Can someone provide some clarification please? this threads topic got highjacked as the post is about signing the bios with official insyde tools which is the holy grail solution to almost all of insyde bios reflashing issues-the poster then provides incomplete tools missing the QA cert,drops the mike and walks away-then the thread contines with NOBODY trying the tools to discover they are missing the security certs and discussing nonsense-It appears whether you mod the flashing tool or not if the bios isnt signed then=brick-I know this as I hardware programmed my bios dumped,edited, then hardware programmed with an nvme insert and didnt re-sign the bios and guess what-brick
@Sweet_Kitten you provide an interesting link stating instructions inside archive in response to someone else askiong for the QA.pvk files which is the whole basis for this post so where are they? the link has over 12 files one of which is needing somew crazy pay for download plan
can someone please post where to obtain the qa certs-I tried making certs labeled QA-its signs well enough but no bueno for the flashing tool
In the matter of the topic I only uploaded makecert.exe, pvk2pfx.exe, MakeKeyFirst.bat, MakeKeySecond.bat. You have a limitation of 50MB per download on Chomikuj file-sharing.
A new certificate can be created with “makecert.exe” tool. There was no need for poster to publish the QA cert as it is being generated with random seed by default.
We still missing private keys from the manuf. It is necessary to have those files to generate a correct private key – public key pair, because the priv. key is that seed we use to generate certificate. So, the whole topic is a big nonsense itself.
So to say, the part about certificates belongs to “external” protection of flash memory. It is only valid untill the BIOS image is flashed by the genuine flashing tool. But there is also such thing as internal sanity, when already flashed BIOS performs the integrity check at some point of initialization.
Devices I know have this technology: Lenovo B50-30, Acer Swift 3 SF314, Xiaomi Redmi G 2021, most of HP Notebooks…
Yours might be one of those.
Ah, sure… Just got to know your device is Lenovo B40-30. It’s unfortunate, but I have no solution. I’m barely understanding how encryption things are actually work.
I didn’t catch the idea. Could you post the source of this info?
What descriptors? Flash descriptors of descriptors region?
Note that only individual volumes are verified during initialization. Otherwise, even just NVRAM data change would result in brick.
Can someone mod the InsydeH2O BIOS of my Lenovo IdeaPad 320-17IKB? I want to unlock the advanced settings. I already used a tool to replace the SLIC, but the same error that it is an invalid firmware image appears. I would like the full package BIOS.zip (5.1 MB)
with modifications that allow flashing.
Flashing might be a challenging task. But unlocking the advanced settings should be rather simple. This BIOS has everything in place. Known working shortcuts to open advanced settings in the code, and the application to enter setup screen.
Extract files from the archive to a flash drive, boot and see what happens. 4WCN47WW.zip
Thank you! I will try to boot it soon from my SD card as I have no USB drive free. Luckily my BIOS is good enough to support that . I guess that Secure Boot must be disabled?
I just ran it, but nothing special. One thing though, is that the BIOS says that it can boot my DVD ROM, which the device has but there is no disc and when I just enter the BIOS normally it isn’t there too! So I guess the BIOS is a bit exploitable. Also the PXE boot’s address is it at 00-00-00-00-00-00 which is also not normal, but this might tell that it is hackable.
Also, what shortcuts? So did Lenovo lie to me? They said that it was a production BIOS without shortcuts. Also just checked and saving an option in the temporary ‘patched’ BIOS does indeed save.
GOOD NEWS. I unlocked the Main, Advanced and Power tabs!!! I searched for the program you did use for the ZIP, which linked to another program called ‘InsydeH2O-Unlocker’ and success with that program! I CAN ENABLE STUFF LIKE OVERCLOCKING.
Also, even though I unlocked the BIOS, would you be able to get to know what the shortcut is to unlock the advanced settings? It might be handy for in the feature and to get even an easier way to unlock it.
I had bricked my BIOS after changing some settings. Only had a black screen and loud fans after. Fortunately, I got a CH341A programmer and were able to restore it to a working BIOS dump. Is there a way I can set back and/or get back the license key in the BIOS? I were stupid and made no BIOS backup, so. I can live without it, as I already upgraded from Windows Home to Pro using a different key not stored in the BIOS, but it might be handy to get it back just in case.