Hello everyone,
I am using the HP Client Management tools to modify UEFI variables. I want to modify only 2 bytes in the CpuSetup UEFI variables whose GUID is B08F97FF-E6E8-4193-A997-5E9E9B0ADB32 so that I can turn off CFG Lock at 0x043 and Overclocking Lock at 0x10E so I can unlock full undervolting on my i7-14700HX cpu (YES IT IS AN HX PROCESSOR BUT HP PREVENTS YOU FROM UNDERVOLTING OR OVERCLOCKING IT LIKE WTTTFFFF, anyways).
Set-HPUEFIVariable -Namespace “{B08F97FF-E6E8-4193-A997-5E9E9B0ADB32}” -Name CpuSetup -Value $customValues -Verbose
I get the error:
Could not write UEFI variable: System.ComponentModel.Win32Exception (0x80004005): The media is write protected.
Does anyone know how to remove the write-protection on the CpuSetup variable?
The CpuSetup variable only has 3 attributes:
-VARIABLE_ATTRIBUTE_NON_VOLATILE = 0x00000001
-VARIABLE_ATTRIBUTE_BOOTSERVICE_ACCESS = 0x00000002
-VARIABLE_ATTRIBUTE_RUNTIME_ACCESS = 0x00000004
It definitely does NOT have the VARIABLE_ATTRIBUTE_AUTHENTICATED_WRITE_ACCESS attribute or the VARIABLE_ATTRIBUTE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute.
This means that the write-protection is applied in a different way. From the UEFI documentation I was able to find the following:
EFI_FILE_PROTOCOL_SetInfo():
“The SetInfo() function sets information of type InformationType on the requested file. Because a read-only file can be opened only in read-only mode, an InformationType of EFI_FILE_INFO_ID can be used with a read-only file because this method is the only one that can be used to convert a read-only file to a read-write file. In this circumstance, only the Attribute field of the EFI_FILE_INFO structure may be modified. One or more calls to SetInfo() to change the Attribute field are permitted before it is closed. The file attributes will be valid the next time the file is opened with Open().”
Or the write-protection is applied by EFI_MEMORY_RO since UEFI variables are not defined through files but some address in NVRAM
For context, the Omen Gaming Hub and the open source tool OmenMon CAN modify the CpuSetup UEFI variable through WMI calls when you apply the OGH undervolting. Unfortunately, this only allows us to modify the addresses 0x1E0 and 0x1E2 inside of CpuSetup (which correspond to Core Offset Voltage and Core Offset Voltage Prefix (+ or -) respectively). Thus the CpuSetup UEFI variable is DEFINITELY modifiable.
Please if anyone is a BIOS engineer, or has expertise in UEFI, their help would be much much appreciated.
Please help.
This problem can be solved in two possible ways:
1 - Removing write-protection from the CpuSetup variable.
2 - Exploiting WMI calls such as (ExecuteBiosWmiCommand()) to modify the values at addresses 0x043 and 0x10E, instead of 0x1E0 and 0x1E2.
After spending weeks on possible solution 2, I am starting to lose hope in it, so maybe possible solution 1 could be more promising.
Please if anyone has any insight or expertise help.
Thank you for reading this long question