[REQUEST] Gigabyte AORUS 17G XC BIOS Unlock ADVANCED BIOS

Hi all,

I Have a Gigabyte AORUS 17G XC and really want to access the hidden advanced pages of my BIOS. I really want to use Throttlestop to undervolt and lower my CPU temps slightly. I have followed the steps outlined in Lost_N_BIOS post that is on a few other threads and have attached the original and unlocked BIOS to this post. I unlocked using RU and pchsetup.

My laptop specs are as follows:

Gigabyte Aorus 17G XC
i7-10870H
RTX 3070

Hope someone can help?

Thanks

Dom

biosreg.part1.rar (5 MB)

biosreg.part2.rar (1.22 MB)

biosregnew.part1.rar (5 MB)

biosregnew.part2.rar (1.22 MB)

@ Dompsta1976

Here is modification of menu unlock for your machine ,try it and respond to the result.

On my knowledge , disable “CFG Lock” ,“Overclocking Lock” can active the throttlestop to do undervolt. (if it was asus laptops ,you also need to disable “OverClocking Feature”)
The bios path is Advanced >CPU - Power Management Control >CPU - Power Management Control >CPU Lock Configuration

Hi Genius239,

Your Mod worked perfectly and has unlocked my BIOS. Many thanks for this and i have also been able to use ThrottleStop to now undervolt my CPU :slight_smile: :slight_smile: :slight_smile:

One other thing if I may ask. Where do i go in my new BIOS options to enable D.O.C.P for my RAM?

Once again, many thanks for your help, its much appreciated :slight_smile:

@Dompsta1976

1. There is no D.O.C.P features in a intel platform ,only has X.M.P.

2. Two way you could tune the memory freq. First go into Advanced>OverClocking Performance Menu ,then enable "OverClocking Feature" to expand the complete oc menu then go into sub-menu Memory.
a)Look at option "Memory profile" and choose XMP profile1 or XMP profile2 to load xmp profile from memory spd.

b)Set "Memory profile" to custom profile then adjust memory freq manually. Options "Memory Reference Clock" and "Memory Ratio" are you need.
For example , set "Memory Ratio" to 11 ,then you will get memory freq with (133x11)x2= 2933mhz , set 12 will get (133x12)x2= 3200mhz

Of course if you understand memory timing ,you could also adjust other parameter as well.

Custom Memory Profile set to ‘12’ worked and now i have 3200MHz

Thanks so much for all your help :slight_smile:

@Dompsta1976

It’s great~

Hi friends,
You are talking about the replacing AMITSE Mod (without GUIDs lock lists) , I think …


BIOS v.FB03

0x27CDF Form: Setup, Form ID: 0x2710 {01 86 10 27 07 00}

All

0x27D41 Form: Main, FormId: 0x2711 {01 86 11 27 09 00}
0x28528 Form: Main, FormId: 0x2717 {01 86 17 27 09 00}
0x27E6D Form: Advanced, FormId: 0x2712 {01 86 12 27 1E 00}
0x287DD Form: Advanced, FormId: 0x2718 {01 86 18 27 1E 00}
0x28214 Form: Chipset, FormId: 0x2713 {01 86 13 27 1F 00}
0x358D4 Form: Chipset, FormId: 0x2719 {01 86 19 27 1F 00}
0x2823E Form: Security, FormId: 0x2714 {01 86 14 27 3B 00}
0x4DBD0 Form: Security, FormId: 0x271A {01 86 1A 27 3B 00}
0x28384 Form: Boot, FormId: 0x2715 {01 86 15 27 20 00}
0x4E100 Form: Boot, FormId: 0x271B {01 86 1B 27 20 00}
0x28476 Form: Save & Exit, FormId: 0x2716 {01 86 16 27 4E 00}
0x4E443 Form: Save & Exit, FormId: 0x271C {01 86 1C 27 4E 00}

