[Help] Unlock/flash Advanced AMI Bios.

Hello everyone, first time posting here.

Gonna be honest here, I’m paranoid of bricking my motherboard. I’m hoping someone can confirm I did everything right/double check my work.

Here are the steps I’ve taken:
- I used UBU only for “AMI Setup IFR Extractor” which also extracted “body.bin”.

- I found the Advanced settings located in "Advanced settings,“One Of: Advanced settings, VarStoreInfo (VarOffset/VarName): 0x475, VarStore: 0x1, QuestionId: 0x55, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 3F 01 40 01 55 00 01 00 75 04 10 10 00 01 00}”.

- I used HXD on file “body.bin” to locate “05 91 3F 01 40 01 55 00 01 00 75 04 10 10 00 01 00” after finding it I changed the values after it from “09 07 04 00 30 00 00” to “09 07 03 00 00 00 01”.

- The newest UEFITool does NOT let me “replace body” so I used an older version that lets me replace body. (v.0.21.5).

- I located the PE32 image inside of UEFITool, right clicked>replace body> and replaced it with my modified “body.bin”.

- Saved UEFITool and saved the modded bios as “moddedbios.bin”.

Can someone please confirm I took the proper steps? I will also provide the original/modded bios for reference.

Extracted bios/modded bios- https://mega.nz/#!n9sgwK4A!vdWIg-h_yM5Zy…gOQDUZX7QYKsHQI
Motherboard details- https://support.hp.com/us-en/document/c06169524

@xlegacygt - Great on you for jumping in there [like

Don’t use UEFITool 21.5, it’s too old. Use version 25 (not 26)

What are you editing in the above bold edits? There is two settings after any given setting usually, what you describe as changing, but your edit does not look to be a proper edit.
You’re close though, but it’s not done correctly, I’ll show you below.

Checking BIOS now, will give you exact info/proper edit, for what I assume you are trying to do (since you did not mention this at all)
Here is the correct edit you need to make.

Original
One Of: Advanced settings, VarStoreInfo (VarOffset/VarName): 0x475, VarStore: 0x1, QuestionId: 0x55, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 3F 01 40 01 55 00 01 00 75 04 10 10 00 01 00}
One Of Option: Disabled, Value (8 bit): 0x0 (default) {09 07 04 00 30 00 00} “30” is the “Default” Indicator, so you only need to switch this
One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01}

Edit to (So two bytes changed only)
One Of: Advanced settings, VarStoreInfo (VarOffset/VarName): 0x475, VarStore: 0x1, QuestionId: 0x55, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 3F 01 40 01 55 00 01 00 75 04 10 10 00 01 00}
One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 00 00 00}
One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 30 00 01} << Default is now here, after switching the "30"

Editing BIOS is easy, flashing mod BIOS is not, so your major issue is yet to come. Do you have flash programmer?
If not, how do you think you can flash mod BIOS? Have you found method outlined somewhere for this model already?
I advise against using AFU here, which would likely fail anyway, but best thing to use here is Intel FPT or flash programmer. For Intel FPT you need to first dump BIOS region, then edit it, then flash it back if you can.
If you can’t, and get error, show me error, you may be able to get around it by disabling some locks using grub/setup_var, if not then you will need flash programmer.

Wow, I really almost butchered this!

My goal is to unlock the advanced menu and use FPT to flash.

I dumped the body again and properly edited the advanced settings like you mentioned above. Then I replaced the PE32 body with the modified one and saved the bios.

I was able to extract the bios region by running “FPTw.exe -bios -d biosreg.bin”.

Now the part that I am confused about is you mentioned modifying the bios region, what are we modifying here?

Thank you so much for the help. I attached the bios region file from command “FPTw.exe -bios -d biosreg.bin”.

Bios region download- https://mega.nz/#!C09jzSjb!nUl5-ZoMxW-Al…i0X5CKfK67Je2Tc

EDIT: AHHH, open the bios region with UEFI tool. I get it now. I was extracting the bios from HP’s installer.

-------------------------------

@Lost_N_BIOS here is the error I got.

"Error 167: Protected Range Registers are currently set by BIOS, preventing flash access.
Please contact the target system BIOS vendor for an option to disable
Protected Range Registers.

FPT Operation Failed."

EDIT:

I found this, but unsure of what to change or next steps to take.

