[Problem] Mod ASUS G20CB Bios to support 7th Gen I7

BIOS/UEFI Modding BIOS Modding Guides and Problems
41

@Lost_N_BIOS :

everything installed, but unfortunately unlicensed. Thought there is a Windows10 License in UEFI. Every tool I tried gives me an empty key.

There are currently updates running, but until now there was no BIOS update. -> after Update and Reboot still 2101

I ran MEinfo on that board again, here are the results:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 

 
Intel(R) ME code versions:
 
BIOS Version                                 2101
MEBx Version                                 0.0.0.0000
GbE Version                                  0.7
Vendor ID                                    8086
PCH Version                                  31
FW Version                                   11.6.26.1246 H
Security Version (SVN)                       1
LMS Version                                  Not Available
MEI Driver Version                           11.0.5.1189
Wireless Hardware Version                    Not Available
Wireless Driver Version                      Not Available
 
FW Capabilities                              0x31111140
 
        Intel(R) Capability Licensing Service - PRESENT/ENABLED
        Protect Audio Video Path - PRESENT/ENABLED
        Intel(R) Dynamic Application Loader - PRESENT/ENABLED
        Intel(R) Platform Trust Technology - PRESENT/ENABLED
 
Re-key needed                                False
Platform is re-key capable                   True
TLS                                          Disabled
Last ME reset reason                         Firmware reset
Local FWUpdate                               Enabled
BIOS Config Lock                             Enabled
GbE Config Lock                              Enabled
Host Read Access to ME                       Enabled
Host Write Access to ME                      Enabled
Host Read Access to EC                       Enabled
Host Write Access to EC                      Enabled
SPI Flash ID 1                               EF4018
SPI Flash ID 2                               Unknown
BIOS boot State                              Post Boot
OEM ID                                       00000000-0000-0000-0000-000000000000
Capability Licensing Service                 Enabled
OEM Tag                                      0x00000000
Slot 1 Board Manufacturer                    0x00000000
Slot 2 System Assembler                      0x00000000
Slot 3 Reserved                              0x00000000
M3 Autotest                                  Disabled
C-link Status                                Disabled
Independent Firmware Recovery                Disabled
EPID Group ID                                0xF91
LSPCON Ports                                 None
5K Ports                                     None
OEM Public Key Hash FPF                      0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME                       0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF                                  0x0
KM SVN FPF                                   0x0
BSMM SVN FPF                                 0x0
GuC Encryption Key FPF                       0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME                        0000000000000000000000000000000000000000000000000000000000000000
 
                                             FPF                      ME
                                             ---                      --
Force Boot Guard ACM                         Disabled                 Disabled
Protect BIOS Environment                     Disabled                 Disabled
CPU Debugging                                Enabled                  Enabled
BSP Initialization                           Enabled                  Enabled
Measured Boot                                Disabled                 Disabled
Verified Boot                                Disabled                 Disabled
Key Manifest ID                              0x0                      0x0
Enforcement Policy                           0x0                      0x0
PTT                                          Enabled                  Enabled
EK Revoke State                              Revoked
PTT RTC Clear Detection FPF                  0x0
 


Is that looking good???
42

ME looks good!

You mean MSDM key for windows? If there is on tied to that board, you will need to program back in the original BIOS backup you have, then check
Here’s a few ways to check
https://itsolutionsblog.net/3-ways-to-ex…-8-product-key/

43

I know that tools to check MSDM. Already checked the original chip. There is no MSDM table.


Just for question. Additionally I saved some data from the bios. There are 4 Files (dbx, db, KEK and PK). Do that files have anything to do with MSDM? Opened them in a hexeditor, some strings are containing "Microsoft blabla…", and some binary data.

44

I don’t think you can see it that way until you boot windows with it, that’s why I said flash it to check, then look with RWEeverything.
I am unsure about those files, and MSDM, sorry I don’t know a lot about checking for that.

45

Read a bit about that issue. That files are only related to secure boot and what efi files are allowed to boot, or something like that.

This site “The Meaning of all the UEFI Keys” describes in short what all the files stand for.

As I understand, that has nothing to do with MSDM

46

Not sure what you’re referring to there about EFI booting? I was talking about, and thought you were talking about trying to get original windows key from stock BIOS that was included on the board.
It’s in the ACPI section of the BIOS most of the time, but not always. Only way I know how to read/convert that is by booting into windows and checking with RWEverything where it’s shown in human readable form
Even when it’s not in same section as those guides, you’ll still find it w/ RWEverything or other key finders

47

Checked the original bios for a valid key. For this type of board, and maybe similar boards from asus (or other mfs), a key should be findable in the padding (same as VBIOS). But for this board at the address where it should be, there is no key.

