As usual when I get a new computer to play with I extract IFR tables to see what kind of options are hidden in the BIOS and it hasn’t failed until today.
I have an 8th gen NUC and used Intel tools to extract it (ftpw) then open it in UEFITool and search for something like CFG Lock and extract that table. When doing the same on the extracted BIOS the table extracts but it’s empty.
I read here that things might be double-packed or something? It goes above my skillset lol.
Is there any way to extract the tables properly? I’ve attached the BIOS extracted by ftpw to this post. It’s not a BIO downloaded but directly extracted from my board.
I’m looking for things like XMP and other stuff like that. Some tables do extract fine but lack the info I searched for. Example; in UEFITool XMP is found in 12270524-D586-42DE-A1D0-D88007EDAFA9 but in the extracted IFR there’s nothing to be found regarding XMP. Very confusing haha.
Another one is File_Application_UefiShellFileGuid_FullShell (7C04A583-9E3E-4F1C-AD65-E05268D0B4D1), it matches search and exports fine but when I use ifrextractor the resulting file is empty.
Thanks!
@stovorsen - Be VERY careful doing anything here, Boot Guard may be enabled at the PCH on this system, so you can only edit certain things not covered in Yellow, Cyan, or Red when BIOS is dropped into UEFITool NE 51 or above
You can check if Boot Guard is enabled at PCH or not (key burned info FPF fuse) by running this command with MEINFOWin.exe -verbose
Check end of report, look at Measured and Verified boo left/FPF side, if either says enabled then you can’t edit anything covered in color as mentioned above.
I can’t tell you what ME System tools package you need to use to run MEINFO from, since the attached file is a BIOS region only dump.
You’ll have to check your current ME FW version with HWINFO64 and then grab matching ME System Tools package from the ME or TXE thread
I assume you probably already have correct set though, since you are using FPT 
So run MEINFO from that same set 
Derp! 
BIOS settings are in the following GUID that you mentioned, and either IFR tool will generate full IFR from there
DPSDSetup - 12270524-D586-42DE-A1D0-D88007EDAFA9
The XMP thing is due to BIOS strings left in BIOS, they are in some base BIOS used to build this, but are not actual settings available in your BIOS, this is normal and common
@Lost_N_BIOS - Thanks for the insightful reply!
You’re right, I just checked and the thing is locked down;
2
3
Protect BIOS Environment Enabled Enabled Enabled # Disabled=0, Enabled=1
Measured Boot Enabled Enabled Enabled # Disabled=0, Enabled=1
Verified Boot Enabled Enabled Enabled # Disabled=0, Enabled=1
There are some jumpers to enable writing with the Intel tools but I don't think that unlocks anything else. I don't know what you meant with the colours though. Can those things be unlocked?
I know some of the 8th gen NUCs can have XMP profiles enabled in UEFI shell but maybe this Coffe Lake one can't. I know the Haydes Canyon can enable XMP profiles in UEFI shell. Was hoping the same would be possible here. Not a big deal if it isn't.
In HWiNFO there's a lot of stuff set to disabled or not supported. I don't know if I can assume that things disabled can be enabled;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Full Network Manageability: Disabled
Standard Network Manageability: Disabled
Manageability (AMT): Disabled
Small Business Advantage: Not Capable
MEI3: Not Capable
Intel Anti-Theft: Disabled
Capability Licensing Service: Enabled
Virtualization Engine: Disabled
Intel Sensor Hub (ISH): Disabled
ICC Over Clocking: Disabled
Protected Audio Video Path (PAVP): Enabled
Network Frame Forwarder (NFF): Not Capable
Remote PC Assist (RPAT): Enabled
IPV6: Disabled
KVM Remote Control: Disabled
Outbreak Containment Heuristic (OCH): Disabled
Dynamic Application Loader (DAL): Capable
Cipher Transport Layer (TLS): Disabled
Wireless LAN (WLAN): Disabled
Platform Trust Technology (PTT): Enabled
Near Field Communication (NFC): Disabled
[ME Firmware Platform Type]
Platform Target Usage Type: Mobile
SKU: Regular SKU
ME Firmware Image Type: Consumer SKU Firmware
Platform Brand: None
Host ME Region Flash Protection Override (HMRFPO) Status: Locked
Thanks for the DPSDSetup hint too, extracted it and it did give me something useful to check out. But like you said, things in there can't just changed without risk? I need to look up what these colours mean haha.
