Modding Asrock X470 BIOS, Secure Flash error

Title says it all really. I need to figure out how to disable or override the secure flash check. Googling has not given any results that are particularly useful or recent. Anyone know how to kill this bloody secure flash check?

Run BIOS through 1.69 or 1.7xx UBU and don’t make any changes, exit and save as mod_BIOS etc. That often removes the hidden capsule security. Also, here in Asrock section at end of Asrock, there is links to check and how to do it manually
[Guide] How to flash a modded AMI UEFI BIOS

Thanks I was starting to think some deep diving might have been needed. Maybe I’m being brain damaged here but when I open the firmware image in UEFITool it won’t let me save the file without making any changes the option is grayed out. The version of UBU I have is v1.7 RC8.

EDIT: Yup I’m pretty sure I was being brain damaged there went to the wrong menu. Just to check though; Action > Image > “extract as is”, right? Or should I just left-click on “UEFI image” and select “extract as is”?
EDIT2: If it helps heres a link to th 1.4 firmware I will be modding, doesn’t seem like UBU automatically removes the capsule and the couple attempts I’ve had so far didn’t work.…/index.asp#BIOS

@ket You’re welcome! I was surprised to see you asking easy one like this

Use regular UEFITool (not NE Alpha) -

Watch FIT table using UEFITool NE Alpha before and after modification in case you need to fix (You can either fix manually, or extract copy of fit before and then put back after, or use mcodefit to backup/restore)

On your edit #1, I am not sure what you are extracting? Let me check the BIOS itself, usually on newer Asrock you are not really extracting BIOS Body from capsule like first part of the guide, that’s why I mentioned end of the Asrock section.
It’s a fake/non-capsule capsule, fake as in not really encapsulating the BIOS like most capsules, it’s in the middle of the BIOS somewhere, you have to FF it or run through UBU. I’ll check the BIOS out and let you know what I see.

*Edit - yes, all you do is as I mentioned initially, open in UBU, let it scan, then do nothing except save/exit rename to Mod_BIOS (opt 1) and that has capsule removed.
Compare stock/MOD via hex you will see where it FF’s the 4KB capsule out and another 16bytes in other area too (unsure what that is?)



Alright, I’m doing this differently as for whatever reason I’m not getting the same results as you. I’ve located what I think is the AMI Aptio Capsule (GUID 5A88641B-BBB9-4AA6-80F7-498AE407C31F) and simply removed it, rebuilt the image and saved it. The file opens perfectly fine with AMIBCP and everything looks to be in tact but I don’t know if I can outright yank out what appears to be the secure flash check and leave it out. Just to make sure I’m not missing anything what do you mean when you say to let UBU scan? Is that something it does automatically when the file is opened?

Thanks , I know I’m being really dense here first time I’ve needed to remove protection in this way.

EDIT: Ok I realise what I’ve been doing wrong (I think) I’ve been doing everything with UEFITool when I just needed to run UBU.bat.

New error unless I’m missing something again, this time when using afuefix64 with the /p /b /n /k switches I get a 1d error “failed to load image into memory 0x00FF8800 (99%)”. I’ll investigate with UEFITool and report back if I find anything.

@ket :
You don’t need to use the AFU tools, if you want to flash a modded ASRock UEFI BIOS.
This is the easiest and safest way:
1. Let the UBU tool remove the capsuled security feature.
2. Rename the modded BIOS to the original one (incl. extension).
3. Flash the BIOS from within the BIOS by using the ASRock in-box Flash tool.

Yes, sorry, all you need to do is run the UBU batch file and save without making any actual change choices, but still save as mod-BIOS. Then as Fernando mentioned, rename to stock and flash within the BIOS.
Sounds like you got the file now, if you still don’t get it let me know I will upload. On your pre-edit, I am not sure removing the capsule will work, thus the method to FF out both locations instead is used. But sounds like you got it with UBU, if not I will upload.

Yep I have the file now. I might have to resort to extracting the asrock setup though in oder to add some options that are still present in the firmware but asrock haven’t bought forward in to their setup, or at least it doesn’t look like the options that would be useful to have will show up if I simply set them to “User”, but we shall see.

Thanks, I’ll try that. Lets just say the X470 firmware could do with some extra options and tweaks :wink: Asrock have built the firmware in a pretty weird way though, the best way I can think of to describe it is the default structure is there but has then been built on top of. Its weird, never seen an X370 or X470 firmware yet built in this way.

