[PROBLEM] Flashing a modded ASRock Z370 MB BIOS

@lordkag
"shut up and take my money…" :wink:
or perhaps: descripe me to your list. Means i am willing to help to get that restriction fixed.

@MDoehler
There are a few things to check before moving on:
- DO YOU UNDERSTAND THE RISKS INVOLDED? I write in all caps because it is a serious matter. Despite my best intentions and my research, things can very well go south and you might end up with an expensive brick. Remember that I patch a firmware flasher to ignore some safety/security measures.
- Do you have an ASRock Fatal1ty Z370 Professional Gaming i7 with the latest BIOS, which is 3.20 at the time of this post?
- Can you flash a modified image with Intel FPT or by any other method? We need a way to flash a patched Instant Flash module.

If we can proceed, these are the steps:
1. Flash the latest official unmodified BIOS from ASRock with Instant Flash. We need to rule out any bugs in the official firmware.
2. Dump your current BIOS with FPT using the command "fptw64 -D bios_full.bin" and also "fptw64 -BIOS -D bios_rgn.bin". Keep them safe, put them on some external flash storage.
3. Using the files from the point above and the attached archive, run the following commands: "UEFIPatch.exe bios_rgn.bin patches1.txt -o bios_rgn_p1.bin" and also "UEFIPatch.exe bios_full.bin patches1.txt -o Z37_p1_3.20".
4. Run the command "fptw64 -BIOS -F bios_rgn_p1.bin".
5. Shutdown the computer.
6. Enter Instant Flash and try to flash a modified image that previously gave you an error. Remember to apply the patch using "UEFIPatch.exe your_bios_file.bin patches1.txt -o your_bios_file_patched.bin"
7. If unsuccesful, repeat steps 3-6 while replacing patches1.txt with patches2.txt and bios_rgn_p1.bin with bios_rgn_p2.bin and also Z37_p1_3.20 with Z37_p2_3.20
8. If unsuccesful, repeat steps 3-6 while replacing patches1.txt with patches3.txt and bios_rgn_p1.bin with bios_rgn_p3.bin and also Z37_p1_3.20 with Z37_p3_3.20
9. Report the outcome. If all patches are unsuccesful, provide text and/or pictures of the messages that appear on screen during a normal Instant Flash and one during the security error.

ASRock_Test.rar (1.51 MB)

Any help with flashing a modded BIOS on an Intel s2600cp2j? I’m getting a security integrity check error during flash. I’m going the BIOS by booting into EFI shell.

For Intel you have to dump the BIOS with programmer, modify that, then program back with programmer.

@lordkag
I UNDERSTAND THE RISKS INVOLVED.
also i have latest unmodified BIOS 3.30 to flash
and YES i can flash un-/modified BIOS with FPT to the board.

I will try your steps the comming weekend and will let you know the results.
Also i have DUAL BIOS and flashprogrammer, if something went wrong. Also i have warranty on the board… so if it might brick, i will send back for RMA :wink:

If you have programmer RMA will never be needed for a bad BIOS flash related issue

Any solution for AMD platforms? FPT seems to be Intel specific.

Please post your exact board model so someone can check for you. You already tried running BIOS through UBU and saving without any edits and it wont flash?

ASRock X370 Professional Gaming.

I doubt it will. I guess there’s some kind of signature. It would also give a version error if the same version is attempted to be flashed.

@Mangix - you can’t just doubt, you have to try since that is the usual way to get around the signature. Only recently, and maybe only this board/chipset so far, UBU method does not work.

Open BIOS in UBU, let it scan, hit next, then hit zero to save as “Mod_BIOSName” then test that in flash (Rename to original name)

For the same version stuff, flash back to one older stock BIOS first, that should solve that issue.

In the end, if you cannot get it, I can help you do via FPT

Just to inform, my ASRock H370M-ITX/ac also gives "Secure flash check fail" error when trying to flash modded bios with Instant flash.

@twometres - did you run through UBU without edits, or with edits, and then save as mod_bios etc and try flashing? if yes, then your model is affected too and you will have to try lordkag’s fix.
Or, I can help you flash via FPT if you need? If you want to know how to do that, let me know and I will get your BIOS and show you the way
In general, this is the way, but if you need me to help you get all the needed specifics to use for that method I can do for you (Find ME version, so you get correct FPT to use, find what your BIOS needs efi file named to, and get you the BIOS and SMI lock variables.)


I took the latest official bios (H37MIA3.00) and updated microcode (no other edits) to it with UBU, saved as ‘mod_H37MIA3.00’, renamed back to ‘H37MIA3.00’ and tried to flash it and got that error. I just tried the same without any edits - and I got the secure flash check error also.