Thanks again!
Edit: Lol, I feel silly but I figured out what you meant with colours haha!
The area that contains the menu/settings, and NVRAM area too, are not covered by boot guard, so these can be reflashed via mod BIOS reflash or direct FPT reflash of those exact volumes
Colors, open this BIOS in UEFITool Ne version 51 or above and expand the BIOS tree, you will see colors, as you have in above image
Sorry, didn’t notice that image until I was near end of this sentence - so here’s my “I feel silly” in response to yours
Yes, this BIOS does not have XMP, so your hunt to enable XMP ends here. You will have to set things manually. I may be able to make all those settings visible to you in BIOS, so you can change directly.
Do you want to see about flashing in mod BIOS? If yes, do you want me to attempt a menu unlock for you? << If yes, to either of those, please send me images of the current BIOS (all main pages, put in a max compressed zip, thanks)
@Lost_N_BIOS
Thanks again! Do you think it would be possible to get the same effect with manual tuning as with the XMP profile? I got 2666 ram as it was the same price as 2400 so it would be cool if it can run a little bit faster.
I will be taking the screenshots as soon as I can. I think the bios has a screenshot function and there’s also ready some settings exposed for memory timings but they can’t be edited I think. I will check and make the screenshots.
Edit: Got the screenshots, there were only 16 pages in total. Hope these are what you needed.
bios screens.zip (1.28 MB)
@stovorsen - Yes, you can set all timings manually. Dump the SPD with taiphoon burner, then you can see all the subtimings too if you want. Or, you can just set the speed, and main 4 timings and CMD Rate to 1T then you should be all set.
What model is this, so I can keep everything in proper folder. Also, please link me to the stock BIOS download page (not the BIOS), thanks
Thanks for the images, I will see if I can unlock menus and hidden items for you, and any already visible but grayed out settings too (These I already know I can do for sure)
* Edit - Here, please test to confirm. This is single hidden setting reveal @ Cooling >> CPU Fan Header side (reveal >> Primary Temperature Sensor) << can you now see that?
If yes, great, I will go ahead and reveal the rest once you confirm changes are OK and show up. There really is not much hidden in this BIOS, at least on what I looked at so far in image 0-8, but I did stop looking at the setting above so we could test (this was first hidden setting I noticed from imate 0 up to 8)
https://ufile.io/ut80w9e5
I did look on in the images, to see what memory options you have. And I see on image 11, it looks like you can set all of the major/main timings there on right side sliders, and memory multiplier at top above those.
@Lost_N_BIOS - Thanks again, the temperature sensor stuff shows up when I select a fan profile. I run fanless so it wasn’t showing in my screenshots. My bad, should’ve checked better to make sure all options where listed on the pages. I think I made the same mistake on the performance settings. When you deselect the profiles you can manually set some timings about the turbo. Maybe there are more options like that on other pages. Intel hides some options until you either tick or untick something.
The Intel BIOS download page is here: https://downloadcenter.intel.com/product…C-Kit-NUC8i5BEK – The last bit is also the model. The BIOS is the same for all models in the NUC8xxBEx range.
Some of the memory settings are greyed out, like the multiplier. I will try your timing suggestion and edit this post, totally forgot doing that. I dumped the DPD of one of the ram slots, both have the same module. It would only let me save as .txt or their own format. I’ve attached the latter.
I did notice Intel has some kind of customisation tools for this BIOS, not sure if that would be of any help. You have to load some efi file and can change some stuff. It can change logo and some other stuff. Meant for integrators but maybe can be useful modding Intel BIOS that support this toolkit? Found it here: https://downloadcenter.intel.com/download/29345
Thanks for your tips and help!
Edit:
Went into the BIOS again, I can’t actually move any of the sliders even though they don’t look greyed out. The dropdown doesn’t work either, in fact I can’t change anything in that section lol. Intel is just trolling at this point, showin all these options in a way that implies you can edit them but not actually letting you change anything haha.
I’ve added another screenshot of the memory settings with the bottom options showing better and also the missing power settings options. Not sure if it helps but all options should be in the screenshots now.
Kingston KHX2666C15S4-8G DDR4-2666 with XMP.thp.zip (529 Bytes)
@stovorsen - Ahh yes, some stuff in many BIOS is hidden until you enable something else, and sorry I didn’t check that about my edit.
So, my test edit was kinda null point, but due to the way I edited it, that setting should now show up no matter what, even if no fan profile selected, did it?
