Dump BIOS of Dell XPS 9550


I tried to Dump my Dell XPS 9550 with the CH341A V 1.31 and selected an Size of 16MB but it looks like, that the Size of the Chip is 32MB. I have extracted the Original BIOS and all File has an Size of 25MB. Is it possible to dump an BIOS Chip lager than 16 MB with this tool?
I also have read that there is the Intel Boot Guard active which prevents that another BIOS can’t be booted when it is directly written to the BIOS Chip. I also tried to open the BIOS with the Intel Flash Image Tool but I get this error message:
Error 10: Failed to open with processed commands.
Unable to open file: xps_new.bin. Reverting to default configuration.

When I open this File with the UEFI Tool then I have no error and also not with the UBU Tool.

This is the Output of MEInfo which I have made:

Intel(R) MEInfo Version:
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.

Intel(R) ME code versions:

BIOS Version 1.6.1
MEBx Version
GbE Version 0.8
Vendor ID 8086
PCH Version 31
FW Version H
Security Version (SVN) 3
LMS Version Not Available
MEI Driver Version
Wireless Hardware Version Not Available
Wireless Driver Version Not Available

FW Capabilities 0x31111140

Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED

Re-key needed True
Platform is re-key capable True
TLS Disabled
Last ME reset reason Global system reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Disabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
SPI Flash ID 1 EF4018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 68853622-eed3-4e83-8a86-6cde315f6b78
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00001028
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Enabled
C-link Status Enabled
Independent Firmware Recovery Disabled
EPID Group ID 0xF85
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 234EB9DE1AC240CC1376378CA22D245372D665B40F93D148141A66E9B76293EF
OEM Public Key Hash ME 234EB9DE1AC240CC1376378CA22D245372D665B40F93D148141A66E9B76293EF
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000

— –
Force Boot Guard ACM Enabled Enabled
Protect BIOS Environment Enabled Enabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Enabled Enabled
Verified Boot Enabled Enabled
Key Manifest ID 0xF 0xF
Enforcement Policy 0x3 0x3
PTT Enabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF 0x0

When I try to dump it via FPTW64.exe -d spi.bin then I get this error:

Intel (R) Flash Programming Tool. Version:
Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.

Reading HSFSTS register… Flash Descriptor: Valid

— Flash Devices Found —
W25Q128FV ID:0xEF4018 Size: 16384KB (131072Kb)

Error 318: The host CPU does not have read access to the target flash area. To enable read access for this operation you must modify the descriptor settings to give host access to this region.
FPT Operation Failed.

Is there something which I can do about it or is it still not possible with my Notebook? The BIOS can also be opened without any Issues with the AMIBCP V5 Tool.

Thank you

You have the flash descriptors locked, that’s why you will not be able to dump your bios with FPT.

The only thing you can do is to dump it via CH341A using 1.18 version (which is the best one).

Anyway, according to FTP your eeprom (Winbond) is a 128 Mbit chip (16 MByte), so how can you be sure
that it’s a 32 MB size eeprom ?

You indeed have 16 Mb SPI flash and dump file, updates are not using the same format.
You also indeed have BootGuard enabled and enforced, so almost any changes in FW will result in a brick.
You can store that dumped image as backup copy in case of brick (to restore with the same SPI programmer later), but there’s not much to do here otherwise.

Hey guys,

Coming to you with a question regarding a 9550 I managed to brick. I virtually ran out of ideas
After successfully running the laptop with Corma’s me_cleaner I did the mistake of trying to update the BIOS trough the .EXE file from the dell website and it obviously bricked my device.
I’m suspecting that the .exe is writing some parts of bios on all 3 of the bios chips (16M, 4MB, 1MB), correct me if i’m wrong on this.

I’ve tried to use different dumps, however i don’t believe they match as with different combinations I get different activity either just a very brief blink of the power LED (blank screen) or the most I got was blank screen and gives a CPU Fail code (1 white 2 Amber) error code.

Any ideas if having all 3 dumps from a different laptop would be a solution for this, maybe I would be able to pull together all 3
Would anyone have handy a dump of these 3 chips? [MB is : LA-C361P Rev2.0 (A01)]

Thanks a lot,

Yes, reprogramming all three with some other systems dumps would get the board back up and running, but you’d need to put in your asset tag and LAN ID first (Or later) Do you have hardware flash programmer and SOIC8 test clip cable?

I will try to find you dumps tonight. Hopefully you have a dump of the main BIOS at least before you started all this modding.

*Edit - @lorantisz - One is BIOS (FD, ME, GbE, BIOS) (16MB), one is Intel ME copy maybe (4MB) see below, and one is EC probably (1MB) - I assume the BIOS and ME would probably be the only ones you need to correct, maybe only ME chip
Dump all three and upload here and lets have a look, or upload all three’s backups you made before doing anything further to them once the issue happened

I was only able to find a “Clear_ME” dump from DIAGRAMAS.COM.BR, no one needs to be doing this silly clear/clean ME stuff… It’s like an old wives tale gone rouge now

*Edit, found a site giving all four dumps? - https://www.laboneinside.com/dell-xps-15-9550-bios-bin/
I checked these files and it’s only two actual dumps, one 4MB and one 16MB. 4MB looks to be EC like, I see Thunderbolt and display stuff mentioned, it’s not ME. Data in this is only 187KB, rest is 00-Fill, which looks about correct for an EC FW
This should get you going again, don’t edit the files until after you’ve tested and see if they work as is or not.

This system has bootguard enabled, and it’s burned into the chipset/FPF, no BIOS modifications at all can be done inside the yellow areas of the BIOS when viewing BIOS in UEFITool NE Alpha.
Possibly no edits at all can be made, but only more testing would be able to verify that, since you had ME edit working OK then possibly it may be only those two areas within the BIOS region can’t be edited…
You need to program back to 100% stock for now, then once running again you can try to play more… or not.

See also, this comment and link on recovery method at second to last post on page one, recovery wouldn’t work for him until he removed his hard drive

And see here, did you flash wrong firmware?

And, see end of this, maybe this way you can try to recover too if you have not already

I will try This on my Board!

@Lost_N_BIOS Most people repairing computers in Brazil doesn’t care about ME data, serial number, UUID, MAC and MSDM key, just flash a random dump from any place they find. When they do the "Clear_ME" thing, they are just replacing the original ME firmware by an unconfigured stock one.