For sure, none of this we’ve been discussing would ever help to unlock FD anyway
I think this section need to be updated: D. Check Locked/Unlocked Status.
We can not check the lock status by just dumping the flash. In some cases, the flash can be dumped succussfully, but the Descriptor Region is still locked.
@plutomaniac @Lost_N_BIOS
I use the ru.efi several times.And I found something different.
1.Not all the mobo could show the offset(including SETUP guid) in the ru.efi.
2.ru.efi may show and be modded the offset besides SETUP guid,such as platform guid.
3.I think ru.efi could just show and be modded the area of "00-FF" offset in the guid.If exist some offset over the area of "00-FF" as "406", ru.efi could not modify it.
@finnce - you can always check status with the dumped BIOS or dumped FD, I am not sure what you mean by you can’t check it by dumping
@gloobox - I’ve never used RU, but I can tell you from seeing others use and try to use it, what it shows you is not always the correct and proper locations to edit like you would if using grub / setup_var
Rest of your comments, I can’t comment back on, no experience with this tool.
Not sure if of any interest, but stumbled upon a Supermicro bios with a tool for unlocking ME region:
"On X10 DP Grantley platforms, Supermicro introduces a jumper-free solution that places ME into the manufacturing mode. The user doesn’t have to open the chassis to adjust the ME-related jumper on the motherboard any more. The ME manufacturing mode is required upon updating all software-strap settings in Flash Descriptor Table (FDT) inside ME region."
Depends on reading a “CMOS50 value” with a DOS program, so it’s changing a CMOS variable as described in chapter E6, but with a DOS- program (program for EFI shell exists as well):
…
“fdt -w 50 A5
afudos %1 /P /B /N /K /R /ME
fdt -w 50 00”
…
Board was X10DRU-i+, bios X10DRU9_611.zip
I’m looking to downgrade ME fw to 11.7.0.1229 on asus z270-a, but after reading forums for a while it still remain a bit unclear how to do it.
I managed to get ME fw to show 0.0.0.0 in bios by enabling re-flash. Apparently can’t then update me fw from original bios file due to no write permissions(?)
Tried using fptw but it says “fparts.txt not found”(it’s in same place as fptw).
Any advice how to get the old version?
@Schadek - Sounds like wrong version FPT, or old package possible? Be sure you are using correct ME System tools package for your board, then you will have correct FPT - you need ME System Tools V11 from here
Intel Management Engine: Drivers, Firmware & System Tools
Then you should be able to write ME via FPTw.exe -me -f mefile.bin
DO NOT Write in unprogrammed ME file, you need to use a ME File extracted from a BIOS for your exact model board, or run the stock ME FW file through FITc program using your BIOS as the base to update/downgrade the ME FW, then extract it and give only that ME Region to FPT to flash.
Ok, so extract ME with uefitools or? Because with that I get .rgn file and should I get .bin file somehow?
ME Extract is not part of this process really, but you can do that. If you want to try and flash ME region via FPT, then yes extract ME region with UEFITools and rename it to .bin
Then >> FPTw.exe -me -f ME.bin
hi,
would someone know how to unlock it for a asus viii hero to downgrade the mei firmware back to the official asus version please?
i fail to edit the bios file to allow the hidden option
See method E1 on first page, or flash programmer, or ME FW Re-Flash option, which I’ve covered in your thread.
Thanks for sharing the experiment.
I could dumped the ME part or the whole bios via the method E2.But I could not write the modded bios into the mobo.
These mobos are:
Lenovo is7xm,showed error 280
HP 600G1DM,ProDesk 480 G1 & Compaq Elite 8300,showed error 28
@Lost_N_BIOS
HP mobos above I had set ME FW Re-Flash and bios lock but it still showed error 28.
I think I must flash them by spi programmer,it is the last resort.
@gloobox - dump BIOS region only, then write it back, do you still get error 280? If yes, this is SMI/SMM lock (look for those in setup/IFR like BIOS Lock, disable via grub or H20UVE), that may remove the lock for you, if not try S3 sleep bug first to see if this BIOS has that (put system to S3 sleep for one minute, wake it up and try FPT flash again)
Error 280 is a pain if the BIOS setting is missing from setup, in those instances PCHInitDXE edit is required, which then means you need programmer to put on BIOS (or use risky AFU ES Flash, if AFU compatible BIOS)
Send me this dumped BIOS region with error 280
Error 28 can sometimes be removed via PRR/PRR2 tool - http://s000.tinyupload.com/index.php?fil…502714829956453
If not, also try the S3 sleep bug mentioned above. Send me a dump of this ones BIOS region too if PRR/PRR2 tool does not work, and S3 bug is not present.
Normally for both these errors you would need flash programmer, unless BIOS options are present in setup. This one can sometimes be disabled via grub too (look for PPR/FPRR/Protected Range/Protected Register in setup)
Both may require making NVRAM changes live too, via RU or H2OUVE
@Lost_N_BIOS
Yes,I still get error 280 only dumping the BIOS region.