Hidden

0x27CE5 Ref: Main, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x1, FormId: 0x2717 {0F 0F 09 00 02 00 01 00 00 00 FF FF 00 17 27}
0x27CF4 Ref: Advanced, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x2, FormId: 0x2718 {0F 0F 1E 00 02 00 02 00 00 00 FF FF 00 18 27}
0x27D03 Ref: Chipset, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x3, FormId: 0x2719 {0F 0F 1F 00 02 00 03 00 00 00 FF FF 00 19 27}
0x27D12 Ref: Security, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x4, FormId: 0x271A {0F 0F 3B 00 02 00 04 00 00 00 FF FF 00 1A 27}
0x27D21 Ref: Boot, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x5, FormId: 0x271B {0F 0F 20 00 02 00 05 00 00 00 FF FF 00 1B 27}
0x27D30 Ref: Save & Exit, VarStoreInfo (VarOffset/VarName): 0xFFFF, VarStore: 0x0, QuestionId: 0x6, FormId: 0x271C {0F 0F 4E 00 02 00 06 00 00 00 FF FF 00 1C 27}

Visibile

0x27D41 Form: Main, FormId: 0x2711 {01 86 11 27 09 00}
0x27E6D Form: Advanced, FormId: 0x2712 {01 86 12 27 1E 00}
0x28214 Form: Chipset, FormId: 0x2713 {01 86 13 27 1F 00}
0x2823E Form: Security, FormId: 0x2714 {01 86 14 27 3B 00}
0x28384 Form: Boot, FormId: 0x2715 {01 86 15 27 20 00}
0x28476 Form: Save & Exit, FormId: 0x2716 {01 86 16 27 4E 00}

To unlock these GUIDs use Swap Method (or can unlock all , removing from blocked list) :

Visible:
Form: Main, FormId: 0x2711 << swap 0x2717
Form: Advanced, FormId: 0x2712 << swap 0x2718
Form: Chipset, FormId: 0x2713 << swap 0x2719
Form: Security, FormId: 0x2714 << leave visible
Form: Boot, FormId: 0x2715 << leave visible
Form: Save & Exit, FormId: 0x2716 << swap 0x271C

Hidden:
Form: Main, FormId: 0x2717
Form: Advanced, FormId: 0x2718
Form: Chipset, FormId: 0x2719
Form: Security, FormId: 0x271A << leave hidden
Form: Boot, FormId: 0x271B << unblock
Form: Save & Exit, FormId: 0x271C



@0004FDA4 - Main List, all Used ID’s
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1A 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1B 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1C 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 11 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 12 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 13 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 14 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 15 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 16 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

@000500D4 - block list, short ID’s + footer
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1A 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1B 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1C 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

@000506AC - block list, long ID’s + footer
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1A 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1B 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1C 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

>>>> Actual Edits from above notes >>>>

To unlock these GUIDs use Swap Method :

Visible:
Form: Main, FormId: 0x2711 << swap 0x2717
Form: Advanced, FormId: 0x2712 << swap 0x2718
Form: Chipset, FormId: 0x2713 << swap 0x2719
Form: Security, FormId: 0x2714 << leave visible
Form: Boot, FormId: 0x2715 << leave visible
Form: Save & Exit, FormId: 0x2716 << swap 0x271C

Hidden:
Form: Main, FormId: 0x2717
Form: Advanced, FormId: 0x2718
Form: Chipset, FormId: 0x2719
Form: Security, FormId: 0x271A << leave hidden
Form: Boot, FormId: 0x271B << unblock
Form: Save & Exit, FormId: 0x271C

@000500D4 - block list, short ID’s + footer
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 11 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 12 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 13 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1A 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> Blocked
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1B 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 16 27 Swap
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> Unblocked
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

@000506D4 - block list, long ID’s + footer
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 11 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 12 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 13 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1A 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> Blocked
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1B 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 16 27 Swap
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> Unblocked
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

