[Guide/Deprecated] Flashing modified AMI Aptio UEFI using AFU

Lost_N_BIOS · November 3, 2018, 7:40am

@CoffeeOne - You want 3.3v not 5v, for next time around Glad you were able to get it flashed and are up and running, sorry I missed helping while you figured it all out.\

Fernando · November 3, 2018, 10:39am

@CodeRush @Lost_N_BIOS
According to >this< post written by our Forum member htruempl it is impossible to get a modded AMI UEFI BIOS successfully flashed into the BIOS chip of HP Workstations.
Here is an excerpt of his post:

Do you agree with the statement of the “senior expert”? Is there really no chance to get a modded BIOS successfully flashed into the mainboard of HP Workstations having a “normal” AMI Aptio UEFI BIOS?
Thanks for taking your time!

CoffeeOne · November 3, 2018, 1:36pm

Thx @Lost_N_BIOS for helping so far, I need now some support to get my harddisk clone running. I will create a new message.

@Fernando I can also confirm that it’s impossible to flash a modified BIOS on an Asus M5A99X EVO R2.0, when the “Asus flashback” feature does not work.

Fernando · November 3, 2018, 1:52pm

@CoffeeOne :
Until today I haven’t seen a proof, that the on-board ASUS USB Flashback feature really didn’t work and the reported BIOS flashing failure wasn’t caused by the user or a not suitable USB Flash Drive.

CoffeeOne · November 3, 2018, 2:12pm

@Fernando I did not want to say that the feature does not work at all, I only wanted to say that I am not able to do it on my board, with the USBs sticks I have available (tried 5 different sticks).
Can you give me some hints to clone my existing Windows 10 installation, please see my latest post.

CodeRush · November 3, 2018, 6:17pm

@Fernando , nothing is impossible with enough resources and dedication, and it’s definitely possible to use a modified firmware on that HP machines, but their security measures makes this extremely hard for normal users.
HP uses SureStart technology that is robust enough to be unbreakable by hobbyists, IMO. It’s not about “hidden checksums”, it’s EC that does signature verification, a strong chain-of-trust and dynamic instrumentation of the firmware done each 15 minutes. More information on SureStart can be found in this white paper: http://www8.hp.com/h20195/v2/GetPDF.aspx/4AA7-2197ENW.pdf
Breaking it would be a major hit to platform security, and if somebody clever enough can do it, it’s better to be reported to HP to be fixed ASAP.

Fernando · November 3, 2018, 6:27pm

@CodeRush
Thanks for your quick and very clear answer to my question.

@htruempl
Please read the above statement given by our BIOS Guru CodeRush.

Lost_N_BIOS · November 4, 2018, 7:17am

@CodeRush - I need to know the hard way around SureStart, it’s a pain in my rear! Programmer in hand does not even help, even when both roms are programmed at the same time = auto-recovery
What type of chip is the EC on, and can it be simply/fully wiped and system still function? What about if removing one flash rom + wiping that EC, leaving only main BIOS rom?

oculon · November 4, 2018, 8:10am

In Windows 7 64 bit I got the message

After executing the command:

1
2
3


AFUDOS.exe modified.rom /P /B /K

Edit: I followed the guide linked below and was able to bypass Asus modify protection, by using Afuwin64 to update with an official bios .CAP file, and then update with modified .Rom file
https://linustechtips.com/main/topic/592...r-motherboards/

Lost_N_BIOS · November 21, 2018, 7:31am

@ViliusK - this is a .capsule type BIOS, not .rom, so best to loose that file extension and rename back to original extension .205
If the file will not flash due to security issues, here is actual .rom format BIOS to use with my guide linked below, however I suggest you redo the mod on a BIOS region backup instead - http://s000.tinyupload.com/index.php?fil…870857352833721
[GUIDE] Grub Fix Intel FPT Error 368 - BIOS Lock Asus/Other Mod BIOS Flash

