[Request] Gigabyte Aero 15 OLED BIOS unlocked

Hi @latorware , saw your name in the Gigabyte forums, I believe you too have the new Aero 15 Question for you, how do you move along the bytes and get to 0600 range? I tried Ctrl+page up/down but it doesn’t seem to do anything - I only see the first page starting with 0000 down to 00F0 - am I missing something?

20210503125409.jpg

Oh and for people looking to undervolt their 10th gen Intel CPUs, read this first:

https://www.reddit.com/r/XMG_gg/comments…_lake_10th_gen/

TLDR is that Comet Lake, apparently all 10th gen Comet Lake CPUs, do not undervolt well. About half as well as their 9th gen counterparts, sometimes less. There is very little info out there on the 10870h, but given that it’s a lower-binned 10875h I’d expect undervolting to be even harder than the 10875h experiments in that thread. I’ve finally been able to go a couple days with -74 core and -70 cache, -40 iGPU without running into shutdowns at idle or when closing the lid. Cinebench R23 giving me 9833 on the multi core test, which is almost 700 points higher than my initial pre-Throttlestop benchmarks. Temps still do run pretty high but they are not throttling nearly as often, and performance is nearly 10% better.

Just be careful undervolting these new 10th gen Aeros, maybe you’ll get lucky and get a high-binned CPU but most people aren’t.

Hi @renmod , yes you’te correct I have the new Aero 15 XC (rtx 3070). It’s strange that you cannot move with Ctrl+page up because I have not had any problem. Maybe it’s because your keyboard is not the english version and has some keys in different positions? (Ru receives inputs as if the keyboard is the english version) Maybe try plugging in an external keyboard. And by the way, just like you in my case Ru also takes only a small portion of my screen, but I think that’s because of our screens being 4k, and Ru software having a much lower resolution.

Hi friend, i wrote 0x01 to 0x00, but your is 0xA at 0x6DD offset so it’s wrong for you !!!
Don’t change 0x0A !!!

May be you have a Bios Password or Shift key set …

@latorware

For the Gigabyte Aero 17 HDR XC Bios version FB03

0x273F8 Form Set: Setup [7B59104A-C00D-4158-87FF-F04D6396A915], but you have to go into the largest "Setup"

with GUID - EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9 - !!!

0x4AAD3 One Of: BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x17, VarStore: 0x17, QuestionId: 0xC6A, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 CD 0B CE 0B 6A 0C 17 00 17 00 10 10 00 01 00}
0x4AAE4 Default: DefaultId: 0x0, Value (8 bit): 0x1 {5B 06 00 00 00 01}
0x4AAEA One Of Option: Disabled, Value (8 bit): 0x0 (default MFG) {09 07 04 00 20 00 00}
0x4AAF1 One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01}
0x4AAF8 End One Of {29 02}

0x3E552 One Of: Flash Protection Range Registers (FPRR), VarStoreInfo (VarOffset/VarName): 0x6DD, VarStore: 0x17, QuestionId: 0x75F, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 8B 12 8C 12 5F 07 17 00 DD 06 10 10 00 01 00}
0x3E563 One Of Option: Disabled, Value (8 bit): 0x0 (default) {09 07 04 00 30 00 00}
0x3E56A One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01}
0x3E571 Default: DefaultId: 0x0, Value (8 bit): 0x0 {5B 06 00 00 00 00}
0x3E577 End One Of {29 02}

So is you get 0x0A you are into different GUID … you have to find this one "EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9" = Setup

@BDMaster @latorware figured it out it was scrlLK button -had to press it once to enable :slight_smile: going to proceed with finding the correct places and checking what values are set per previous instructions

@BDMaster

per your instructions I was able to find these offsets

" Go to offset 0x6DD and change the 01 to 00 (This is at line 6D0 >> out to line 0D = 6DD) the default value at 6DD appears to be 0A instead of 01
Go to the offset 0x17 and change the 01 to 0x00 (This is at line 10 >> out to line 07 = 17)" default value looks correct here showing 01


I have not made any changes yet - took screenshots of each to show the default(factory) value to confirm these look correct before making any changes.

1.jpg

2.jpg

3.jpg

4.jpg

No there isn’t the right value 0x01 only for variable 0x17 = 0x01 then on 0x6DD = 0x0A is wrong so as i wrote before …
So is you get 0x0A you are into different GUID … you have to find this one “EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9” = Setup
You have to go into the largest “Setup” with GUID - EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9 - !!!
Let me know
Regards

@BDMaster

there is only one “setup” option in UEFI variable list ( see screenshot) - It appears to have the GUID you mention starting EC87D643-EBA4-4BB5 however the rest of the GUID is cutoff - is this not the correct UEFI variable? I don’t see any other setup other than SetupMode, SetupCpufeatures but these are clearly different - let me know if I am doing something wrong here


