: 0x6[51] (CpuProtocolSetupVar) {24 2A E1 DC 4A 7D 0D 93 C7 40 9C D2 6D 21 48 41 3D C7 06 00 33 00 43 70 75 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A4F5 Var Store: 0x7[35] (CpuPpiSetupVar) {24 25 1A 9F B9 D1 4B 08 C3 49 B8 8E 37 8A BE FA 11 8B 07 00 23 00 43 70 75 50 70 69 53 65 74 75 70 56 61 72 00}
0x3A51A Var Store: 0x8[6] (DtsProtocolSetupVar) {24 2A DB AB AE 10 CC BD 1E 44 88 9B A8 DF 33 A9 C1 6A 08 00 06 00 44 74 73 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A544 Var Store: 0x9[11] (DptfProtocolSetupVar) {24 2B 4B 35 54 10 43 B5 FE 4D 55 8B A7 AD 63 51 C9 D8 09 00 0B 00 44 70 74 66 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A56F Var Store: 0xA[166] (PpmProtocolSetupVar) {24 2A C4 E5 D1 E2 D0 68 78 40 BE 7B 90 35 EA 7F 9B E3 0A 00 A6 00 50 70 6D 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A599 Var Store: 0xB[103] (SaProtocolSetupVar) {24 29 4D 3D F7 34 3E 96 65 4C B3 B3 51 5E 72 01 75 D6 0B 00 67 00 53 61 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A5C2 Var Store: 0xC[183] (SaPpiSetupVar) {24 24 37 14 A8 7D 6B 86 43 41 8E 08 A2 5C 6E F0 FA 5B 0C 00 B7 00 53 61 50 70 69 53 65 74 75 70 56 61 72 00}
0x3A5E6 Var Store: 0xD[548] (PchProtocolSetupVar) {24 2A 13 84 BD 04 F9 15 F3 43 96 75 46 18 E0 32 40 E3 0D 00 24 02 50 63 68 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A610 Var Store: 0xE[75] (PchPpiSetupVar) {24 25 8E D0 74 E2 B6 69 97 44 A4 EB D3 9C 4B 2F 9F CB 0E 00 4B 00 50 63 68 50 70 69 53 65 74 75 70 56 61 72 00}

After all i will patch using RU.efi or a modded grub.

Thanks in advance!

[Maxinator500]

Var Store: 0xA (PpmProtocolSetupVar)

[mixmid]

Var Store: 0xA (PpmProtocolSetupVar)

Both Variable: 0x4C and Variable: 0xA ?

[Maxinator500]

Yes. Both of them.

[mixmid]

I put the comprehensive guide on the topic. First of all, i've tested 3 ifr extractors:

1. https://github.com/donovan6000/Universal-IFR-Extractor
   
2. https://github.com/LongSoft/Universal-IFR-Extractor
   
3. https://github.com/LongSoft/IFRExtractor-RS
   

Below are results:

/*
* https://github.com/LongSoft/IFRExtractor-RS
*/

Code:

OneOf Prompt: "Turbo Mode", Help: "Enable processor Turbo Mode. EMTTM must also be enabled.", QuestionFlags: 0x0, QuestionId: 0x36,
VarStoreId: 0xA, VarOffset: 0xA, Flags: 0x10, Size: 8, Min: 0x0, Max: 0x1, Step: 0x0
Default DefaultId: 0x0 Value: 1
Default DefaultId: 0x1 Value: 1
OneOfOption Option: "Disabled" Value: 0
OneOfOption Option: "Enabled" Value: 1
End

/*
* https://github.com/LongSoft/Universal-IFR-Extractor
*/

Code:

C88 One Of: Turbo Mode, VarStoreInfo (VarOffset/VarName): 0xA, VarStore: 0xA, QuestionId: 0x36, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 A6 A0 00 A1 00 36 00 0A 00 0A 00 00 10 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x3BCAE Default: DefaultId: 0x0, Value (8 bit): 0x1 {5B 0D 00 00 00 01 00 00 00 00 00 00 00}
0x3BCBB Default: DefaultId: 0x1, Value (8 bit): 0x1 {5B 0D 01 00 00 01 00 00 00 00 00 00 00}
0x3BCC8 One Of Option: Disabled, Value (8 bit): 0x0 {09 0E 03 00 00 00 00 00 00 00 00 00 00 00}
0x3BCD6 One Of Option: Enabled, Value (8 bit): 0x1 {09 0E 02 00 00 00 01 00 00 00 00 00 00 00}
0x3BCE4 End One Of {29 02}

/*
* https://github.com/donovan6000/Universal-IFR-Extractor
*/

Code:

0x3BC88 Setting: Turbo Mode, Variable: 0xA {05 A6 A0 00 A1 00 36 00 0A 00 0A 00 00 10 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x3BCAE Default: 8 Bit, Value: 0x1 {5B 0D 00 00 00 01 00 00 00 00 00 00 00}
0x3BCBB Default: 8 Bit, Value: 0x1 {5B 0D 01 00 00 01 00 00 00 00 00 00 00}
0x3BCC8 Option: Disabled, Value: 0x0 {09 0E 03 00 00 00 00 00 00 00 00 00 00 00}
0x3BCD6 Option: Enabled, Value: 0x1 {09 0E 02 00 00 00 01 00 00 00 00 00 00 00}
0x3BCE4 End of Options {29 02}

Only donovan6000's extractor shows non-obvious Variable: 0xA, others show habitual VarStoreId: 0xA, VarOffset: 0xA, good.

/* ###########################
 * by hand
 * ###########################/

Now a little bit freaky approach if want to know how to address "Variable + Var store" connection.

See the line from donovan6000's extractor->

Setting: Turbo Mode, Variable: 0xA {05 A6 A0 00   A1 00 36 00   0A 00   0A 00  00 10 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}

Now see that we must pass 2 DWORDs from the start and get the 9th and 10th hex opcodes (= WORD, 2 bytes) and treat this WORD in big endian.
So  -> 0A 00 -> Var Store: 0xA[166] (PpmProtocolSetupVar)

Another example:
Var Store: 0x1233[8] (AdvanceConfig) {24 24 F4 27 4A A0 00 DF 42 4D B5 52 39 51 13 02 11 3D 33 12 08 00 41 64 76 61 6E 63 65 43 6F 6E 66 69 67 00} ->

search for "33 12" (it's big endian 0x1233 ) after 8th position-> you will see

Numeric: en-US (2056-2056) , Variable: 0x7 {07 91 00 00 00 00 B5 0B 33 12 07 00 00 10 00 FF 00}

There are really only 0x8 bytes/registers in the array named AdvanceConfig, it's small.

/* ###########################
 * last words
 * ###########################/

So it's all i wanted to describe about IFR extractors, the original binary with the IFR included is in the attach.

With best regards!