Hmm, so what can you not edit again, while in BIOS I mean? The memory timings that have sliders? If yes, circle some stuff that is selectable, not grayed out, yet you still can’t change, in your images above.
@Lost_N_BIOS Thanks again and sorry for slow reply!
I didn’t flash the BIOS but I can try it and see if that sensor setting shows even when no fan profile is selected if that helps. I skipped on it cuz I messed up with the pages lol.
As for the memory timings, nothing can be changed thats visible in the images. It just shows all the sliders and boxes but nothing on there can be selected or changed. It feels like a troll, it shows all the options but nothing can be adjusted or even selected haha. I’ve tried every single slider and box, nothing will interact. It just shows the current settings with no means to adjust them. Funnily I haven’t found anyone else mentioning this or asking Intel why they included that page since nothing can be adjusted. Pretty sure they sold a lot of NUC 8th gens.
Do you still want me to flash the BIOS you made?
@stovorsen - You’re welcome! And no worries, I am always behind anyway too! 
Well, yes, you’d have to flash that BIOS I sent you if you wanted to do test edit and let me know if change applied properly Then, if anything actually hidden, I can enable for you.
Memory timings, I can make so you can change, I just didn’t do anything there yet due to waiting on you to test that BIOS to confirm the change I made showed, and originally from your images it looked like you could change timings so I didn’t even look more at those.
I just looked now, and I can make them ungray for you, memory ref multi and actual memory multiplier reveal too
@Lost_N_BIOS That sounds pretty good. Would be fun to try those timings and see if the memory can run a bit faster. I’ll be able to flash after the weekend.
So if I understand correctly, your BIOS mod just reveals the sensor source setting no matter which fan profile I select? The setting is only hidden when selecting the fanless profile now.
Inside the BIOS itself it also looks like they can be changed but you can’t do anything on that section, nothing at all. Thats why I keep saying it feels like Intel is trolling us by showing these settings lol. I’m tempted to sign up for the Intel forum and ask why they included the page if nothing can be changed, but maybe they will remove it which is not that I want haha.
It would be awesome if you can make those settings work. I’ll bump this on Monday or Tuesday when I can do some flashing. Thanks again!
@Lost_N_BIOS Finally weekend, tried to flash the test bios but it failed with error 163. I tried the motherboard jumper position in both normal and recovery mode which didn’t help. I tried finding bios lock stuff in the DPSDSetup ifr but can’t find anything relating to locks. I have a programmer but prefer not to remove the board form its case, it’s quite tricky to get it back in. Maybe the lock is somewhere else?
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
PS C:\IST\Flash Programming Tool\WIN64> .\FPTW64.exe -F biosM1.bin
Intel (R) Flash Programming Tool Version: 12.0.49.1536
Copyright (C) 2005 - 2019, Intel Corporation. All rights reserved.
Reading HSFSTS register... Flash Descriptor: Valid
--- Flash Devices Found ---
XM25QH128A ID:0x207018 Size: 16384KB (131072Kb)
Error 167: Protected Range Registers are currently set by BIOS, preventing flash access.
Please contact the target system BIOS vendor for an option to disable
Protected Range Registers.
FPT Operation Failed.
PS C:\IST\Flash Programming Tool\WIN64>
I can dump the bios just fine, but no writing for me... how would I go about unlocking this thing? I attached the IFR and also a chipsec report if thats useful.
Thanks again!
@stovorsen - Sorry for the late reply! In reply to #11 - Yes, my attempt test change would reveal that setting ALWAYS, unrelated to what or if you select anything.
The settings you can see but can’t change are simply “grayed out” this can be undone
For error 167, first try this. Put system to Sleep (S3, not hibernate) for one minute. Then wake it up and try again.
If that fails then due to no BIOS Lock SMI/SMM lock, or FPRR etc in settings, this is locked via module directly, so programmer will be only way
@Lost_N_BIOS Haha, no worries. No rush here. I tried the sleep method but it didn’t work, Intel also released a new version but the changes are minor. I will try with a programmer when I have some time to remove the board. I inspected the top and there’s nothing there and the bottom is mostly heatsink and fan. Would require a full disassembly lol. Will tag you again once I’ve flashed your modded bios. Thanks so far!
@stovorsen - If S3 sleep bug gets you past locks / error 167 so you can flash via FPT let me know, otherwise yeah you’ll have to tear it apart and use programmer.
You’re welcome!