RSA signed BIOS modding -- what are the risks?

[cytherian]

OK, I've read in several threads about there being a risk with modifying the RSA signed BIOS files.

Essentially this:
"The BIOS of recent laptops are mostly RSA signed, which means that once modded it can produce a semi-brick when you enter BIOS setup. The semi-brick can be repaired by removing cmos battery (dismantling laptop), and then flashing back the original bios on first boot."


Obviously there are other people with HP laptops having RSA signed BIOS files that have successfully applied a modified BIOS. Where exactly is the risk?

I could think of only two things:

• The risk is human error, meaning you inadvertently make a mistake when editing
  
• The risk is random, whereas flashing a modified BIOS in one try may semi-brick your laptop, but then flashing it again another time may be successful. It's anybody's guess as to why it is inconsistent.
  
• Other reasons
  

Can someone explain it? Thanks!

[donovan6000]

There is some error checking when your computer first starts up to see if the digital signature on the bios is correct. If this fails then your computer will fail to boot and appear bricked. You can still recover it without any problems.

You have to figure out the algorithm they use to sign the bios in order to get it to work, but RSA algorithms are pretty secure.

[cytherian]

There is some error checking when your computer first starts up to see if the digital signature on the bios is correct. If this fails then your computer will fail to boot and appear bricked. You can still recover it without any problems.

You have to figure out the algorithm they use to sign the bios in order to get it to work, but RSA algorithms are pretty secure.

Thanks for your reply, Donovan.

So the digital signature check may end up using a variety of factors, including the file size and some kind of checksum? Would a relatively minor change be small enough not to be detectable?

I'm just curious why I don't see something stated in the guides/directions like "Forget about the RSA signed BIOS -- it cannot be altered in any way". All HP laptops made from 2011 on have an RSA signed BIOS so all of these requests for HP dv6/dv7 laptops should end up denied, right? But I do see people submit them and quite a number report back success. Do the programmers who provide these mods understand the RSA algorithms and find a way to defeat them?

[donovan6000]

You can read about how secure RSA algorithms are on google. Changing even one byte will make it not work. Good hash algorithms are designed so that two nearly identical files will produce unrelated results.

This post kind of warns about RSA bios found here.

I've yet to see anybody successfully get an RSA signed bios working. Would you mind posting a link to one of these threads?

There are two different types of RSA signed bios though. Like my dv7t-4100 is signed, yet I can still mod it. But the ones for dv7-6xxxx are signed and can't be modded.

I wish I had one of these newer laptops so I could actually test stuff.

[cytherian]

Yes, I did see that warning by camiloml. What's interesting is that he says there is a risk, but he doesn't say "If your BIOS is RSA signed, then you can forget about it." Or in the BIOS mod request list, "If your BIOS is RSA signed, please do not bother to submit a request--it will be ignored."

I didn't realize that there are two RSA signed BIOS types. It may be that the ones I read about were that type that can be modded. If the dv7-6xxx are signed and cannot be modded, then... it's logical to assume that the dv6-6xxx is in the same situation.

Is there some detectable distinction between the ones that can and cannot be modded?


I sent both an e-mail and a physical letter to Hewlett-Packard regarding the white list issues. What I did was to frame the issue as a business concern for HP's future business. That awareness of the white list problem is growing and as more consumers and businesses become aware of this significant drawback with HP hardware, they will lose customers. The simple and effective solution to this is to provide BIOS updates that either significantly expand the white list, eliminate it altogether, or provide an advanced BIOS settings option to turn it off (allowing advanced users the ability to use WiFi cards that meet their computing needs).

The design and hardware quality delivered for the price point, HP makes compelling laptop offerings. But... I will not buy another if this white list fiasco continues. And if HP does decide to rescind the white list for future products, they must provide a means for people to remove it upon request.

[cytherian]

Well at this point, I'm now fairly confident to say that if your BIOS is RSA signed that it is pointless to bother looking further into modifying the BIOS. Indeed, the RSA signature has a complex algorithm that makes it immensely difficult to break. And even still, people who have successfully flashed such a modified BIOS end up running into problems, such as a system halt that forces removal of the CMOS battery.

Bottom line: If your BIOS is too restrictive for your needs, consider getting yourself a different computer, one without such BIOS restrictions.

Someone on another forum had responded to my inquiry about RSA signed BIOS modification and said it's not possible. I would have listened to them had I not come across a couple of others who gave me a glimmer of hope. It turns out that this hope is more like 0.1% likely, if that... Maybe the highly skilled hacker can figure out a way to tailor a BIOS to their machine whereby the RSA signature is effectively defeated or mimicked, but trying to provide such a modified BIOS for others to use is likely a dead end. I personally think it best to make sure for any unsuspecting newbie who joins this forum in a quest to modify their BIOS white list that this is a pointless pursuit.

[cytherian]

I had a really good experience with HP customer relations.

I spoke with a direct representative from the Notebook division about my WiFi card issue due to the white list.

