Updated processor support. Updated Intel(R) ME Firmware to 3.0.8.1132. Fixed the IIA Boot Order missing issue. Added Intel Rapid Recovery Technology feature. Added workaround of option ROM which has an invalid PCI Expansion ROM Header.
Fixed issue where VGA is not found behind a bridge. Fixed a potential Stall loop overflow issue. Hid AHCI option ROM text when not running in RAID mode. Fixed issues in Manage Certificates ME setup page. Fixed failing TCG TPM Interface Test with Microsoft Vista.
Windows Logo Kit (WLK) 1.1. Fixed language switching and 'Exit discarding Changes' issues that could slow down the responsiveness of BIOS setup pages. Removed pre-production ME Firmware from BIOS update capsule. Specifications: A powerful processor demands a powerful motherboard. Intel Desktop Board DQ35JO delivers measurable advantages including proactive security, energy-efficient performance and remote manageability. This board supports Intel Core2 Quad processors and Intel Core2 Duo processors up to 1333/1066/800 MHz system bus in the LGA775 package. This board also supports Intel vPro processor technology, is Microsoft Windows Vista.
capable, and supports DVI-D and VGA dual independent display support. It is highly recommended to always use the most recent driver version available. Do not forget to check with our site as often as possible in order to stay updated on the latest drivers, software and games. Try to set a system restore point before installing a device driver.
This will help if you installed a wrong driver. Problems can arise when your hardware device is too old or not supported any longer.
As I have promised to a while ago, I wrote the guide about using AMI Aptio Flash Utility for flashing modified AMI Aptio-based UEFI BIOS images. Try this at your own risk, I have no responsibility for any damage you may do to your BIOS or board. As we all know, in order to support SecureBoot technology stack, almost all desktop board vendors have enabled SMI lock and BIOS lock in latest BIOS versions, and it becomes rather difficult to flash modified BIOS because of failed security verification. There are some differences between vendors, and I personally have no access to any locks-affected board (my ASUS Maximus IV Gene-Z is too old and have unlocked BIOS, and my Zotac Z77-ITX has unlocked BIOS too). Please add your comments and solutions for any specific vendor, it will be appreciated. Now, lets start the guide:.
From that archive you will only need AFU utilities from Aptio folder. It's recommended to use AFUDOS from DOS-bootable USB-drive, because DOS is single-task system and nothing can interrupt you BIOS backup and flash there, but because it's hard to make normal screenshots from DOS, AFUWIN64 will be used in this guide. After some testing on different boards I realized that the best method of using AFU is backup/modify/flash, because it isn't as reliable as, for example, Intel FPT or flashrom. Use standard vendor tools and vanilla BIOS file to update to any BIOS version you want to have.
Run AFU backup.rom /O command (replace AFU with actual file name, like afuwinx64.exe or afudos.exe, depending on your system) to make current BIOS backup. Modify this backup as you want and rename modified file to modified.rom. a) Try to flash modified file back using AFU modified.rom /P /B /K command, if the output is like Reading flash.
Invalid Header Value
Done - FFS checksums. Ok Erasing Boot Block. Done Updating Boot Block. Done Verifying Boot Block. Done Erasing Main Block.
Done Updating Main Block. Done Verifying Main Block.
Invalid Header Name
Done Erasing NCB Block. Done Updating NCB Block. Done Verifying NCB Block. Donethen your our BIOS have SMI lock and BIOS lock disabled, so you can use FPT or flashrom to flash it too, and your modified BIOS is now flashed. Reboot and check if it works.
B) If, on the other hand, the command above fails with 'Security verification failed' message, try AFU modified.rom /GAN command. /GAN is undocumented key meant to flash all blocks regardless to any software locks.
If the output is like Reading flash. Done Erasing All Block. Done Updating All Block. Done Verifying All Block. Donethen your modified BIOS is flashed, reboot and check if it works. It's known, that sometimes AFU /GAN reports successful flash, but after reboot there are some modifications, that wasn't applied.
It's in the nature of AFU, I don't have any working solution to this problem now. I personally don't recommend this method for daily use, AFU is not a reliable flasher in any way, and if you have another methods capable of flashing your modified BIOS - please try them first. SPI programmer can also be made from anything from to every microcontroller or even RaspberryPi.
My recommendation here is from DangerousPrototypes, because it's a good semi-universal JTAG debugger too, but you can buy, if $40 is too much for you. @ all: I'm waiting for your reports, meanings and suggestions.
Have a nice flash.:). Thanks for posting this. I was partially successful using the dump technique with /O option. After making modifications, I could not get the flash to work with /P /B /K.
It would lock the system hard requiring a power off at the completion of checksum verification. I next tried the /GAN & that seemed to work as the OROM changes I made were evident in the next boot. There was still a problem however. When I entered the BIOS config it detected something wrong.
It proceeded to the crashless protection and reloaded previous BIOS version. At this point I tried the other approach - I used UEFITool to extract the body of the asrock firmware, made the modifications, saved it as the same name of the original firmware to USB drive & used F6 - Instant flash BIOS option to load the modified BIOS. Now I am able to enter BIOS config and all OROMs are updated. Sweet success thanks CodeRush!
