[Guide] Unlock Intel Flash Descriptor Read/Write Access Permissions for SPI Servicing

What is it you are looking for in IFR, I will get for you, looks like you are not doing it correctly. Also, for ME unlock, see the two links I edited into my reply above
* Edit - @shikulja - here is the setup IFR, these variables can be changed via grub/setup_var >> http://s000.tinyupload.com/index.php?fil…593907758823789
BIOS Lock >> 0x8C5
ME Re-flash >> 0x6A8

* Edit, I see what you mean now, the latest BIOS will not output proper IFR file for setup module (need updated IFR tool, I tried two of the latest I know of, both do not work)
Used first BIOS instead

I could only find it

I will try to unlock your values

Full IFR is linked above

BIOS lock will remain changed, but ME re-flash will only stay for one cycle (leave grub and boot directly to windows)

what to do next than flash me
in bios version me i flash old firmware from bios but me not change

upd. flash afudos /me /gun original cap>rom. ezflash from bios not change me

thanks you helped me a lot

the last motherboard on intel + asus is buying your own thing, and in the end it is not possible to dispose of it. Intel blocks me, asus in spite of good hardware, disgusting software and bios. (broken realtek driver) bios … which may not load just like that even if it is just a reboot … modern motherboards …
and feeling like i’m still on socket 775
If I were in a country in the native language of which the producers refer so much … I would not support them for anything, and would suggest arranging a petition or something like that

When BIOS shows ME 0.0.0 or N/A that can mean ME disabled or ME corrupted. Was it like that before you made changes in grub to ME settings? If not, and it showed version then it should be OK and only means disabled for the reflash.

To reflash ME you need to use FPT, with this ME file.

Use this command
FPTw.exe -me -f ME_Region.bin

And if you have rebooted since you made the ME Re-Flash edit in grub, you may need to go back to grub and do that again first (Then control Alt Delete to windows)

By, it changed after grub, and after afudos flash firmware, the version became 11.6.X.X.
So, I believe that the problem has been solved and i can flash the moded bios next time.

After turning on re-flash in FPTW, the driver refused to load, so I could not flash it with me
(if I didn’t turn on re-flash, then FPTW worked fine, but I didn’t want to flash it)

Yes, re-flash enabled would disable the ME, so you can flash via FPT, when in this situation drivers should already be loaded for ME in advanced, but only FPT update ME here not FW Update tool

Glad you got it sorted out.

my motherboard uses alc1220 chip. I can not find the data sheets. Can I do as instructed in # 1?

@nch2312 - try more to find datasheet or pinout for that chip. I am not sure what you are referring to "As instructed in #1"? Please be more specific

hi good day here working to update ME just reading te tuto and testing to dump me part from ASUS maximus viii ranger also descriptor etc and all dump can complete ok below picture


my ME is 11.6 using bios 3802 from coffetime the i5 9600k get post code 00 i am confused now what i have to do i read my chip audio is realtek alc 1150 and found datasheet pinwork 1 and 5 are ok same as tutorial i just have to remobe soldered metal capsule Supreme FX for this trick i think but the point is if i can dump all my bios region why my ME still 11.6 with bios coffetime 3802 and why i have to do pin 1 and 5 if i can read all regions can some one resolve my dubts ?

please check picture from coffetime

Looks like it’s all unlocked @Vaxter - send me dump from FPTw.exe -d bios.bin and I can confirm for you, also send fd.bin dump too.
If FD unlocked, and it looks like it us, at least for reading, then you should be able to update complete BIOS including FD, did you flash mod BIOS like this >> FPTw.exe -f ModBIOS.bin

I don’t think you need audio pinmod now, unless FD is not unlocked for write, only read, that is why I said attach BIOS dump above and FD dump too.
That second image, doesn’t show it wrote/updated FD. If ME version was changed SKU to 370 then you need to also write FD, I will check files when you send if ME SKU was changed or not (If not, it may be needed, maybe need to use other AIO Tool)
I am not sure if it’s needed for your setup or not, but if it is and coffeetime did not change that you need to use other tool, then write entire BIOS including FD using FPT

Apparently there is another unlock method E8 which is described in this whitepaper https://bromiumlabs.files.wordpress.com/…_whitepaper.pdf and even used in the wild by the UEFI Malware Lojax https://www.theregister.co.uk/2019/01/02/lojax_uefi_rootkit/

I would add an honorary mention to this magnificent post! Well done @plutomaniac !

the ru.efi tool, once you get the offsets with the IFR tool, ru.efi can help modify the setup var on the system using efi shell, saving the effort of dumping the spi (although you should really do it for backup, just in case)
link: http://ruexe.blogspot.com/

Thank you for your kind words and recommendation whatchamaycallit. To get the IFR offset you would still need to dump the BIOS region though. I have not tested it but maybe ru.efi can be helpful to set the variable on a more cross-platform basis. The current method with grub works sometimes but I haven’t had the time to test other solutions.

You are right, as always :slight_smile:
What I forgot to mention was that you probably can extract the IFR from an OEM BIOS update image without needing to dump SPI, I have been playing around with this kind of “non invasive” (not popping the hood so to speak)
for a while with moderate success. i haven’t had the chance yet to try to change authenticated setup variables, but would be interesting to see what would be the options once i do.

Mmm yes you could take the IFR from the stock BIOS but I don’t recommend that because you would have to be certain that they are the exact same version and you can’t really know if something has changed (offset-wise) at the Setup Variables of any given system during its everyday operation. So it is very risky to do that in my books. Dumping the BIOS eliminates those risks, it is safe and usually easily doable so that’s why I always recommend it. When it comes to IFR, LOST_N_BIOS is your guy as he has much more experience. For the purposes of this guide, I only recommend it as the last software-based solution before resorting into the invasive hardware programmer.

In my experience, well I mean from seeing users experience with RU/Shell (have not used it personally), this does not always match-up/change the correct/same variables from BIOS setup module as Grub does, so should not be used for this in many instances.
I have ran into this issue many times while trying to help users change something in grub and they try RU/Shell instead, that’s where my experiences with this come from.

Ah interesting, thank you Lost. Another one is this AMISetupWriter or similar which had worked for one user here when grub failed but I don’t know how good it is either and it’s obviously for AMI only so not Insyde etc.

You’re welcome. Yes, AMISetupwriter does similar thing, but it uses the shell method (Similar to RU, but more closely like grub) to write on reboot, there may be cases where it wont work either, but same can happen with grub too. Sadly there’s not a “one fits all” for this.

Insyde BIOS is tricky, depending on how BIOS is setup, the variables from “Setup” can be used, or it could be one of several setup/custom variables within NVRAM that are used/loaded instead, and you never know which is used until you try and it succeeds or fails to change the setting.
When trying to change things like this on Insyde BIOS, setup/IFR method can be tested first if user can get grub loaded, if that fails then certainly regular shell edit would fail similarly too.
H20UVE is better tool to change variables like this on Insyde, you can dump all variables, setup, custom etc can all be dumped and edited at once.
Using this, in combination with setup_var2/var3 to get other setup GUID’s can help you know which GUID is actually being used setup or customer etc. You can tell by the other GUID’s var2/var3 gives you when showing output from “setup”, hard to explain except in direct situations

It’s evident then that there is no “one fits all” approach to IFR and since it’s not really related to this guide, I’ll leave the current instructions as they are. If some guide pops up in the future about all the different ways this can be done, I can link to it. Thanks for the info Lost.