After a couple of conversations, they ended up sending me free of charge a new WiFi card with greater specifications. They sent it Fedex overnight, too. I got in installed and I'm now cooking at higher speeds and have better WiFi reception. In essence, my laptop is performing just fine now, no need to fiddle around with BIOS hacking. Yet I won't let it end there... just because I got my present situation squared away. So I am pursuing the case of white list management with their executive team, about several compromises they could make to avert high customer dissatisfaction with the white list restrictions. Hopefully I'll gain some ground.

[JoniJon]

I had a really good experience with HP customer relations.

I spoke with a direct representative from the Notebook division about my WiFi card issue due to the white list.

After a couple of conversations, they ended up sending me free of charge a new WiFi card with greater specifications. They sent it Fedex overnight, too. I got in installed and I'm now cooking at higher speeds and have better WiFi reception. In essence, my laptop is performing just fine now, no need to fiddle around with BIOS hacking. Yet I won't let it end there... just because I got my present situation squared away. So I am pursuing the case of white list management with their executive team, about several compromises they could make to avert high customer dissatisfaction with the white list restrictions. Hopefully I'll gain some ground.

I am interested in this thread and after three days of reading blogs, Posts, and dozens of threads I still do not have an answer to the disabling of the White list features now incorporated within the HP Signed BIOS's found on many newer laptops from HP.

Too bad that the boss @ HP passed on as I knew David Packard personally and I guarantee the had I called him about this it would have been solved immediately... Now, I do not know anyone inside of the HP hierarchy to get an ear for this dilemma.

I could try to throw my weight around but I am not sure that it will work ..
So, have you had any further success in getting an answer from the executive team???? Let me know and give me the name of that person in the Notebook division and I will give Him a call and build a fire under that team...

I have a dv7-6c80us that I bought a new intel 7260 combo wifi/bluetooth for that is suppose to be compatible but, same issue that you are having... So, Cytherian here is my direct for you to get back to me quicker: [ jonnijon@gmail.com ]
I hope to hear from U soon. Jonny

[steadyflow69]

There is some error checking when your computer first starts up to see if the digital signature on the bios is correct. If this fails then your computer will fail to boot and appear bricked. You can still recover it without any problems.

You have to figure out the algorithm they use to sign the bios in order to get it to work, but RSA algorithms are pretty secure.

Thanks for your reply, Donovan.

So the digital signature check may end up using a variety of factors, including the file size and some kind of checksum?  Would a relatively minor change be small enough not to be detectable?

I'm just curious why I don't see something stated in the guides/directions like "Forget about the RSA signed BIOS -- it cannot be altered in any way".  All HP laptops made from 2011 on have an RSA signed BIOS so all of these requests for HP dv6/dv7 laptops should end up denied, right?  But I do see people submit them and quite a number report back success.  Do the programmers who provide these mods understand the RSA algorithms and find a way to defeat them?

It can be modded. Even, or, especially the one with ROM self-checking itself after flashing modded ROM. Grab your reversing skills and use it for your own property, though.

I personally own

HP DV6-6150 (still did not get my hands on this older one)
HP Envy m6-1104SE F.27 ROM with double RSA protection (cracking this motherf.....)

We, owners ow our own property, should not mess with ROM BIOS, HP? Yeah right.

Got an accelerator mSATA SSD and every time I restarted the machine ROM gave me blank screen and I had to unscrew the accelerator (frustration like fu*king morons from HP etc. not expressed here)

We own it, THEY sold it to us, THEY have to give us a chance to do whatever we want.

Mother...

[steadyflow69]

There is some error checking when your computer first starts up to see if the digital signature on the bios is correct. If this fails then your computer will fail to boot and appear bricked. You can still recover it without any problems.

You have to figure out the algorithm they use to sign the bios in order to get it to work, but RSA algorithms are pretty secure.

Thanks for your reply, Donovan.

So the digital signature check may end up using a variety of factors, including the file size and some kind of checksum?  Would a relatively minor change be small enough not to be detectable?

I'm just curious why I don't see something stated in the guides/directions like "Forget about the RSA signed BIOS -- it cannot be altered in any way".  All HP laptops made from 2011 on have an RSA signed BIOS so all of these requests for HP dv6/dv7 laptops should end up denied, right?  But I do see people submit them and quite a number report back success.  Do the programmers who provide these mods understand the RSA algorithms and find a way to defeat them?

It can be modded. Even, or, especially the one with ROM self-checking itself after flashing modded ROM. Grab your reversing skills and use it for your own property, though.

I personally own

HP DV6-6150 (still did not get my hands on this older one)
HP Envy m6-1104SE F.27 ROM with double RSA protection (cracking this motherf.....)

We, owners ow our own property, should not mess with ROM BIOS, HP? Yeah right.

Got an accelerator mSATA SSD and every time I restarted the machine ROM gave me blank screen and I had to unscrew the accelerator (frustration like fu*king morons from HP etc. not expressed here)

We own it, THEY sold it to us, THEY have to give us a chance to do whatever we want.

Mother...

Even looking into the avenues of replacing all that crappy construct with CoreBoot BIOS project.

HP mother..