Bootguard is set on this bios?

BIOS/UEFI Modding BIOS Modding Guides and Problems
1

Hi,I’m playing with a notebook which had I5 5200U,and I just want to mod something on the bios.
But I found something strange on it by using meinfo,and here is the detail below.

Did the Bootguard is set on this bios?


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
 
Intel(R) MEInfo Version: 10.0.60.3000
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
 

FW Status Register1: 0x1E000255
FW Status Register2: 0x66002306
FW Status Register3: 0x00000200
FW Status Register4: 0x00004005
FW Status Register5: 0x00000101
FW Status Register6: 0x03C00EC9
 
  CurrentState:                         Normal
  ManufacturingMode:                    Enabled
  FlashPartition:                       Valid
  OperationalState:                     M0 with UMA
  InitComplete:                         Complete
  BUPLoadState:                         Success
  ErrorCode:                            No Error
  ModeOfOperation:                      Normal
  Phase:                                HOSTCOMM Module
  ICC:                                  Valid OEM data, ICC programmed
  SPI Flash Log:                        Not Present
  ME File System Corrupted:             No
  FPF and ME Config Status:             Not committed
 
Get ME FWU version command...done
 
  Windows OS Version : 6.2.9200 ""
  OS BIOS Support    : UEFI
 
    Table Type 218 ( 0x DA ) found, size of 251 (0x FB ) bytes
    Table Type 218 ( 0x DA ) found, size of 251 (0x FB ) bytes
    Table Type 218 ( 0x DA ) found, size of 251 (0x FB ) bytes
    Table Type 218 ( 0x DA ) found, size of 251 (0x FB ) bytes
    Table Type 218 ( 0x DA ) found, size of 245 (0x F5 ) bytes
    Table Type 218 ( 0x DA ) found, size of  77 (0x 4D ) bytes
    Table Type   0 ( 0x 00 ) found, size of  24 (0x 18 ) bytes
 
  Windows OS Version : 6.2.9200 ""
  OS BIOS Support    : UEFI
 
    Table Type 218 ( 0x DA ) found, size of 251 (0x FB ) bytes
    Table Type 218 ( 0x DA ) found, size of 251 (0x FB ) bytes
    Table Type 218 ( 0x DA ) found, size of 251 (0x FB ) bytes
    Table Type 218 ( 0x DA ) found, size of 251 (0x FB ) bytes
    Table Type 218 ( 0x DA ) found, size of 245 (0x F5 ) bytes
    Table Type 218 ( 0x DA ) found, size of  77 (0x 4D ) bytes
    Table Type   0 ( 0x 00 ) found, size of  24 (0x 18 ) bytes
    Table Type   1 ( 0x 01 ) found, size of  27 (0x 1B ) bytes
    Table Type   2 ( 0x 02 ) found, size of  15 (0x 0F ) bytes
    Table Type   3 ( 0x 03 ) found, size of  22 (0x 16 ) bytes
    Table Type   4 ( 0x 04 ) found, size of  42 (0x 2A ) bytes
    Table Type   7 ( 0x 07 ) found, size of  19 (0x 13 ) bytes
    Table Type   7 ( 0x 07 ) found, size of  19 (0x 13 ) bytes
    Table Type   7 ( 0x 07 ) found, size of  19 (0x 13 ) bytes
    Table Type   7 ( 0x 07 ) found, size of  19 (0x 13 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   8 ( 0x 08 ) found, size of   9 (0x 09 ) bytes
    Table Type   9 ( 0x 09 ) found, size of  17 (0x 11 ) bytes
    Table Type   9 ( 0x 09 ) found, size of  17 (0x 11 ) bytes
    Table Type   9 ( 0x 09 ) found, size of  17 (0x 11 ) bytes
    Table Type   9 ( 0x 09 ) found, size of  17 (0x 11 ) bytes
    Table Type   9 ( 0x 09 ) found, size of  17 (0x 11 ) bytes
    Table Type  10 ( 0x 0A ) found, size of   6 (0x 06 ) bytes
    Table Type  11 ( 0x 0B ) found, size of   5 (0x 05 ) bytes
    Table Type  12 ( 0x 0C ) found, size of   5 (0x 05 ) bytes
    Table Type  13 ( 0x 0D ) found, size of  22 (0x 16 ) bytes
    Table Type  14 ( 0x 0E ) found, size of  11 (0x 0B ) bytes
    Table Type  15 ( 0x 0F ) found, size of  35 (0x 23 ) bytes
    Table Type  16 ( 0x 10 ) found, size of  23 (0x 17 ) bytes
    Table Type  17 ( 0x 11 ) found, size of  34 (0x 22 ) bytes
    Table Type  17 ( 0x 11 ) found, size of  34 (0x 22 ) bytes
    Table Type  19 ( 0x 13 ) found, size of  31 (0x 1F ) bytes
    Table Type  20 ( 0x 14 ) found, size of  35 (0x 23 ) bytes
    Table Type  20 ( 0x 14 ) found, size of  35 (0x 23 ) bytes
    Table Type  21 ( 0x 15 ) found, size of   7 (0x 07 ) bytes
    Table Type  22 ( 0x 16 ) found, size of  26 (0x 1A ) bytes
    Table Type  24 ( 0x 18 ) found, size of   5 (0x 05 ) bytes
    Table Type  25 ( 0x 19 ) found, size of   9 (0x 09 ) bytes
    Table Type  27 ( 0x 1B ) found, size of  15 (0x 0F ) bytes
    Table Type  28 ( 0x 1C ) found, size of  22 (0x 16 ) bytes
    Table Type  28 ( 0x 1C ) found, size of  22 (0x 16 ) bytes
    Table Type  28 ( 0x 1C ) found, size of  22 (0x 16 ) bytes
    Table Type  28 ( 0x 1C ) found, size of  22 (0x 16 ) bytes
    Table Type  32 ( 0x 20 ) found, size of  20 (0x 14 ) bytes
    Table Type  34 ( 0x 22 ) found, size of  11 (0x 0B ) bytes
    Table Type  36 ( 0x 24 ) found, size of  16 (0x 10 ) bytes
    Table Type  36 ( 0x 24 ) found, size of  16 (0x 10 ) bytes
    Table Type  36 ( 0x 24 ) found, size of  16 (0x 10 ) bytes
    Table Type  41 ( 0x 29 ) found, size of  11 (0x 0B ) bytes
    Table Type  41 ( 0x 29 ) found, size of  11 (0x 0B ) bytes
    Table Type  41 ( 0x 29 ) found, size of  11 (0x 0B ) bytes
    Table Type 126 ( 0x 7E ) found, size of  22 (0x 16 ) bytes
    Table Type 131 ( 0x 83 ) found, size of  64 (0x 40 ) bytes
        MEBx Version found is 0.0.0.0000
 