Doesn´t matter, I have a valid key.


EDIT: Inserted the key region from my second defective Board in the PADDING of my new BIOS, reflashed it and Windows is now activated . That was easy. RWeverything is now showing the MSDM Table too.


Now I am waiting for 2202. Still nothing arrived.

48

I wonder if we need to change the SKU when editing the ME for this? I don’t think I did that, did you?
Some of the other threads on similar, using coffee lake 6 core CPU’s on older boards, they had to change the SKU in FIT to X370 or Z370 instead of Z170 etc

49

The SKU? Against what? Corporate?

I will read that threads to find out more details.

The pinout of both CPU´s are identical. No differences, nothing.

50

@Lost_N_BIOS :

read something about CpuInitDxe. Should I give that a try?

51

SKU Change is done when cleaning ME, it’s at those two top sections by the menu bar. Look in FIT, drag in a SPI dump or ME region and you’ll see what I mean.

What did you read about CPUInitDXE? Any and everything is worth a try here, since you have a programmer all you need is time to try it all until you find the answer!

52

Yeah, read that. Since I have a cleaned ME, a change should be easy.

Someone changed CPUInitDXE with one that works with CoffeeLake and it booted. I changed it with the successor-board (G20CI) but it failed for Kabylake and Skylake

53

Tried several things. Board with Kabylake is still not booting.

I am now at ME 11.8.50.3470. Skylake boots, Kabylake does not.

Is it possible to lock out a next Gen CPU by the 4 UEFI key files (dbx, db, KEK and PK)???

54

Newsupdate:

my Kabylake is now successfully tested in another board (a MSI Board with B150 PCH).

There must be something in the BIOS or on the board, that is preventing the boot process.

55

Do you know of other instances when this did work by modifications? I mean, on other normal mainstream type desktop motherboards, by user modifications before the manufacturers got around to updating?
If yes, can you show me the threads? Maybe we can figure out by looking at those instances BIOS used.

56

@Lost_N_BIOS :

I made a significant progress!

I took the CAP File of the successor board G20CI (H270, supporting KBL), deleted the first 2kB, changed PCH to H170 using FIT and checked every setting. Used GbE and VBIOS from my BIOS, and…


KabyLake BOOOOOOOTS!!!

RAM is running at 2400MHz

The board is entering BIOS showing the contents via PCIe GPU.

but there are some issues. Of course.

- OnBoard HDMI does not work
- Temperature Reading of CPU is wrong
- maybe some more… have to be discovered



So… I think, ASUS built in something in their BIOS region, that is actually blocking KBL with G20CB BIOS, or something is missing.

57

Awesome progress, and great find! I suspected something was missing in BIOS, more-so with the way that board is laid out physically

I assume it probably needs PCIE patched, we’ll have to look at the PCIE patcher and get the dev ID’s from your board with the other CPU installed.
On the CPU temps, that could possibly be laid out in the ME strap area, or some other setting in the ME. Did you use a older settings transferred ME or just change that SKU with ME that was already in there? If not, try that next.

Congrats on major progress!!!

58

Cool . Is it 7700k ? Boot into windows ok?

59

I left the ME there as is, just changed the settings.

OnBoard HDMI may not work because of the wrong padding layout, but not for sure.

I will try several things today. Lets see what happens.

Currently it is a 7700, but I got a 7700k. That will be the final cpu, i want to get to work with that board.

@jacky400 : I avoided to boot to windows in that state. But of course, that’s scheduled.

I let you know my results today.

60

If it’s not in your list of “To try” already - I’d try copy over original or at least updated ME to the version I mentioned when the original boards all changed over to Ivy compatible (11.6.10.1196). This way you rule that out.

It’s too bad we don’t have vBIOS editor like FIT so we could copy over settings visually in vBIOS and GOP! Then you could compare vBIOS from this updated version vs your current older one, that’s possibly key to the HDMI issue.
Or PCI needs patched, similar to coffee lake on kaby lake boards. You’d think that should already be done in the BIOS for the updated version though, but maybe not exact same layout locations for your board ID’s or something, or some damn setting we can’t see properly in the vBIOS is different.

Good luck in your testing!

We still need to find that new BIOS somehow!