[Guide] Howto Unlock/Flash an Insyde H2O UEFI BIOS

Also, is there a way using a patch or something in order to change the BIOS information for my board? I need to change the basboard name as it now shows invalid. If possible, without a programmer. I also managed to set the serial number using a tool called LVAR.exe at UEFI Shell.

HxD does not find that in the dump.

Youā€™re right. Iā€™ve just checked this doesnā€™t work for Lenovo. They use encrypted key storage in BIOS. Two occurences starting with ā€œ4C 45 4E 56ā€. With the size of 1000h each. If you only kept a backup, it would be easier.

I think you can take someone elseā€™s data in order to get rid of the Invalid lines.

Could be. But I just released a mod for the BIOS!
Lenovo IdeaPad, 320-14, 320-15, 320-17, 520-15, B320-14, V320-17 BIOS Mod - BIOS/UEFI Modding / Offers: Already modded special BIOSes - Win-Raid Forum (level1techs.com)

Can you give me that ZIP again? I thought I might have gotten it working, but not sure. I actually now want to have the advanced settings temporary, so I do not accidentally set something. Can you also look further into it, to be sure what needs to be patched in order to show the main, advanced and power tabs? You know I had unlocked them, but also bricked my laptop by it. Luckily, I can recover from it now. Just want to use a temporary patch from a USB drive or SD card (BIOS supports booting from an SD card).

The ZIP wonā€™t work. You did let me know.
The thing is that menu tables and executable part are placed in the same DXE driver. We got to find out how to unload the executable part and load it again when patched to make things to work.

Also, the Unlocker is a semi-permanent solution. It means that you can relock access to advanced BIOS.
Using this EFI application.
https://winraid.level1techs.com/uploads/short-url/fW7YQn0gkWIzMpvM93aLXojlYVs.zip

Well, I used the patch oncee, and saw that the Advanced tab was there. How would I be able to relock the things the unlocker unlocked? I just want some settings to keep while they are hidden again. It looks like it only shows sometimes or something with the EFI application patchā€¦

Press F3 to lock.

If possible I wold like to unlock it temporarily using a patch on a USB drive, or make that F3 shortcut a permanent one to toggle between unlock/lock.

I donā€™t think it is possible. We canā€™t recompile the BIOS at this level without having source code.
And runtime patching way is a dead end.

I used the EFI app. Both unlocking and relocking works. I set the CPU mode from Non-Turbo Performance to Turbo performance, which should give a little boost.

Would there be a way I can use H2OUVE to change some BIOS information? I also have an option to disable the flash protection registers, but donā€™t know whether it gives more negative effects than positive effects, and even stays off then.

I donā€™t know. Lenovo laptops use different technology to store serial data. BIOS version can be changed.

This option and ā€œBIOS Lockā€ option controls whether it is allowed to flash BIOS without HW programming tools.

I also managed to enable Modern Standby, a.k.a. (ACPI S0 Low Power Idle). It is the newest mode for a sleep state, which is nice. Weird they did not enable that at default.

I MANAGED TO DISABLE THEM, AND STAY DISABLED. But now, I want to use the H2OSDE tool to change the baseboard priduct name. I managed to run it and it indeed sahs that it is INVALID. But when I try to change the value, it says function not supported. Can you give me instructions how to get to change them? Atleast H20SDE is a tool that would allow me to change what I was searching for, but I need to get it to work first.

@Sweet_Kitten would you know how I would be able to make the POST and BIOS display on an external display by any luck with any of the unlocked advanced settings (with HDMI)? It might be handy for if my screen breaks in the future.

I think this is not possible. HDMI is connected to dGPU. dGPU does not work in POST and BIOS.

Hmmmm. But why does HDMI use the only GPU (the iGPU) when I boot in the OS then?

Then I was wrong. For HDMI in my laptop it is different.

Late to the party but Iā€™m playing with an embedded AMD x86 system with a locked down Insyde BIOS Rev. 5.0 that only presents BIOS version, memory, date and time in the setup utility. It has an embedded flash chip that it will only boot from. It will recognize a bootable USB device but presents the error ā€˜has been blocked by the current security policyā€™, so I assumed secure boot is enabled.

Iā€™ve dumped the winbond 25Q64FWS1Q flash chip successfully to a .bin file and have been playing with the H20EZE setup editor to try and change the boot type from UEFI to legacy boot, which I understand will bypass secure boot. Iā€™ve exported what I thought was the saved .bin and re-flashed this to a NEW 25Q64FWS1G (note G not Q) chip as the original chip would not let me write it.

This modified flash chip would not boot. I burned the original file to another new 25Q64FWS1G chip and that works.

Could somebody point me towards what I need to do to either disable secure boot or set the boot type to legacy so I can get it to boot from another device?

Thanks!