(, 02:19 AM)ucupsz Wrote: BDMaster, i documented my learning process of removing whitelist and flashing the bios in following document. Hope it helps you and others in learning how to remove whitelist and flashing the bios in T430.
(, 04:29 PM)BDMaster Wrote: Ok We can try, but explain to me better the keyboard problem, I will find all I can about the control keyboard module. Regards Thanks friend, It's a superb tutorial and shown all I need to know about SPIPGM to use on-board (only missing your experiences with timing problems?!?)! So now We can try to mod module keyboard driver. BDMaster, Rehabman, and others who must use hardware solution for T430 (and perhaps other series??), i have tried to see how lenovo's official bios update works, looks like the authentification for secure capsule is in winflash64.exe.
(i used win7 64bit). It's in the oem check section. Kind a hard to understand all of the assembly. IMO, this is much more complicated than removing whitelist.
It was sold as 'WordPerfect 2.20', continuing the version numbering from the Data General. WordPerfect for Windows. Over the next several months, three more minor releases arrived mainly to correct bugs. The developers had originally hoped to program WordPerfect in, but at this early stage there were no decent C compilers available for the IBM PC.
I will write how i setup my system to be able to debug and patch the winflash64.exe in.docx format. Hope someone with better understanding of assembly language and programming than me can fix the oem check.
Then hardware based flash update for T430, x230 (and perhaps other lenovo series) is not necessary anymore. this is the. (, 10:03 AM)ucupsz Wrote: BDMaster, Rehabman, and others who must use hardware solution for T430 (and perhaps other series??), i have tried to see how lenovo's official bios update works, looks like the authentification for secure capsule is in winflash64.exe. (i used win7 64bit).
It's in the oem check section. Kind a hard to understand all of the assembly. IMO, this is much more complicated than removing whitelist. I will write how i setup my system to be able to debug and patch the winflash64.exe in.docx format. Hope someone with better understanding of assembly language and programming than me can fix the oem check. Then hardware based flash update for T430, x230 (and perhaps other lenovo series) is not necessary anymore.
this is the. Hi Ucupsz, The Big expert in Insyde Reversing is Donovan6000 and He tried to bypass Secure Flash check in his experiments, so I would to ask to Donovan for contribute at this study! I will write to him about your research and I will push this link to this discussion with the hope He could partecipate too. Many thanks for your efforts. Insyde secure flash is certainly annoying lol I guess I'll contribute a little bit. Get ready for a long post! When a new rom is flashed via Insyde's programs, it is flashed to a reserved space on the bios chip which is 20MB ( according to the source code).
Then immedialey after the computer restarts, then old bios verifies the new bios before overwiriting itself with it. Then the new bios is fully in place. Since it is the old bios which is verifying the new bios, we can't modify the secure flash verification process since it would require modifying the old rom somehow. Here's some of the code that the old rom preforms at the end of the verifccation process. Sha1 Sha224 Sha245 Sha384 Sha512 Md5 Tdes Aes Rsa Pkcs7 X509 This digital signature is stored in the extra space in the bios rom. You'll notice that the Insyde secure roms are slightly bigger than what they should be. They are also PE32 programs, which you can verify by looking at their header.
This program is run by Insyde's flasher programs and it will usually overwrite platforms.ini with an unmodified version to make modifying platforms.ini useless. However my tests have shown that any modifications to platforms.ini's secure flash settings is useless anyway. So what if we extract the pure rom from the securre flash rom and try to flash that? Thanks to the research done by BDMaster, this is simple Unfortunatley InsydeFlash.exe will make sure the rom is secure before flashing it. Special thanks to the person who was willing to test out my ideas on their computer lol.
Hi donovan6000! Thanks for your reply. I'm lost with your explanation. Hehehehe i guess i need more research on this issue.
Btw, is h20 insyde and phoenix share the same idea/code? I saw in andy's tool that when i opened my T430 using it, it shown that the bios is EFI/insyde bios. But all other discussion lead me to believe that it is phoenix's. (, 02:56 PM)donovan6000 Wrote: Insyde secure flash is certainly annoying lol I guess I'll contribute a little bit. Get ready for a long post!
When a new rom is flashed via Insyde's programs, it is flashed to a reserved space on the bios chip which is 20MB ( according to the source code). Then immedialey after the computer restarts, then old bios verifies the new bios before overwiriting itself with it. Then the new bios is fully in place. Since it is the old bios which is verifying the new bios, we can't modify the secure flash verification process since it would require modifying the old rom somehow. Here's some of the code that the old rom preforms at the end of the verifccation process. Sha1 Sha224 Sha245 Sha384 Sha512 Md5 Tdes Aes Rsa Pkcs7 X509 This digital signature is stored in the extra space in the bios rom. You'll notice that the Insyde secure roms are slightly bigger than what they should be.
They are also PE32 programs, which you can verify by looking at their header. This program is run by Insyde's flasher programs and it will usually overwrite platforms.ini with an unmodified version to make modifying platforms.ini useless. However my tests have shown that any modifications to platforms.ini's secure flash settings is useless anyway. So what if we extract the pure rom from the securre flash rom and try to flash that? Thanks to the research done by BDMaster, this is simple Unfortunatley InsydeFlash.exe will make sure the rom is secure before flashing it. Special thanks to the person who was willing to test out my ideas on their computer lol.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |