Hi.
Is there a way to un-hide BIOS options that doesn’t require a GUI?
I wrote some Makefiles and Bash scripts to automate the modding of my bios file (download latest bios, un-cap, change logo, change mac/sn, update microcode, un-hide options, compile custom SMBiosStaticData with FASM). I might release it here when I’m done.
Mainboard: ASUS Z170-A
BIOS: 3802
@C_con_con - Yes, I do almost all menu reveals without any GUI tool, other than use of UEFITool to rebuild BIOS. All BIOS are very different in this regard though, so there’s no way you can make a script for this
For most hidden “Settings” in a menu you can already see, you need to unsuppress the item in setup PE32 module, and sometimes on top of that you may need to change access level via AMITSE/SetupData edit to User or Super (like AMIBCP does)
Here is a random unsupress edit or two for the board you mentioned above, setting examples here may already be viable to you, this is just grabbed random example to show you how to unsuppress 
And, some of these edits may not be exactly same way to do it on all/other BIOS, variable to change may be in different position
Before >>
Suppress If {0A 82}
True {46 02} << Change to 47 02 = False
One Of: High Precision Timer, VarStoreInfo (VarOffset/VarName): 0x8C7, VarStore: 0x1, QuestionId: 0x49A, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 E1 07 E2 07 9A 04 01 00 C7 08 10 10 00 01 00}
Suppress If {0A 82}
QuestionId: 0xACA equals value 0x0 {12 06 CA 0A 00 00} << Change to FF
Ref: PCH-FW Configuration, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x1C1, FormId: 0x279F {0F 0F 02 10 03 10 C1 01 00 00 FF FF 00 9F 27}
Suppress If {0A 82}
QuestionId: 0xE40 equals value 0x1 {12 86 40 0E 01 00} << Change to FF
Not {17 02}
QuestionId: 0xE40 equals value 0x5 {12 06 40 0E 05 00} << Change to FF
Not {17 02}
And {15 02}
End {29 02}
Ref: Platform Settings, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x1C3, FormId: 0x27A8 {0F 0F 5E 12 5F 12 C3 01 00 00 FF FF 00 A8 27}
Suppress If {0A 82}
QuestionId: 0x2965 equals value in list (0x0, 0x1, 0x2) {14 0C 65 29 03 00 00 00 01 00 02 00} << Change to FF, or other random value that you know it would not be, such as 33, 66, 99 etc
String: - Additional Turbo Mode CPU Core Voltage, VarStoreInfo (VarOffset/VarName): 0x313, VarStore: 0x35, QuestionId: 0x2969, MinSize: 0x , MaxSize: 0x {1C 90 0A 1B 0B 1B 69 29 35 00 13 03 14 00 14 00}
After edit then new IFR output will = below >>
Suppress If {0A 82}
False {47 02}
One Of: High Precision Timer, VarStoreInfo (VarOffset/VarName): 0x8C7, VarStore: 0x1, QuestionId: 0x49A, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 E1 07 E2 07 9A 04 01 00 C7 08 10 10 00 01 00}
Suppress If {0A 82}
QuestionId: 0xACA equals value 0xFF {12 06 CA 0A FF 00}
Ref: PCH-FW Configuration, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x1C1, FormId: 0x279F {0F 0F 02 10 03 10 C1 01 00 00 FF FF 00 9F 27}
Suppress If {0A 82}
QuestionId: 0xE40 equals value 0xFF {12 86 40 0E FF 00}
Not {17 02}
QuestionId: 0xE40 equals value 0xFF {12 06 40 0E FF 00}
Not {17 02}
And {15 02}
End {29 02}
Ref: Platform Settings, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x1C3, FormId: 0x27A8 {0F 0F 5E 12 5F 12 C3 01 00 00 FF FF 00 A8 27}
Suppress If {0A 82}
QuestionId: 0x2965 equals value in list (0xFF, 0xFF, 0xFF) {14 0C 65 29 03 00 FF 00 FF 00 FF 00}
String: - Additional Turbo Mode CPU Core Voltage, VarStoreInfo (VarOffset/VarName): 0x313, VarStore: 0x35, QuestionId: 0x2969, MinSize: 0x , MaxSize: 0x {1C 90 0A 1B 0B 1B 69 29 35 00 13 03 14 00 14 00}
Here’s some random related edit info/links, to stuff I’ve posted around the forum
Magic String shown/explained a little bit (Magic string often before > EE 2E 20 71 53 5F D9 40 AB 3D 9E 0C 26 D9 66 57) << This mainly Aptio IV
[Request] How to Access Locked/Hidden BIOS Menu Settings (16)
Also here, shorter - [Request] How to Access Locked/Hidden BIOS Menu Settings (12)
Overpowered - AMITSE (Aptio V) unlock guide - see spoiler, simple edit (does not cover all possible Aptio V “things”) << This is about unlocking main menu sections, some need more areas edited than this show, some less, this is just general how-to that applies to many APTIO V at a basic level
OverPowered TONGFANG CyberPower Machrevo MACHENIKE - Unlocked BIOS Guide W/ Files
AMITSE/SetupData Edit When AMIBCP Doesn’t open BIOS (See last part of post) (Setup edit info there too) << Here, at end of post, see last section + image - this shows you how to edit AMITSE/SetupData to manually change Access Level like AMIBCP does
[Request]Maximus XI Hero - Unlock AMIBCP
NVRAM edit explained - Determine configurable aperture size from BIOS file
Setup and NVRAM editing here as well - [Request] Unlock advanced menu on 2019 Acer Predator Helios 300 PH315-52 (5)
I dislike that all(?) of the tools that can replace something in a uefi file do it rather "messy"?
In my project I use the BaseTools of EDK2 (mainly GenSec, GenFfs and LzmaCompress) to create a file which I can just "dd" into the original bios file (I use a lot of padding (0xFF) to get to the original file size, so it fits perfectly).
Example:
Diff of UEFITool report in Notepad++:
MMTool/UEFITool looks something like this:
My approach:
My project targets only "Z170-A-ASUS-3802.CAP" 
I’d like to stay away from altering executable files. I’d like to do what AMIBCP does.
Right now I use the changes that AMIBCP makes.
I’m wondering: Is there an open source tool which does what AMIBCP can do? If not then I think I might write one (or patch UEFITool? Dunno yet).
Is there a documentation of the AMITSE/SetupData format? AMIBCP uses Python to do its magic, right? I’ll take a look at that.
@C_con_con - It depends on what you are replacing, if volume needs rebased or not, then possibly yes, some other tool or method could be used instead of UEFITool
Either way is same “Mess” one way or another, you either have to pad/FF here/there, or change padding/free space at end and move everything up, adjust volume header size/checksum as needed etc.
AMIBCP cannot unsuppress item, so if changing Access Level in AMIBCP alone to User or Super in a test BIOS does not make the setting appear, then you will have to do as I outlined to unsuppress in the setup module, there is no way around that.
Some hidden settings yes, you can simple change Access Level and they will appear, some will not no matter what you do with AMIBCP, it depends on how they are suppressed.
AMIBCP Edits the following, for reasons mentioned
Setup PE32 - Only if you change textual name of item
AMITSE/SetupData - This holds Access Level Byte, and Fail-Safe/Optimal Values as outlined at above link
NVRAM (main/STD NV at top of BIOS, and internal NVRAM, inside Main DXE Volume >> “External Defaults”) - To change current/stock applied values
The only thing I know that does anything like AMIBCP is the manual methods I linked you to above, and this is what you asked for “Manual method/info” You can’t get anymore manual than direct hex edit
No, I don’t think AMIBCP uses Python for anything. And no, other than info I laid out in above linked editing stuff, I’ve never seen anyone, nor any documents, that describe AMITSE/SetupData contents
There may be some public leaked AMI BIOS documentation somewhere, but I’ve never seen such
I forgot one for you, or anyone reading later, on AMITSE/SetupData editing, but this is very involved menu edit not settings changes
Move (copy) a Menu (Aptio IV/V)
msi z97 pcmate unlocking advanced and chipset menu (2)
See also, non MSI, Aptio V example here - [OFFER] Gigabyte GA-Z370-Aorus Gaming 7 BIOS mod (16)
ALL the tools I tried were messy.
Is there a tool which does it "cleanly"?
Agreed.
I am just caring about what AMIBCP can do to my BIOS file.
Take a look at your "%TMP%"
@C_con_con - Ohh, you mean clean like AMIBCP does it 
Just kidding, but you know what I mean
UEFITool or MMTool is best way, both designed to work with BIOS files like these, whichever of those does it best in your eyes is the one I would use.
I personally use UEFITool 25.0 almost always, unless BIOS has some issue in which I need to use MMTool instead.
I don’t use AMIBCP either, except for rare cases when I want to rename some menu item, I do all changes manually via hex directly to modules described above.
Change Access Level or Fail-Save/Optimal defaults - Edit >> AMITSE/SetupData (BODY of RAW)
Change current applied defaults, and or edit ALL optimal defaults - Edit >> Above + Edit ALL NVRAM, main one at top of BIOS region, external defaults inside main DXE Volume (Not in this BIOS), and often in some BIOS there is shadow copy in last PEI Volume of BIOS that needs to be direct hex edited on the BIOS as a whole only
In your BIOS, if you wanted to edit ALL NVRAM copies, there is not normal shadow copy in PEI volume, but there is 2x “external defaults” in separate PEI volumes, those should be direct hex edited on the BIOS as a whole too
If you only want to change the current in-use default, edit main NVRAM at top of BIOS, to change Fail-Save/Optimal, edit AMITSE/SetupData Fail-Safe/Optimal bytes per the setting you want to change via it’s QuestionID (as shown at link above)
RE - Python/AMIBCP - Thanks, interesting to see, I never noticed! 
The only PE32 that AMIBCP edits is setup’s PE32, and it only edits that to rebase if you rename a menu item, otherwise all changes are in AMITSE/SetupData or NVRAM
So, provided you do not rename anything, or allow this as option in your program, then you should not have to edit any PE32’s
If you need someone to beta test for you as you get things going, let me know, I can test and have tons of boards here and can recover easily from crashed BIOS etc.
Thanks for the explanation!
Now things make more sense. I don’t see a need to write my own implementation of AMIBCP anymore…
By the way, there already is an AMIBCP clone, sort of: https://github.com/ADLINK/bios-utility
But they seem to artificially limit it to their own devices: "The utility is free to use but will only work on ADLINK enabled BIOS." …
It was easy to crack with a disassembler. To make bios-utility accept normal BIOS files simply search for the bytes (hexadecimal):
6A006A006874004200FF15F4D2410068202641006A036A108D4D9C51C745FCFFFFFFFFE87A7A000033C0
in a hex editor and replace each byte with (hexadecimal) 90 (90=NOP in x86 Assembler).
PS: Do you know if Intel FCE (Firmware Configuration Editor) and Intel FMMT (Firmware Module Management Tool) are compatible with the asus Z170-A bios?