(this one properly reads sections) and I found ucode sections - after that I know where ucodes in original BIOS begins. 3. I opened original BIOS with UefiTool 0.28 and exported entire section containing ucodes.
4. Using hex editor I replaced 2 ucodes and verified does it properly fit defined space - it is ok. 5. In UefiTool 0.28 I replaced section with modified one, saved. 6. Again opened in UefiTool NE 0.51 to verify modification. All ucodes are updated, revision number is proper and checksum of ucode also valid.
But when I try to flash that BIOS I’m getting error: "Incompatible BIOS version, Update aborted."
I guessing there is some other checksum verifying BIOS integrity, but I don’t know where should I search it. Or maybe it is related to UefiTool rebuild actions - maybe it breaks something?
I have already asked Intel for help… but I don’t know will they help me in reasonable time. That is why I wanted to do it myself.
EDIT: I have edited title to mention I’m willing to pay for help.
Ur issue has nothing to do with mcodes… its bios security issues as always. As usually in Intel HW, the problem is always the flash. Search the forum for NUC users posts. U may need to use Intel FPT tools (Part of Intel ME tools of the ME FW version used) to dump, edit and then flash it back. Intel HW boards/bios never were easy to flash mod files, some last resources is the use of a SPI Flash programmer. Good luck.
EDIT: U cant use a different version from wot ur system ME Engine is… drop ur bios dump in ME Analyzer and it will show u., Then use the correct ME package tools (FPT) I cant identify nothing by ur previous photos, dont know wot NUC u have and wot bios ur working on.
from 8, 9, 10, 14, 15 for <=10 I’m getting error “Cannot be run on current platform” (Win10) for >10 I’m getting error "39: PCH is not supported, 620: Unknown hardware platform"
The same error when trying on linux64 version. (only provider with >10 versions)
I can’t run FreeDOS as NUC works only in UEFI I can’t enable legacy boot (UEFI boot is enabled and can’t be disabled)
PS. I have struggling with it for last 8 hours… shitty
Intel(R) TXEInfo Version: 4.0.26.1337 Copyright(C) 2005 - 2020, Intel Corporation. All rights reserved.
Intel(R) TXE code versions:
BIOS Version JYGLKCPX.86A.0062.2021.0419.1701 Vendor ID 8086 PCH Version 3 FW Version 4.0.30.1386 Security Version (SVN) 2 TXEI Driver Version 4.0.0.1062 Number of IFWI Modules 3 IFWI Module Name/Version FTPR.man Version: 4.0.30.1386 PMCP.man Version: 0.1.0.0 SMIP.man Version: 4.0.30.1392
FW Capabilities 0x31109040
Intel(R) Capability Licensing Service - PRESENT/ENABLED Protect Audio Video Path - PRESENT/ENABLED Intel(R) Dynamic Application Loader - PRESENT/ENABLED Intel(R) Platform Trust Technology - PRESENT/ENABLED Persistent RTC and Memory - PRESENT/ENABLED
Last TXE reset reason Power up Host Read Access to TXE Disabled Host Write Access to TXE Disabled Host Read Access to EC Disabled Host Write Access to EC Disabled SPI Flash ID 1 C22538 SPI Flash ID 2 Not Available BIOS boot State Post Boot Re-key needed False Capability Licensing Service Enabled OEM Tag 0x00000000 Slot 1 Board Manufacturer 0x00000000 Slot 2 System Assembler 0x00000000 Slot 3 Reserved 0x00000000 EPID Group ID 0x15A9 Keybox Not Provisioned Crypto HW Support Enabled Replay Protection Not Supported Replay Protection Bind Counter 0 Storage Device Type SPI Replay Protection Bind Status Pre-bind Replay Protection Rebind Not Supported Replay Protection Max Rebind 0 Intel(R) PTT Supported Yes Intel(R) PTT initial power-up state Enabled PAVP Supported Yes Integrated Sensor Hub Initial Power State Disabled End of Manufacturing Enable Yes Post Manufacturing NVAR Config Enabled No Protect BIOS Environment Enabled CPU Debugging Disabled BSP Initialization Disabled Measured Boot Enabled Verified Boot Enabled OEM Public Key Hash FPF 327FDD65E3F2143B14E38CAC970EC719FCA3C563DBF140B202F9192CEC4C6DB9 OEM Public Key Hash UEP 327FDD65E3F2143B14E38CAC970EC719FCA3C563DBF140B202F9192CEC4C6DB9 OEM Public Key Hash TXE FW 327FDD65E3F2143B14E38CAC970EC719FCA3C563DBF140B202F9192CEC4C6DB9
FPF UEP TXE FW --- --- ------ Boot Guard Profile 2 - VM 2 - VM 2 - VM Key Manifest ID 0x1 0x1 0x1 PTT Enabled Enabled Enabled UFS Boot Source Disabled Disabled Disabled EMMC Boot Source Disabled Disabled Disabled SPI Boot Source Enabled Enabled Enabled LED Indication Disabled Disabled Disabled DnX Disabled Disabled Disabled OEM ID 0x0 0x0 0x0 OEM Platform ID 0x0 0x0 0x0 SOC Config Lock Done Not set Done RPMB Bind Counter 0x0 0x0 0x0 RPMB Migration Done No Not set No Persistent PRTC Backup Power Exists Exists Exists Allow OEM Signing of DAL Applets No No No PTT Lockout Override Counter 0x0 0x0 0x0 EK Revoke State Not Revoked Not Revoked Not Revoked CSE SVN 1 1 1 OEM Key Manifest SVN 0 0 0 Ucode SVN 0 0 0
--- Flash Devices Found --- MX25U12835F ID:0xC22538 Size: 16384KB (131072Kb)
Error 559: EOM prevents IFWI Prepare to Update from completing FPT Operation Failed.
