Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
12-29-2012, 05:39 PM
(This post was last modified: 12-29-2012, 05:45 PM by TimeWalker.)
And well, [censored] that ... SCT 2.0 UEFI Booting any OS = utter crap!
1. No real NVRAM use for OSX, can't multi boot various OSes through means of Startup Volume in OSX, forced to use plist generating script.
2. Need special tweaked .efi driver to emulate variables in RAM ... hence you get the above. The driver occasionally fails to shut down the machine properly.
3. Pressing Fn+F2 in either Windows or OSX to toggle radio interfaces in UEFI mode locks up the machine. Linux doesn't exhibit such behavior.
4. Brightness controls get lost for no reason occasionally, no known way of restoring the functionality other than using a completely stock rom.
5. In Windows installing QuickSet or ST Micro accelerometer driver locks up the machine.
6. Sometimes Windows Boot manager screws up the entire NVRAM while setting itself as a boot option. Which results in non-working F2 and F12 keys.. the only way to revert is to boot Windows and reflash the BIOS with /cvar flag to reset NVRAM.
7. Dell uses outdated version of Phoenix UEFI SHELL Flasher .. like real outdated 1.5.2 while the latest is 1.5.66, no comment here. No way of starting a newer version because it requires Firmware update or crisis recovery boot mode to be initialized and we don't have access to UEFI booting in either of these modes.
8. Dell's outdated Intel VBIOS doesn't support resolutions higher than 1024x768, third party boot loaders look squashed. Implementing newer version results in weird system failures as proven by some 15z users attempting it.
9. If not using a custom VBIOS artefact appear all over the place in OSX, no proven way of getting rid from them...
Posts: 523
Threads: 0
Joined: Aug 2011
Reputation:
23
as allways , brillant analysis TW!
thanks so much for the info, you provided, rep added ^^
as for the flasher, I has been adding the 1.5.66 version to the latest mods in the L502X topic for a while with 0 issues.
it seems dell's problem is that they have a very lazy guys, at least in bios/develpment.
I was wondering if it is posible to load external .efi drivers , for example from usb like you did using the efi shell, and then load the OS with the extra external efi drivers, it could be posible to do some OC related tweaks?
we could automate the process by adding the comands to the script file efi shell load at the startup automatically.
since the begining, I allways wanted to get a little more of juice from the cpu, but the machine is locked as heck related to OC >.<
also, clover doenst looks like an option since you have to [censored] the windows installation from mbr to gpt, and probably most users will refuse do do that since there is no posible rollback if something goes wrong.
glad to know the magic cd were usefull for u again
I am thinking of burning another version for me with a modded version instead a old stock version of the bios ^^
Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
This wasn't an analysis, more like a mad man's rant.. but all these quirks pissed me off hard. Never again am I buying anything computer-related from this company... well their monitors are quite good actually.
You have been adding a windows flasher that does absolutely nothing but calls for system sleep-resume and state boot mode change to firmware update, then unpacks the capsule and utilizes PFlash.efi packed inside the capsule to actually flash the firmware.. which is OLD and I have no idea how to pack a new one in as it's different structure-wise.
As for adding the .efi modules, yes you can mess with the firmware with FfsDxe.efi that unlocks write access to fw filesystem, but it can be potentially risky. There's a way to convert an MBR installed windows installation to GTP as someone over at @jkbuha's thread over at NBR mentioned, but you can't go back AFAIK.
Posts: 19
Threads: 1
Joined: Dec 2012
Reputation:
6
It is possible to convert MBR to GPT and vice versa using PartMagic LiveCD, but it's not an easy process.
Also you don't have to use PFlash.efi and stuff. Make a full BIOS dump so I can write a converter between Dell's dumb BIOS image files (which reminds me the Inception, as I once said on AL) and normal flat BIOS image with all regions at their places. And that image you can flash with FPT (-bios or fully).
Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
12-30-2012, 01:41 PM
(This post was last modified: 12-30-2012, 02:22 PM by TimeWalker.)
There's a full dump from @kasar's laptop. http://www.mediafire.com/?33qqq6nxaac3xav
It seems like the algo to transfer data between a blank new rom and a rom on chip is somewhat similar to Asus'. NVRAM variables get merged from both roms, MAC address, express code service tag and other data is carried over and then reflashed onto the chip.