Using the above guide, you can start at step #6, because I’ve gathered the variables you need for you below (Also, rename boot64.efi file to Shellx64.efi for your system)
SMI Lock >> 0xAD
BIOS Lock >> 0xAE

Both of those variables ^^ you need to set to 0x0, so at grub prompt you will type the following one at a time, then reboot to windows and flash BIOS using FPT
Setup_Var 0xAD 0x0
Setup_Var 0xAE 0x0

Please note the warning in Red on the guide and redo your mod on a FPT backup of your BIOS region instead of the file you attached above.
And aside from that warning, you cannot use this .cap type BIOS with FPT anyway, the BIOS body would need removed from the capsule first (As you see with the file I linked above from your original mod = 2kb smaller).

In order to use the above guides flashing method you will need to find your Intel ME version using HWInfo64 (In large window, on left side, motherboard section), or see if it’s shown in BIOS Main page.
Then download the same version Intel ME Tools Package from this thread, inside you will find the Flash Programming Tool folder that contains FPTw.exe in section C.2
Intel Management Engine: Drivers, Firmware & System Tools

ViliusK · November 23, 2018, 5:18pm

Lost_N_BIOS, You were right, I was unable to flash bios file by ez flash or afudos.
ez flash my bios version is too old.
afudos gives me this: firtsly I tried with /GAN, but received error. Then I tried only afudos N751JKAS.ROM command, and it stuck forever, did not worked even alt+ctrl+del.

IMAGE

Will try this method you described previously, but I have not so much chances because of inexperience and lack of knowledge.

ViliusK · November 23, 2018, 11:19pm

I’m still struggling with my asus N751JK laptop. Still trying to flash it via AFUDOS.

Now I came to this: bios flash starts, “file reading” stage goes to 100% and I get an error in afudos saying "ROM file size does not match existing BIOS size."
Is there a way to fix this ?
Tried using both files for inserting.
Also I managed to downgrade my bios version, hoping it would help for modded bios to flash, but it didn’t

Fernando · November 23, 2018, 11:40pm

@ViliusK :
@Lost_N_BIOS :
Since your recent discussion has more to do with the topic “How to get a modded BIOS successfully flashed” than with the topic “How to get full NVMe support”, I have moved it into this thread.
Once you have succeeded, you can report within the source thread.

Lost_N_BIOS · November 24, 2018, 6:10pm

@ViliusK - since you are still trying AFU flashing methods, did you try the method posted in post #169 above?

I do not like using AFU, so am not familiar with how to get around it’s issues, but a sizing one doesn’t sound safe, stop there!
To figure that out possibly, dump your BIOS with AFU and compare with the one you are trying to flash, if the one you are trying to flash is 2KB larger, then it’s still in capsule and you need to do as I described in post #170, or use the file I provided.

My suggestion is to stop trying to use AFU and do the method I outlined, you’d be done by now

ViliusK · November 24, 2018, 9:43pm

Hi,
Already flashed with AFUDOS, everything is OK so far, NVMe works.

Lost_N_BIOS · November 27, 2018, 9:25pm

The reflash method outlined at the end of this guide has been helpful for many who have issues using regular methods with AFU
https://linustechtips.com/main/topic/592…r-motherboards/

kosi · December 27, 2018, 11:46am

CodeRush

Hi, I have a problem with my G771JW. Wpisuje komede afudos namebios.rom / P / B / K and nothing happens - hangs up. In bios, I turned off the boot protection.
Can you help me with this? Please

kosi · December 27, 2018, 11:51am

ViliusK

hi, how did you get the same message about too big file?

Fernando · December 27, 2018, 12:52pm

@kosi
Without an “@” in front of the related nickname the Forum members CodeRush and ViliusK will not be notified about your directly addressing.

Lost_N_BIOS · December 27, 2018, 12:56pm

@kosi / P / B / K will not work, if that is exactly how you are typing them, it should be /P /B /K (No spaces)

If you are getting file is too big messages, stop now and find the cause before you move forward and end up bricking your board.