But currently I don´t need to flash any modded bios to my board because it officially supports only Windows 10 OS and it has microcode update (for Spectre vulnerability protection) available via windows update.

But I have 3 older systems running Win 7 or Win 8.1, which don´t, and that is the reason I found this UBU tool via google when looking for solution. Those 3 systems have Asus Maximus V Gene, Asus P8H77-i and Asrock Z77e-ITX mobos, and for all of them I updated the microcode with UBU (no other edits) and all 3 flashed without problems. Maximus via USB BIOS flashback, P8H77-i using Wishbringer´s AISuite method and Z77e-ITX with Instant flash. Then here:

[Guide] How to flash a modded AMI UEFI BIOS

was mentioned “Update 3: Beginning with Intel 300-Series chipset mainboards ASRock has changed their BIOS protection again…” so I just wanted to test if my H370M-ITX/ac is affected also, and it is. But I don´t really need to flash any modded bios to it right now.

Sounds like your board is affected too, at least now we know, so thanks for reporting and checking twice to confirm.
Surely someone will find quicker fix/solution to this soon like they did for the old version of Asrock protection, just have to wait until the right person runs up against it and they’ll solve for everyone

If you ever do need to flash in an modified BIOS for that board, I can show you how when it’s time.

I take it no one has taken the plunge to updating a Z390 Asrock board (specifically Phantom Gaming ITX-ac)? Keen to try the latest microcode which doesn’t appear to be available to OEMs yet (906EC - A2, it’s available via MCExtractor), Asrock are claiming A0 is the latest and I couldn’t seem to find ‘A2’ via Intel’s official site/debian microcodes.

Try method on page 2 @Shrib

Or you can use this method I made guide for, this does not matter about Asrock’s new security method - heed the red warning to use backup to modify/reflash, so you don’t loose system specific details
[GUIDE] Grub Fix Intel FPT Error 368 - BIOS Lock Asus/Other Mod BIOS Flash

@Lost_N_BIOS , can you repost the V11 and V12 mega.nz links for FPT? They both seem to be dead … I have a Aptio V bios and having issues flashing a modded (unlocked) BIOS due to the secure check fail issue. I tried running the older afudos utils (with /GAN option) with no luck at all, and running the afuwinx64 5.x w/ GAN support that was in your AFU zip just hangs the laptop. I wanted to see if it would be doable with FPT. I’m one of the users over at notebookreview that got the very popular Overpowered Walmart branded laptop (which is basically a TONGFANG GK5CN6Z). Thanks!

EDIT: I’m trying to work on a solution to unlock BIOS options as it’s very locked down out of the box. It seems to use a standard Aptio BIOS, nothing fancy like the ones from ASRock/Asus/etc.

@nimaim - sorry, they updated the versions, so old links for those get killed. I was not aware of this until recently, so I direct linked in the past, instead of linking to the actual thread the packages were linked in previously.
Here is the thread with all versions, in section “C” - Intel Management Engine: Drivers, Firmware & System Tools

If you use FPT, make a BIOS region backup first, and then redo your edits on that, then flash it back, that way you don’t loose any system details if stored in padding or NVRAM within the BIOS region.

If you need help modifying the BIOS please make a new thread, with all system details, and a link to the stock BIOS as well as a FTP dump of your BIOS region so I can edit that (FPTw.exe -bios -d biosreg.bin)
And, add some images in a zip of all your BIOS pages so I can see what is visible vs what’s hidden.

@lordkag - did you ever get any reports back of success on post #22 method? I’m trying to remove a similar inner security capsule on a non-Asrock BIOS, to allow flashing with the stock AFUWinGUIx64. The BIOS has AD944D418D99D247BFCD4E882241DE32 / 5A88641B-BBB9-4AA6-80F7-498AE407C31F 4KB capsule like Asrock
I’ve sent out a test BIOS with this sub-GUID body FF’d, but waiting on user report back before I know if outcome = success or not.

Here is two stock BIOS examples if you have time to take a look, and let me know if you think simply FF that body like old Asrock protection will work, or if new method would be required
Unlock BIOS menus/options in Overpowered OP-LP2 Aptio V5 BIOS (rebranded TONGFANG GK5CN6Z) (Attached at post #6)
https://www.dropbox.com/s/7s9fep6zg8ocee…1128-2.zip?dl=0

@SoniX - maybe you could have a look too, if time permits, and tell me if you think FF’d that body like old Asrock will be enough.
There is no built in BIOS flashing app, we’re being stopped by security error when trying to flash via AFUWinGIx64 included in the stock packages, with mod BIOS only.

Thanks!

Worked great on my ASRock Z390 Extreme4 P2.30. Modified with Ubu to update the CPU Microcode.
Thank you!

Scary what a tool can do with your BIOS in Windows.