“0x4AE1A One Of: BIOS Lock, VarStoreInfo (VarOffset/VarName): 0xB4C, VarStore: 0x1, QuestionId: 0xB93, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 93 0A 94 0A 93 0B 01 00 4C 0B 10 10 00 01 00}
0x4AE2B Default: DefaultId: 0x0, Value (8 bit): 0x1 {5B 06 00 00 00 01}
0x4AE31 One Of Option: Disabled, Value (8 bit): 0x0 (default MFG) {09 07 04 00 20 00 00}
0x4AE38 One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01}”

-------------------------

@Lost_N_BIOS I found your guide- [GUIDE] Grub Fix Intel FPT Error 280 or 368 - BIOS Lock Asus/Other Mod BIOS Flash

I was able to unlock it and flash my modded bios.

Bad news- bricked.
Good news- recovered.

No idea what went wrong with my edits.

@xlegacygt - BIOS region is just that, the BIOS region of the BIOS In your BIOS, there is FD (Flash Descriptor) Region, ME Region, and BIOS Region.

If/when you flash with FPT, you always and only want to first dump your BIOS region with FPT, then edit, then flash it back.
NEVER flash stock BIOS region extracted from anything stock exe or otherwise, or you will loose your board specific details such as serial, UUID, possibly LAN MAC ID etc.
And yes, generally and especially with OEM BIOS, you are going to have to unlock things (BIOS Lock, SMI Lock, PRR/FPRR Lock) using various methods first, before you can flash BIOS back with FPT

The error you have above is PRR/FPRR lock, sometimes that can be disabled with grub / setup_var, or other tools depending on BIOS type, we’d have to get into it first and see what method might work.
But in general this is the toughest one to beat, and is often not a BIOS setting but rather an actual module needs modified in the BIOS and programmed back to board before this is disabled, which you can’t do without a flash programmer like CH341A

What you’d need to disable would be these, and you may still get PRR/FPRR error 167 due to module needs edited rather than actual BIOS setting value
Flash Protection Range Registers (FPRR) >> 0x1206
BIOS Lock, VarStoreInfo (VarOffset/VarName) >> 0xB4C

Brick!! Ahh! Now you need flash programmer (CH341A) + SOIC8 test clip with cable, let me know if you need linked examples.
If you were able to unlock and then flash, then your BIOS only relied on that FPRR and BIOS lock setting (if you didn’t also disable FPRR, then not sure how you flashed)
Anyway, since you were able to flash, you got it unlocked, and that leaves only your modified BIOS as reason for brick. Upload your original FPT BIOS region dump + modified BIOS region dump in a single archive and I will check and see if I can see anything obviously wrong.
Please upload to some site other than Mega, dropbox, or box, I can’t download from those usually.

Ohh wait! I just noticed you recovered, good deal! How did you recover?

Hey thanks for the reply! I made sure to check if HP had a recovery method before messing around and created a recovery drive in case I bricked lol.

I was able to disable “BIOS Lock, VarStoreInfo (VarOffset/VarName) >> 0xB4C” with GRUB and that’s what allowed me to flash the file.

Do I still need to do something with “Flash Protection Range Registers (FPRR) >> 0x1206”? I never touched this section and the flash was fine. (Well, other then bricking).

Modded bios- https://drive.google.com/open?id=1BI7RHT…ViRO55d8zw2qsE5
Dumped region- https://drive.google.com/open?id=1o_MGWc…g3guPTkNP-_CiOS

--------------------------

@Lost_N_BIOS just to confirm, I dumped the region with FPT then used “UEFITool” to extract the PE32 body, then I edited the hex to enable the advanced settings.

I went back to “UEFITool” and replaced the PE32 body with the modded body then saved it as moddedbios.bin. <<<< That what I flashed.

Did I do this wrong?

@xlegacygt - Since you dumped BIOS and reflashed with FPT, no there is nothing else you need to disable. Is the above (post #5) “Dumped Region” after you disabled BIOS lock via grub? If yes, OK, wanted to be sure, since you already send me before/after mod files

Please zip files w/ max compression if we have a next time around

That may be broken BIOS, may brick the board, I would not flash it, due to padding file removed above microcodes.
This is due to however you edited the microcodes, which you didn’t mention doing

Did it brick? If not, then that that missing padding file may be OK on this model, at least it didn’t brick it anyway, however it still may cause failure of the proper microcode to load.
Check current in-use microcode version with HWINFO64 and confirm if it’s showing the new one in-use that you inserted

Great explanation. Thanks very much. I think it will be useful me once I have modded my bios.