Ouu and note I added "-bios" flag to FPT cuz without it I got error when dumping
1
Error 318: The host CPU does not have read access to the target flash area. To enable read access for this operation you must modify the descriptor settings to give host access to this region.
EDIT by Fernando: I have put the codes into "spoilers" (to save space and for better readability).
Intel(R) TXEInfo Version: 4.0.26.1337 Copyright(C) 2005 - 2020, Intel Corporation. All rights reserved.
Windows OS Version : 10.0
FW Status Register1: 0x80000245 FW Status Register2: 0x09F40400 FW Status Register3: 0x30A6060E FW Status Register4: 0x00080000 FW Status Register5: 0x00000000 FW Status Register6: 0x40000000
CurrentState: Normal ManufacturingMode: Disabled FlashPartition: Valid OperationalState: CM0 with UMA InitComplete: Complete BUPLoadState: Success ErrorCode: No Error ModeOfOperation: Normal SPI Flash Log: Not Present Phase: ROM/Preboot TXE File System Corrupted: No PhaseStatus: FUSES_PULLED FPF and TXE Config Status: Committed FW Capabilities value is 0x31109040 Feature enablement is 0x31109040 Platform type is 0x73FF0321 Intel(R) TXE code versions:
Table Type 255 ( 0x FF ) found, size of 0 (0x 00 ) bytes BIOS Version JYGLKCPX.86A.0062.2021.0419.1701 Vendor ID 8086 PCH Version 3 FW Version 4.0.30.1386 Security Version (SVN) 2 TXEI Driver Version 4.0.0.1062 Number of IFWI Modules 3 IFWI Module Name/Version FTPR.man Version: 4.0.30.1386 PMCP.man Version: 0.1.0.0 SMIP.man Version: 4.0.30.1392
FW Capabilities 0x31109040
Intel(R) Capability Licensing Service - PRESENT/ENABLED Protect Audio Video Path - PRESENT/ENABLED Intel(R) Dynamic Application Loader - PRESENT/ENABLED Service Advertisement & Discovery - NOT PRESENT Intel(R) Platform Trust Technology - PRESENT/ENABLED Persistent RTC and Memory - PRESENT/ENABLED
Last TXE reset reason Power up Get flash master region access status...done Host Read Access to TXE Disabled Host Write Access to TXE Disabled Get EC region access status...done Host Read Access to EC Disabled Host Write Access to EC Disabled Protected Range Register Base #0 0x0 Protected Range Register Limit #0 0x0 Protected Range Register Base #1 0x0 Protected Range Register Limit #1 0x0 Protected Range Register Base #2 0x0 Protected Range Register Limit #2 0x0 Protected Range Register Base #3 0x0 Protected Range Register Limit #3 0x0 Protected Range Register Base #4 0x0 Protected Range Register Limit #4 0x0 SPI Flash ID 1 C22538 SPI Flash ID 2 Not Available BIOS boot State Post Boot Re-key needed False Capability Licensing Service Enabled OEM Tag 0x00000000 Slot 1 Board Manufacturer 0x00000000 Slot 2 System Assembler 0x00000000 Slot 3 Reserved 0x00000000 EPID Group ID 0x15A9 Keybox Not Provisioned Crypto HW Support Enabled Replay Protection Not Supported Replay Protection Bind Counter 0 Storage Device Type SPI Replay Protection Bind Status Pre-bind Replay Protection Rebind Not Supported Replay Protection Max Rebind 0 Intel(R) PTT Supported Yes Intel(R) PTT initial power-up state Enabled PAVP Supported Yes Integrated Sensor Hub Initial Power State Disabled End of Manufacturing Enable Yes Post Manufacturing NVAR Config Enabled No Protect BIOS Environment Enabled CPU Debugging Disabled BSP Initialization Disabled Measured Boot Enabled Verified Boot Enabled OEM Public Key Hash FPF 327FDD65E3F2143B14E38CAC970EC719FCA3C563DBF140B202F9192CEC4C6DB9 OEM Public Key Hash UEP 327FDD65E3F2143B14E38CAC970EC719FCA3C563DBF140B202F9192CEC4C6DB9 OEM Public Key Hash TXE FW 327FDD65E3F2143B14E38CAC970EC719FCA3C563DBF140B202F9192CEC4C6DB9
FPF UEP TXE FW --- --- ------ Boot Guard Profile 2 - VM 2 - VM 2 - VM Key Manifest ID 0x1 0x1 0x1 PTT Enabled Enabled Enabled UFS Boot Source Disabled Disabled Disabled EMMC Boot Source Disabled Disabled Disabled SPI Boot Source Enabled Enabled Enabled LED Indication Disabled Disabled Disabled DnX Disabled Disabled Disabled OEM ID 0x0 0x0 0x0 OEM Platform ID 0x0 0x0 0x0 SOC Config Lock Done FW returned status: 0x5 Not set Done RPMB Bind Counter 0x0 0x0 0x0 RPMB Migration Done No FW returned status: 0x5 Not set No Persistent PRTC Backup Power Exists Exists Exists Allow OEM Signing of DAL Applets No No No PTT Lockout Override Counter 0x0 0x0 0x0 EK Revoke State Not Revoked Not Revoked Not Revoked CSE SVN 1 1 1 OEM Key Manifest SVN 0 0 0 Ucode SVN 0 0 0
Or simply open a support ticket @intel.com and request for a new bios with updated microcode My experience with intel.com support are very good, most of the time they supply a updated BIOS within a few weeks