5.jpg

Ok we have to try using AMI SCEWin …
Please use this tool to get a vars backup then upload it for me …

https://www.mediafire.com/file/806rvhptz…SCEWin.rar/file

https://www.mediafire.com/file/ljgdjkor2…IN-NoWr.7z/file

Look into for commands and upload the result …
let me know

Here you go :

https://we.tl/t-wqavMCbFuJ

Regards

On RU shell try to find "PchSetup" GUID

0x27728 Var Store: 0x17[1772] (PchSetup) {24 1F F1 B7 70 45 E8 AD 43 49 8D C3 40 64 72 84 23 84 17 00 EC 06 50 63 68 53 65 74 75 70 00}

F1 B7 70 45 E8 AD 43 49 8D C3 40 64 72 84 23 84 >> F1B77045E8AD43498DC3406472842384 >> F1B77045-E8AD-4349-8DC3-406472842384

F1B77045-E8AD-4349- (little endian) 8DC3-406472842384 (big endian) >> 4570B7F1-ADE8-4943-8DC3-406472842384

GUID: 4570B7F1-ADE8-4943-8DC3-406472842384

Look under this one and let me know please !!!

There is this one to set too to 0x00 (Bios Guard) :

0x2A46D Setting: BIOS Guard, Variable: 0xDB {05 91 B4 04 B6 04 F3 00 11 00 DB 00 10 10 00 01 00}
0x2A47E Option: Disabled, Value: 0x0 {09 07 90 00 30 00 00}
0x2A485 Option: Enabled, Value: 0x1 {09 07 8F 00 00 00 01}
0x2A48C End of Options {29 02}

Change this one first, then reboot and change the ones above

BIOS Guard, VarStoreInfo (VarOffset/VarName): 0xDB << Located in CpuSetup - B08F97FF-E6E8-4193-A997-5E9E9B0ADB32

So these are the step :

1. Boot into RU Shell
2. Find GUID B08F97FF-E6E8-4193-A997-5E9E9B0ADB32 - CpuSetup
3. Change variable 0xDB from 0x01 to 0x00
4. Find GUID 4570B7F1-ADE8-4943-8DC3-406472842384 PchSetup
5. Change bariables Flash Protection Range Registers (FPRR) 0x6DD form 0x01 to 0x00 and BIOS Lock 0x17 from 0x01 to 0x00

then reboot and try to make a biosreg.bin file and reflash again to check the errors, if all is gone well you have bypassed the locks.

Commands to backup and reflash :

Fptw64.exe -d biosreg.bin -bios

Fptw64.exe -f biosreg.bin -bios

Then we can use AMI SCEWin too.

Make so ,

1. Hit ALT+C to expand the Config menu, then select UEFI variable.
2. Then go to PCHSetup (4570B7F1-ADE8-4943-8DC3-406472842384) via up/down arrow keys.
3. Then make change about the variables.
4. Then CTRL+W to save
5. Then ALT+Q to exit
6. Then reboot, go back into RU and check to be sure what you changed was saved.
7. Then FPT bios backup (like biosreg.bin) and send me the file.

Let me know
Regards

@BDMaster

per instructions I went to CPUSetup and PCHsetup and took screen shots of current factory values (no changes made yet) for variables 0xDB, 0x6DD, 0x17 - it appears DB and DD values are 00 - see screenshots 0x17 shows value 01 - let me know how else to proceed.

00DB.jpg

06DD.jpg


017.jpg

Ok you have to change only 0x17 set to 0x00 !

@BDMaster

Done! changed register 0x17 value from 0x01 → to 0x00 and wrote changes. Rebooted and confirmed value for 0x17 is now 0x00 - Rebooted and performed Fptw dump backup and flash, both appear to have executed successfully! (see screenshots below) let me know what’s next - appreciate all the help and effort @BDMaster

0x17.jpg

fptw-dump_and_flash-success.JPG

Yes , now make your bios mod and reflash it !
Let me know
Regards

@BDMaster

forgot to include the dump after making the change to 0x17 - see attached

biosreg.rar (5.96 MB)

Here you go :

https://www.mediafire.com/file/2za893opd…regmod.rar/file

let me know
Regards



parseFile: non-empty pad-file contents will be destroyed after volume modifications
patch: replaced 2 bytes at offset 503B0h 1727 → 1127
patch: replaced 2 bytes at offset 503D0h 1827 → 1227
patch: replaced 2 bytes at offset 503F0h 1927 → 1327
patch: replaced 2 bytes at offset 50430h 1B27 → 1627
patch: replaced 18 bytes at offset 50440h 4A10597B0DC0584187FFF04D6396A9151C27 → 000000000000000000000000000000000000
patch: replaced 2 bytes at offset 509A0h 1727 → 1127
patch: replaced 2 bytes at offset 509C8h 1827 → 1227
patch: replaced 2 bytes at offset 509F0h 1927 → 1327
patch: replaced 2 bytes at offset 50A40h 1B27 → 1627
patch: replaced 18 bytes at offset 50A58h 4A10597B0DC0584187FFF04D6396A9151C27 → 000000000000000000000000000000000000
Image patched

@BDMaster

worked flawlessly! Thank you for all your guidance and help! please provide me your paypal address so I can make a donation for all your efforts!

PXL_20210504_210540199.jpg