There's a DOS version of PFlash actually, but I never gave it a test.
ftp://ftp.icg.eu/Drivers/Printers/.../Dr...oenix/DOS/
EC part of the firmware is missing though, it's on another chip, but is included in the capsule that DELL provides. It starts at offset 00400000h inside the OEM capsule.
Posts: 19
Threads: 1
Joined: Dec 2012
Reputation:
6
(12-30-2012, 01:41 PM)TimeWalker Wrote: EC part of the firmware is missing though, it's on another chip, but is included in the capsule that DELL provides. It starts at offset 00400000h inside the OEM capsule. That is why they were forced to mess with PFlash.efi, I think.
Can EC firmware be flashed with userspace tools?
Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
12-30-2012, 03:27 PM
(This post was last modified: 12-30-2012, 03:31 PM by TimeWalker.)
Not that I know of. EC firmware is 132Kb, the PFlash indeed strips this part of the capsule and flashes to an SPI connected with EC in a subroutine, after flashing the primary chip regions. The W25X40VSIG (or AIG, i'm not entirely sure) chip is not even seen from FPT.
Quote:Platform: Intel® HM67 Express Chipset
— Flash Devices —
W25Q32BV ID:0xEF4016
Size: 4096KB (32768Kb)
We don't have a dump of the W25X40 from our machines, but here's one from a Foxconn Z75M desktop board that uses same ITE IT8158E EC controller: http://www.mediafire.com/?992snz85y0i2q96
Posts: 523
Threads: 0
Joined: Aug 2011
Reputation:
23
12-30-2012, 05:03 PM
(This post was last modified: 12-30-2012, 05:09 PM by kasar.)
@TW
well, Dell's computers are good, they have good hardware, but their thermal paste is cheap and sucks, their bioses are also, ... basic
however with both hardware and software modding the machines can be wonderfull
I love my machine like it is at the moment, it doesnt matter, if it have a crappy i3 now, it works fine and I have access to all the firmware thanks to the sockets and stuff we unlocked here ^^
@all
yeah, thats the complete backup I made of the bios chip,you can use it for analysis and compare it with other dumps, however it include all my hardware details like mac addreses, and some tag numbers,bios passwords and some stuff, so plz, dont distribute it outside this forums too much,that dump info is the thing wich make my laptop different than others, I think you know what I mean
about the missing EC info, well, there is another 512 Kb chip at my motherboard, I think I already posted the info on previous pages, however installing a socket there could be a little hard.
also if some of the original chip legs broke during the operation I will be unable to make the dump, I also dont have extra 512 kb chips arround. just the extra 4 Mb ones from the other chip, so things will be hard if something goes wrong, also the chip is located near a chip with very thiny legs, and I am not sure if the socket operation would be sucesfully performed without damage the other hardware components with my cheap soldering iron
also, what beneficts would have access or mod the EC firmware?
does it is really important to also make a dump of that chip? or it is ok with the one I already dumped?
Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
12-30-2012, 05:25 PM
(This post was last modified: 12-30-2012, 05:27 PM by TimeWalker.)
Sorry for exposing your data .. I guess I should have thought about it in the first place, like I did when you first posted it.. I guess I'm not paying enough attention to details lately.
The chip contents won't be anything different to what Dell is making you flash on there. In other words - the capsule's part with EC firmware will be identical to what's on the chip already, because it's just a basic firmware to drive the EC chip. The firmware gets reflashed during every BIOS upgrade/reflash operation. The problem is that there's are no tools like FPT to flash this chip directly.. only via PFlash. I suppose we need to try the Efildr16 DOS thingy as it doesn't look much different from it's .efi brother, but that's for later...
Posts: 523
Threads: 0
Joined: Aug 2011
Reputation:
23
its ok mate, you didnt noticed before ^^
did you shared it on another forums, sites anyway?
lets try keeping it now just inside the team, at least for now
mmm, then I asume there is no need of making hardware mods to the 512 kb chip at least for the moment ^^
about the DOS flashing it is interesting, I want to make a Dos version of the crisis disk, it will be much faster to load and way smaller in size for uploading downloading ^^
|