Help flashing bios on Microsoft Surface Pro 2

Maleabil · February 11, 2019, 12:01pm

Hi everyone!
I really need some help with flashing bios on my tablet. Every 30 minutes exactly the tablet cuts the power. This problem has been reported but some people with the same tablet pointing to a bad firmware update.
I found a topic here where someone has managed to flash the bios on surface pro 2 and got rid of the problem:
Yoga 2 Pro shutdowns every 30 minutes (6)
I tried to use the same procedure but i got stucked.
fptw64-d spi.bin command from the Intel ME System Tools v9.0 r1 package gives me the error „fptw64.exe cannot be run on the current platform”. Currently I have win 8.1 64bit
I tried other versions of „Intel ME System Tools” but i got the same error. I think the error is because i don’t have „intel management engine interface”. I also tried to install other versions of intel management engine interface but none of them were for my platform.
I also looked for a device in device manager named “intel management engine interface” but I didn’t found anything. I only have “Microsoft system management BIOS driver”.
I tried the tools on win 10 and on win 8.1, same errors, no luck.
So if anyone has any suggestion, please help. I would really appreciate, thank you!

plutomaniac · February 11, 2019, 5:33pm

Attached is the latest full SPI/BIOS image for the Surface Pro 2, as provided by Microsoft. Since your tablet runs ME v9.5 firmware you need to use that System Tools pack. Run “MEInfo -verbose” and “MEManuf -verbose” tools and show us the outputs. If there are problems, you’ll need to re-flash the ME region of the tablet’s SPI/BIOS chip. To do that, make sure that you have read/write access to the ME region of the BIOS/SPI chip, otherwise follow the guide until you do. Afterwards, extract the attached SPI/BIOS image and use UEFITool to “extract as is” the ME region. Then run Flash Programming Tool via “fptw64 -me -f Region_ME_ME_region.rgn” followed by “fptw64 -greset”, if successful. After the reboot, your system should have healthy ME firmware and thus not shutdown every 30 minutes.

SurfaceProUEFI_20500FA.rar (2.71 MB)

Maleabil · February 12, 2019, 1:38pm

Thank you @plutomaniac but there’s no go for me…
I can not use any of the tools you indicated because i have a big problem, “intel management engine interface” is missing from my tablet. I discovered that by reinstalling the original image of the windows (downloaded from Microsoft).
When i have downloaded the image i also found that, in fact, my tablet is Surface pro 1 (2013), not surface pro 2.

After i have installed the image (windows 8 pro) i went to device manager and found “intel management engine interface” grayed out, with the error "device disconnected, please reconnect the device.
I tried to update the drivers with the original ones from MS and i tried to install the 9.5 package but nothing worked.
So i am in an impossible situation, i can not use the tools to fix the bios without “intel management engine interface”.
Thank you!

plutomaniac · February 12, 2019, 2:08pm

Surface Pro 1 uses ME v8 so you need to use those tools. You should be able to use either the DOS or EFI variants of the tools, which do not require MEI, under their respective environments. In this case, once you have read/write access to the ME region of the SPI/BIOS chip, you’ll need to dump your SPI image via “fpt -d spi.bin”, follow [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization on your dump and flash back the result via “fpt -f outimage.bin” followed by “fpt -greset”.

Maleabil · February 12, 2019, 6:39pm

Some good news!
I managed to extract the spi.bin, i have followed the guide for “cleaning the dump” and i have obtained the outimage.bin
In the end i got stucked to the fpt -f outimage.bin when i have received an error about write access. I tried to follow the guide for read/write access but i got lost.

I have attached the original dump, “spi.bin” and the cleaned one "outimage.bin"
https://drive.google.com/open?id=1sVvUmB…bkoi6E6yj7nXISg

For the first time i have hopes that will get rid of the 30 minutes problem.
Thank you!

plutomaniac · February 12, 2019, 7:06pm

The dumped SPI image is indeed full/properly dumped and I can see that the RSA Signature of the ME firmware is broken which is a critical corruption. I’m surprised it even boots to be honest. I’m fairly certain that more modern platforms would be bricked if that were to occur. Anyway, the outimage you built though is completely wrong. It is 16MB instead of 8MB, it lacks the BIOS region of the SPI image etc. You must not have followed the CleanUp Guide properly. By the way, all of these don’t matter if you cannot write the fixed image back via FPT so you must acquire write access to the ME region of the SPI/BIOS chip first.

Maleabil · February 12, 2019, 7:40pm

Just a direction please for the write access of the ME region…
The enabling is done inside the outimage.bin with a hex editor, modifying different values like "Me FW Image Re-Flash", "ME/TXE Disable" e.t.c."?
Thank you!