Get ME FWU info command...done
 
Get ME FWU version command...done
 
Get ME FWU feature state command...done
 
Get ME FWU platform type command...done
 
Get ME FWU feature capability command...done
 
Get ME FWU OEM Id command...done
FW Capabilities value is 0x31111A40
Feature enablement is 0x11111A40
Platform type is 0x41350301
Intel(R) ME code versions:
 
BIOS Version:                           A15
MEBx Version:                           0.0.0.0000
Gbe Version:                            0.2
VendorID:                               8086
PCH Version:                            3
FW Version:                             10.0.55.3000 LP
LMS Version:                            Not Available
MEI Driver Version:                     11.7.0.1032
Wireless Hardware Version:              2.1.77
Wireless Driver Version:                21.90.3.2
 
FW Capabilities:                        0x31111A40
 
    Intel(R) Active Management Technology - NOT PRESENT
    Intel(R) Standard Manageability - NOT PRESENT
    Intel(R) Capability Licensing Service - PRESENT/ENABLED
    Protect Audio Video Path - PRESENT/ENABLED
    Intel(R) Dynamic Application Loader - PRESENT/ENABLED
    Intel(R) NFC Capabilities - NOT PRESENT
    Intel(R) Platform Trust Technology - PRESENT/DISABLED
 
TLS:                                    Disabled
Last ME reset reason:                   Power up
Local FWUpdate:                         Enabled
 
Get BIOS flash lockdown status...done
BIOS Config Lock:                       Enabled
 
Get flash master region access status...done
Host Read Access to ME:                 Enabled
Host Write Access to ME:                Enabled
SPI Flash ID #1:                        C84017
SPI Flash ID VSCC #1:                   20252025
SPI Flash BIOS VSCC:                    20252025
Protected Range Register Base #0 0x0
Protected Range Register Limit #0 0x0
Protected Range Register Base #1 0x0
Protected Range Register Limit #1 0x0
Protected Range Register Base #2 0x0
Protected Range Register Limit #2 0x0
Protected Range Register Base #3 0x0
Protected Range Register Limit #3 0x0
Protected Range Register Base #4 0x0
Protected Range Register Limit #4 0x0
BIOS boot State:                        Post Boot
OEM Id:                                 68853622-eed3-4e83-8a86-6cde315f6b78
Capability Licensing Service:           Enabled
 
