[Guide] Fix Scewin for protected Z690/Z790 to easily modify HIDDEN BIOS SETTINGS

I was facing this problem with my Z790 APEX ( ERROR:4 - Retrieving HII Database ERROR:4 - BIOS not compatible) after some research I found out I’m not the only one most Z690 and Z790 Motherboards have this problem which is NVRAM write protection which makes Scewin and other bios tools not working so the only fix is flashing modded bios with these three settings unhidden ( BIOS Lock some boards work fine without changing BIOS lock - Password protection of runtime variables - Publish HII Resources ) then change the settings in bios to
1- BIOS Lock - Disabled (if you unhide BIOS Lock and it’s still hidden to fix that simply unhide this extra setting (( Security Configuration )) and make sure to uncheck suppress from this setting)
2- Password protection of runtime variables - Disabled
3- Publish HII Resources - Enabled
after that Scewin should work perfectly importing and exporting all bios settings.
Z790 APEX (0904) MODDED BIOS with only these settings unhidden Download

here is my guide video.

For now, it’s tested in ASUS z790 apex and works perfectly, but still working to fix that with MSI boards sens Password protection of runtime variables and Publish HII Resources is not present in MSI bios trying to find the different name for these settings.
Let me know if this works for other boards.

3 Likes

Good job! Thanks for sharing this!

I have recently done some research on a Z690 BIOS: some of which I have posted here: [Guide] Enabling hidden BIOS settings on Gigabyte Z690 mainboards - BIOS/UEFI Modding / BIOS Modding Guides and Problems - Win-Raid Forum (level1techs.com).

Going on of what I have learned from my own research, I do wonder about some of your findings.

  1. About UEFI variables write protection at runtime

I found out I’m not the only one most Z690 and Z790 Motherboards have this problem which is NVRAM write protection which makes Scewin and other bios tools not working

I also found this nasty problem on the Z690 board. This is what makes most of the old guides obsolete. These guides advise to boot into an UEFI shell and then use something like setup_var or RU.exe/RU.efi to change those variables.

However, consider this: AMISCE is specifically intended to work around this and it can change write protected UEFI variables at runtime (meaning post boot, in Windows). See below.

  1. BIOS Lock
    This BIOS option sets the Lock Enable (LE) bit in the BIOS Control (BIOS_SPI_BC) register. It determines whether the BIOS region is write protected on the SPI flash chip. It has, afaik, nothing to do with UEFI variables (NVRAM). In fact, it might, but: my own testing showed, that AMISCE worked fine when BIOS lock was enabled. It might be BIOS/board dependent.
  2. Password protection of runtime variables
    This is an interesting one and it is missing in my Z690 BIOS. The description of this option seems to be:

Allows you to control the NVRAM Runtime Variable Protection through System Admin Password. Configuration options: [Disable] [Enable]

If this is true, then AMISCE should still work with this option enabled, as it’s manual states:

Unlocks protected variable update with administrator password.

  1. Publish HII Resources
    This one seems to be another new option that the z690 BIOS does not have. However, without access to the HII database, AMISCE cannot work.

Perhaps if you can find the time, you could help, clear a few of these questions up (as I don’t have a Z790 board to test any of this).

  1. Did you test all these BIOS options, that you change to make it work, individually, to test if all of them are needed, to make SCE work? I wonder, if enabling only Publish HII Resources would do the trick and I wonder if BIOS Lock is needed at all.
  2. Have you tried to set a BIOS password, and supply that password to AMISCE? See docs:

hello sorry for replying late, for the first time only you have to change all of these options BIOS Lock - Password protection of runtime variables - Publish HII Resources but after you change it for the first time you can only enable Publish HII Resources and leave the rest as is and it will work even if you change the bios there are weird things with this lock I don’t have time to really know what is going on some settings is saved if you change it even if you upgrade/downgrade the bios

1 Like

Thank you, thank you for this suggestion that I did not consider! This worked to modify protected variables when I was pretty nervous about flashing a modded BIOS to my ASRock Z790. For reference, I used SCEWIN, not AMISCE.

if you dont mind me asking, how did you do it for scewin?

nvr mind i figured it out

when i try running scewinn export it says
error: amifldrv64.sys not found in the current directory
why is that and how can i fix it
(asrock b760m)