07-08-2023, 08:18 AM
Hey guys,
Hope you all are doing well. I am having issues disabling Flash Protection Range Registers so I can flash my BIOS from within Windows using Intel's IFW tool/using flashrom within Linux, however I cannot due to the above mentioned error.
I had previously posted here for help and was trying to get the BIOS CAP update file modified, but DeathBringer said it wasn't possible. I have now dumped my own BIOS and was able to add the microcode needed, but I just can't flash back the new BIOS and just need help disabling the FPRR as they reset, presumably from some sort of firmware protection.
Essentially I managed to boot into Windows while shorting PINs 1+5 of my audio chip to disable the HAP bit so that flash descriptors are unlocked until reboot, and then flashed a modified flash descriptor with the HAP bit disabled so that it will persist over reboot and disable Intel Management Engine.
I thought that this would also enable write access for the BIOS region of my SPI, however it did not. After some heavy research, I found out that my BIOS has a Flash Protection Range Register option (hidden from the menu) so I booted into a UEFI shell and Disabled that option as well as the BIOS lock using datasone's setup_var.efi package here: https://github.com/datasone/setup_var.efi.
However it does not persist after a reboot. I noticed that whenever I modify the BIOS lock or even just the FPRR option and reboot, I get to the Lenovo BIOS screen and the screen goes black then reboots again, where it again goes to the Lenovo BIOS screen and ultimately will continue booting the OS. It seems like when this BIOS screen goes black and reboots, the modified setup_var's get reset to default from some sort of protection.
Can anyone here assist me in disabling this Flash Protection Range Register setup_var? My chip is an XMC WSON8 chip and I would rather not have to desolder it from the board just to read/write to it if at all possible, I would like to keep this completely software-based.
I know its possible as the option is there in the BIOS, I just can't figure out why the OS won't boot if those options are modified and the BIOS will ultimately reset the values on its own. I do have Secure Boot disabled.
May I post my BIOS here for assistance? If so, would you need a full SPI dump (including DESC, ME, GbE, etc regions) or just the BIOS region?
Thanks in advance for any assistance!
Hope you all are doing well. I am having issues disabling Flash Protection Range Registers so I can flash my BIOS from within Windows using Intel's IFW tool/using flashrom within Linux, however I cannot due to the above mentioned error.
I had previously posted here for help and was trying to get the BIOS CAP update file modified, but DeathBringer said it wasn't possible. I have now dumped my own BIOS and was able to add the microcode needed, but I just can't flash back the new BIOS and just need help disabling the FPRR as they reset, presumably from some sort of firmware protection.
Essentially I managed to boot into Windows while shorting PINs 1+5 of my audio chip to disable the HAP bit so that flash descriptors are unlocked until reboot, and then flashed a modified flash descriptor with the HAP bit disabled so that it will persist over reboot and disable Intel Management Engine.
I thought that this would also enable write access for the BIOS region of my SPI, however it did not. After some heavy research, I found out that my BIOS has a Flash Protection Range Register option (hidden from the menu) so I booted into a UEFI shell and Disabled that option as well as the BIOS lock using datasone's setup_var.efi package here: https://github.com/datasone/setup_var.efi.
However it does not persist after a reboot. I noticed that whenever I modify the BIOS lock or even just the FPRR option and reboot, I get to the Lenovo BIOS screen and the screen goes black then reboots again, where it again goes to the Lenovo BIOS screen and ultimately will continue booting the OS. It seems like when this BIOS screen goes black and reboots, the modified setup_var's get reset to default from some sort of protection.
Can anyone here assist me in disabling this Flash Protection Range Register setup_var? My chip is an XMC WSON8 chip and I would rather not have to desolder it from the board just to read/write to it if at all possible, I would like to keep this completely software-based.
I know its possible as the option is there in the BIOS, I just can't figure out why the OS won't boot if those options are modified and the BIOS will ultimately reset the values on its own. I do have Secure Boot disabled.
May I post my BIOS here for assistance? If so, would you need a full SPI dump (including DESC, ME, GbE, etc regions) or just the BIOS region?
Thanks in advance for any assistance!