Maleabil · February 12, 2019, 10:22pm

I found these 3 entries and i have updated the corresponded settings with the efi shell
Setting: Me FW Image Re-Flash, Variable: 0x242 0x1
Setting: BIOS Lock, Variable: 0x49 0x0
Setting: BIOS Interface Lock, Variable: 0x4B 0x0

No luck, bios still not writable.

plutomaniac · February 13, 2019, 2:26am

Since the BIOS is AMI, try “Me FW Image Re-Flash” with AMISetupWriter utility. It might work better than grub. Remember that this change applies at the next reboot only.

Maleabil · February 13, 2019, 10:17am

I tried with the Grub efi and with the AMISetupWriter utility. After reboot the BIOS Lock, VarStore stays the same 0x1 (enabled). I have checked by running the commands again after the reboot to get the current state of the variables
In the grub efi i have no error. In the AMI efi i have an error offset is out of range.
I have attached: bios cleaned file, setup_extr.txt, and two images with the efi commands.
https://drive.google.com/open?id=1sVvUmB…bkoi6E6yj7nXISg
Thank you!

Lost_N_BIOS · February 13, 2019, 10:55am

Don’t reboot, control alt del after the setting is changed in grub, and you need to set 0x0 (If you were not already, unsure since you have 0x1 written above). If you need, later I can modify actual BIOS for you to reflash, with the setting enabled by default, then you can flash ME without messing around.

Maleabil · February 13, 2019, 11:15am

I did amisetupwriter 0x49 0x0
then control alt del
rebooted into efi shell
fpt - f outimage.bin
and the error 280… again
From what i notice, no matter if i press control alt del, or i type exit, or i press the power button, after restart the variable is back to 0x1 (enabled).
I would appreciate if you will look into actual BIOS but i have to get over the write protection first. And i have used all the "software" options.
If it was a regular computer it wolud be easy to buy and use the programmer but beeing a microsoft tablet it is a pain in the a… to take it apart.
Thank you!

plutomaniac · February 13, 2019, 10:49pm

We have no reason to care about “BIOS Lock” for the problem at hand. The option you actually need is “Me FW Image Re-Flash” and if that doesn’t work with both tools then you’ll have to resort to the other methods such as HMRFPO if you can open the tablet etc etc.

Maleabil · February 14, 2019, 8:00am

First of all, I want to thank to all the cool and wise guys that helped me. @plutomaniac , @Lost_N_BIOS thank you! You are cool, you are wise!
Now, back to my problem…It frickin’ woooooorked! I have now a full working bios on my surface pro 1.
@plutomaniac you gave me the entire solution in your first post. I just had to flash the ME region and my mistake was that I was trying to flash the entire BIOS. So I have used the AMI shell and just flashed the ME region with the efi version of FPT. I didn’t even needed to unlock something.
The hardest part was to wait for the 30 minutes to see if the tablet is not powering off. I have opened up youtube and played Pink Floyd for 1 hour and it didn’t shut down, so this is a happy end.
Thank you again for not giving up on me and reminding me in the post above that the problem is with the ME region.

Lost_N_BIOS · February 14, 2019, 12:54pm

@Maleabil - Great you got it! For anyone else here in the future, the setting needed changed here if you have FPT ME re-write issues is this one as plutomaiac mentioned above (Change to 0x1) >> Me FW Image Re-Flash, Variable: 0x242 0x1
*Edited to correct setting ^^

plutomaniac · February 14, 2019, 1:22pm

Maybe it is BIOS dependent so I could be wrong but it makes more sense for that option to be 0x0 by default (Disabled) so users should set it to 0x1 (Enabled) to enable Engine firmware re-flashing.

Lost_N_BIOS · February 14, 2019, 4:00pm

Thanks plutomaniac, I’ve been sleeping on the job again it seems You are correct, funny thing is I had it correct at the end, but not in the middle of my comment
I’ve edit my post for anyone looking later, thanks

Aditya · June 27, 2019, 10:28am

Hey, I had gotten a UEFI locked system from Microsoft and I have found out about this just after the warranty expired, The problem is that I am unable to turn off the Surface UEFI password and access the boot configuration lock (thankfully I have USB #1 on boot priority) so I can still boot from it, however secure boot is turned on causing all of my Windows and Ubuntu installations to fail. I really do not want to disassemble this computer, and I can’t afford another one. PLEASE HELP

aroinair · September 10, 2019, 8:11am

Hi Mate,
I have the Surface pro 2 and I am trying to make a fresh install. I don’t know what’s wrong but I tried to use the USB boot for the recovery drive created from MS website. It doesn’t force the USB boot if I follow the volume + power button procedure. Not sure if the volume buttom is working either. It just keeps coming back to the screenshot that I have attached. Not sure if the FW/bios is correct. Your support will be much appreciated.
Thanks in advance.

WhatsApp Image 2019-09-10 at 4.00.16 PM.jpeg