Get ME FWU OEM Tag command...done
OEM Tag:                                0x00000000
 
Get ME FWU Platform Attribute (WLAN ucode) command...done
Localized Language:                     Unknown
 
Get ME FWU Info command...done
Independent Firmware Recovery:          Disabled
Keybox:                                 Not Provisioned
 
Get Oem Public Key Hash command...done
 
Retrieving Variable "OEM Public Key Hash"
OEM Public Key Hash (FPF):              not set
OEM Public Key Hash (ME):               D055309FCDB46EA40A5C3C3320A9CDAB67D613E78777F9F92B49BB8CFBD2F686
 
Get ACM SVN command...done
ACM SVN FPF:                            0x3
 
Get KM SVN command...done
KM SVN FPF:                             0x0
 
Get BSMM SVN command...done
BSMM SVN FPF:                           0x0
 
Get Oem Boot Guard Policy command...done
 
Retrieving Variable "Force Boot Guard ACM Enabled"
 
                                        FPF                 ME
                                        ---                 --
Force Boot Guard ACM:                   not set             Enabled
Protect BIOS Environment:               not set             Enabled
CPU Debug Disabled:                     not set             Disabled
BSP Initialization Disabled:            not set             Disabled
 
Retrieving Variable "Measured Boot Enabled"
Measured Boot:                          not set             Disabled
Verified Boot:                          not set             Enabled
 
Retrieving Variable "Key Manifest ID"
Key Manifest ID:                        not set             0xf
 
Retrieving Variable "Error Enforcement Policy"
Enforcement Policy:                     not set             0x3
 
Get PTT command...done
 
Retrieving Variable "Intel PTT HW Enable/Disable"
PTT:                                    not set             Enabled
EK Revoke State:
Get EK Revoke State command...done
Not Revoked
 
2

Not at FPF, so you can disable at ME FW if you want
For now, yes, it’s enabled at ME FW, that will need disabled via FITc, then ME FW reflashed and state reset (-greset or power drain)
That does look strange! I’ve only seen enabled or disabled, never “Not Set”

3


You mean the FPF? That’s not strange. They have 3 states (Not set, Enabled, Disabled). "Not set" means that the PCH/SoC has not been committed yet with any value (Enabled, Disabled). The OEM is supposed to set one of the two policies via FIT(C), close manufacturing mode to commit to FPF (fpt -closemnf) and then ship the system. When it’s left in an uncommitted state, you see "Not set". In this case, the OEM set the settings in (CS)ME but forgot to close manufacturing mode (closemnf). You can do whatever you want, BG wise.

4

@plutomaniac - Yes, I meant the FPF column, or just “Not set” in general, I’ve never noticed anyone’s report say this, always either enabled/disabled usually.
Thanks for the info. I did wonder if something was not committed or closed when I seen this, so makes sense now

5

@plutomaniac @Lost_N_BIOS @DeathBringer
Thanks!I tried to add some module as with nvme.
After flashing,I tried to reboot the system and it’s OK.And I found the module was added into it when I dumped the bios.
I unplugged the power cable,then plugged again the cable after a few minutes,the machine couldn’t launch.I had tried to take away the battery on the mobo and put it back,but it still didn’t work.
I had to tried to save it with SPI Programmer.

Should I do something with the ME region after modding the bios?(Disable ME should work?)
The bios below is the original bios dumped on the machine.

wh.rar (4.7 MB)

6

@plutomaniac @Lost_N_BIOS
I had flashed the original bios by SPI programmer.I found once I changed the bios region(add microcode or nvme module),the machine bricked.
I tried to disable ME but nothing helped.

7

@gloobox - Sounds like random glitch brick or something, for your first post above. Since it was OK, and then not after you unplugged it.
ME Does not need disabled, or edited. Sounds like maybe back BIOS edit? How did you do NVME insert? Did you compare before/after BIOS side by side with UEFITool after ucode update?
Please give me original BIOS and I will do NVME mod and update microcodes, then you can test and see if same.
This is above BIOS at post #5, untouched, not modified? What is full model name so I can keep in proper folder

If edit I do is brick too, this not due to Boot Guard, but something else, some other check like RSA or other internal checksum or other issue.

8

@Lost_N_BIOS
Yeah,#5 is the untouched one.Dell 9343,you’d better clean it if you decide to keep in your folder

9

@DeathBringer
Hi,could you help me to solve the problem?

10

@gloobox
I’m not interested in that.