I knew you would be tweaking once you got the flash sorted out! Is this your new main system? If so, the Gigabyte guys will be sad to see you slowly leaving them in the dust

The idea was to have it as a main system but thats not going to work for me now Asrock made the rather dubious decision to use a Intersil 95712 voltage regulator which is only capable of addressing up to 4 phases at any one time… on a board that has 12 phases . To add insult to injury the 95712 as far as I can tell would / does support CPU LLC and the intersil documentation even outright suggests it does not recommend integrating the controller without LLC yet initially Asrock had not put any LLC options in the firmware I had some rather frank discussions with some of my Asrock contacts about it and while they agreed mostly with what I said and would push through what they could they do not have ultimate final say. Due to that a fair few LLC options have got added with firmware 1.4 but not the one that really counts - CPU LLC. Without CPU LLC I can’t even run my 1700 @ 3.85GHz without having to increase voltage to 1.4v (I only need 1.32v with LLC) because vdroop is absolutely horrible dipping as low as 1.31v even with a BIOS setting of 1.4v. Perhaps I’ll be surprised and the next firmware release will add CPU LLC but to say I’m slightly miffed about the dubious choice of voltage regulator and no CPU LLC options at all would be a rather large understantement. The money Asrock expect people to spend on this board there is simply no excuses for not having CPU LLC particularly as the Asus X470 Prime Pro and MSI Gaming Pro Carbon do and they are not only right around the price of the Fatal1ty they also offer quite a bit more value for money.

I won’t give up on the GB boards, I’ll still churn out some updates when needed but examining the F23 firmware the boards finally look to be in decent shape if you are using the modded firmware I make. Without the modded firmware the boards certainly are not anything that would appeal to any enthusiast - stripped of any and all usedful options, far, far, too basic.

That’s terrible design flaw, what the heck! Of course, not all 12 will be used always, but more than 4 at a time would be used often, even with switching happening. So you can’t even add LLC via mod then sounds like? How can any manufacturer not have LLC these days, especially when it’s not a budget/OEM model board.

Your Gigabyte BIOS fans will be happy to know you plan to keep up from time to time, I know they all looked sad there for a while when you said you wasn’t going to do anymore

Indeed. I outright told my contacts that the intersil controller should support LLC and there is really no reason why the board should be missing CPU LLC options. I might give my contacts a bit of a prod about the issue and see what they say as theres a possible bug related to CLDO_VDDP I need to tell them about anyway. In more positive news I’ve been testing a performance modified version of firmware 1.4 on the board (I think we all knew this was coming :stuck_out_tongue: ) and thus far the performance mods I made to the firmware look good 1715pts in Cinebench R15 @ 3.85GHz with 3200 CL15 memory. By comparison the vanilla 1.4 firmware @ 3.84GHz (because spread spectrum) and 3466 CL16 memory can only muster 1718pts quite looking forward to smashing that barrier when I ramp memory speed back up :wink:

Thanks, I’ll try that.

Ok, but did you finally succeed that way?
If not, how did you do it?

@Fernando :
I did indeed succeed with that method thats how I’m now able to test a performance optimised version of firmware 1.4 :wink: Initially it was a little odd as a blank box popped up which after hitting the return key the flash went ahead. On subsequent flashes as I made more under the hood changes that blank box didn’t pop up so not sure what that was about. A note for people though; You can’t flash the same version of a firmware you are already running through the instant update utility you have to downgrade to an older version first.

I bet there is some setting to change to allow flash same version, but I’m sure you can find that if so I didn’t really notice until you mentioned that you did performance related modifications too, I thought it was mainly unlocking options but I guess I can see how could help performance sometimes too.

Theres always performance or theoretical compatibility changes that can be made it is strange that manufacturers don’t do them from the outset. For example disabling spread spectrum, enabling timer tick tracking and the inter-integrated circuits, etc. All options to help with performance and on paper at least compatibility but these are all options you won’t find accessible in many firmwares let alone configured. Usually I can expose these options but the way Asrock have built their firmware it is not possible to do so without some pretty heavy modifications to their setup which they have dumped on top of AMDs default structure. How far I mod the firmware pretty much entirely lays with if I think theres enough to eek out of the board to make the time investment worthwhile and at the moment that conclusion isn’t looking so good.

You know their answer is always, for better wide-range compatibility, which means easier/less testing for them

lol yep irony is the changes and testing I do are universal optimisations that benefit everyone :stuck_out_tongue:

Everyone is so lucky you are willing to spend all the time for these kind of major/massive changes!