About the Lenovo mobo,I could say most of them didn’t have BIOS lock in setup/IFR.So it still showed error 280 even using the prr or prr2.Btw,I also tried the AFU /gan ,it show successed,but actually failed to flash the modded part.
About the HP mobo,actually some mobo could be ok (eg:400g1dm),but most of other mobos still showed error 28,and I had tried all the way you told me.
I am willing to give the whole bios to you.
HP 600G1 DM,16MB,whole bios
http://s000.tinyupload.com/?file_id=94116844012134665192
Error 280 is not BIOS lock, this is SMI/SMM lock only. This can be locked via a BIOS setting, or directly locked in PCHInitDXE module, which you can only get around the latter by dumping that with programmer and removing it since it’s in BIOS module not a setting you could possibly change
I suggest against AFU, especially with /GAN, and even more-so if your BIOS type is Aptio IV or V. But, did you try same flash with Main Block, NVRAM and Boot Block selected, that may flash. I guess with ES DOS that would be AFU filename.bin /P /B /N /GAN
Error 28 can be bypassed only by the following ways >> S3 bug if BIOS has it, special FD/ME Flash tool from manufacture may temp disable any FD/FPRR lock, or by PRR/PRR2.
Sometimes BIOS option may be there to disable, but if you can’t write in mod BIOS to fix this then edited BIOS doesn’t help.
PRR/PRR2 tool is only for error 28, it will not help with 280
Error 280 is much easier to bypass, if it has an option in BIOS.
BIOS you linked above has SMI Lock and BIOS Lock option at setup module (both enabled and SMI Lock is double enabled.), not the PE32 part, but this one - 97E409E6-4CC1-11D9-81F6-000000000000
Disable them via grub / setup_var, if you get error cannot set variable by EFI then you need to dump vars with H20UVE and then edit and reprogram back. << If you need to know how to do this let me know.
SMI Lock, VarStoreInfo (VarOffset/VarName): 0x96, VarStore: 0x1, QuestionId: 0x73, Size: 1, Min: 0x0, Max 0x0, Step: 0x0 {05 A6 90 02 91 02 73 00 01 00 96 00 10 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
Default: DefaultId: 0x0, Value (8 bit): 0x1 {5B 0D 00 00 00 01 00 00 00 00 00 00 00}
One Of Option: Disabled, Value (8 bit): 0x0 {09 0E CD 00 00 00 00 00 00 00 00 00 00 00}
One Of Option: Enabled, Value (8 bit): 0x1 (default MFG) {09 0E CC 00 20 00 01 00 00 00 00 00 00 00}
One Of: BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x97, VarStore: 0x1, QuestionId: 0x74, Size: 1, Min: 0x0, Max 0x0, Step: 0x0 {05 A6 96 02 97 02 74 00 01 00 97 00 10 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
Default: DefaultId: 0x0, Value (8 bit): 0x1 {5B 0D 00 00 00 01 00 00 00 00 00 00 00}
One Of Option: Disabled, Value (8 bit): 0x0 (default MFG) {09 0E CD 00 20 00 00 00 00 00 00 00 00 00}
One Of Option: Enabled, Value (8 bit): 0x1 {09 0E CC 00 00 00 01 00 00 00 00 00 00 00}
NVRAM volume is broken in this BIOS, this is first volume in BIOS region, shows as “Padding” in UEFITool. Have you edited it? Is it dumped from a working system?
I went to check NVRAM to show you where to disable there too, for use with programmer, to fully remove all this, but it’s broken dump so I’m not going to dig too deeply into that as it’s a mess trying to find what I need to show you in this manner.
Link me to the stock BIOS and maybe I can fix, but I don’t have high hopes with that, it can be done but is tricky. Sometimes one byte edit fixes it, but other times I can spend hour or two and still not fix it.
@Lost_N_BIOS
Thanks,
There 5 sections name 97E409E6-4CC1-11D9-81F6-000000000000
Do you think is in the 899407D7-99FE-43D8-9A21-79EC328CAC21??
Btw,the HP 600g1dm bios was dumped by fpt.What tools do you choose to backup the bios?
@Lost_N_BIOS and @plutomaniac Hi , my Asus TUF FX505GE Gaming NB after RMA was not able to flash modded bios by FPTw64 (Error 238) .
Service Center Changed my laptop Motherboard because of my screen flicking .
My previous motherboard was able to flash any modded bios without any bypass or unlock , previous MB are using W25Q128FV Chip and the current MB is GD25B128C SPI Chip.
I’m not sure what we’re supposed to do. There is no question or similar anywhere. Locking the FD is what OEMs should do so it’s no surprise they did. You can follow the guide and try to unlock it via its methods.
hello,I had fix the permissions to 0x0FFF, and used the CH341A flashing the img into SPI FLASH, but it looks like doesn’t work
What is the problem and how should I do it ?
forgave for my poor English.
@andy7y - Error 368 - BIOS lock, it’s not a FD region lock type edit like you did above, this is a BIOS setting and it’s stored in 3 different places in your BIOS.
Dump your BIOS with programmer and send me a copy, I will unlock BIOS lock for you and send back, then you program it in, and use that BIOS as your base BIOS source moving forward for any future edits.