UEFI Patch (like You see it replace the bytes sequence)

parseFile: non-empty pad-file contents will be destroyed after volume modifications
patch: replaced 2 bytes at offset 50390h 1727 → 1127
patch: replaced 2 bytes at offset 503B0h 1827 → 1227
patch: replaced 2 bytes at offset 503D0h 1927 → 1327
patch: replaced 2 bytes at offset 50410h 1B27 → 1627
patch: replaced 18 bytes at offset 50420h 4A10597B0DC0584187FFF04D6396A9151C27 → 000000000000000000000000000000000000
patch: replaced 2 bytes at offset 50980h 1727 → 1127
patch: replaced 2 bytes at offset 509A8h 1827 → 1227
patch: replaced 2 bytes at offset 509D0h 1927 → 1327
patch: replaced 2 bytes at offset 50A20h 1B27 → 1627
patch: replaced 18 bytes at offset 50A38h 4A10597B0DC0584187FFF04D6396A9151C27 → 000000000000000000000000000000000000
Image patched

To Make Full Mod have to edit these Modules :

1. AMITSE PE32 = your main menu lock/unlocks

2. AMITSE/SetupData/SetupData = your AMIBCP Access Level changes

3. Setup PE32 = your AMIBCP textual menu name changes

-------------------------------------------------------------------------------------------------------------------------------------------

1. AMITSE PE32 = your main menu lock/unlocks (B1DA0ADF-4F77-4070-A88E-BFFE1C60529A)

2. AMITSE/SetupData/SetupData = your AMIBCP Access Level changes (FE612B72-203C-47B1-8560-A66D946EB371)

3. Setup PE32 = your AMIBCP textual menu name changes (899407D7-99FE-43D8-9A21-79EC328CAC21)

GUID B1DA0ADF-4F77-4070-A88E-BFFE1C60529A AMITSE

GUID 899407D7-99FE-43D8-9A21-79EC328CAC21 Setup

SubGUID FE612B72-203C-47B1-8560-A66D946EB371 SetupData

So You have to edit AMITSE Module B1DA0ADF-4F77-4070-A88E-BFFE1C60529A , extraxt it by UEFITool 0.25 or 0.28 , modify it by H&D hexeditor and then replace it again by UEFITool.
If You extract the module as is then replace as is , instead if extract as body then replace as body.

There are others methods to unlock Elements, as IFR Edit and Magic String (0000000000000101010101) , as can change position of elements into AMIBCP efitor …

Thamks to “Lost_N_BIOS” for all his patience and availability and ethical generousity to share and teach all his knowledgment, real Big Modder !!!

Here is the CodeRush Patch Tool to use for modify your own bios whitout nothing other, only this tool and a file txt patch, drag’n’drop on it your bios backup and you get your bios mod …

https://www.mediafire.com/file/deh6edme0…+Patch.rar/file

IT’S IMPORTANT TO USE YOUR OWN BIOS VERSION PATCH AS YOU RISK A BRICK !!!

This is a Guide to use RU shell to set variable to 0x00 :

0x4AB93 One Of: BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x17, VarStore: 0x17, QuestionId: 0xC6A, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 CD 0B CE 0B 6A 0C 17 00 17 00 10 10 00 01 00}
0x4ABA4 Default: DefaultId: 0x0, Value (8 bit): 0x1 {5B 06 00 00 00 01}
0x4ABAA One Of Option: Disabled, Value (8 bit): 0x0 (default MFG) {09 07 04 00 20 00 00}
0x4ABB1 One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01}

0x3E612 One Of: Flash Protection Range Registers (FPRR), VarStoreInfo (VarOffset/VarName): 0x6DD, VarStore: 0x17, QuestionId: 0x75F, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 8B 12 8C 12 5F 07 17 00 DD 06 10 10 00 01 00}
0x3E623 One Of Option: Disabled, Value (8 bit): 0x0 (default) {09 07 04 00 30 00 00}
0x3E62A One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01}
0x3E631 Default: DefaultId: 0x0, Value (8 bit): 0x0 {5B 06 00 00 00 00}

So to remove Flashing Locks you have to change the VSS/NVRAM variables value changing that from 0x01 to 0x00, you can do by RU Shell.
Variables to change are from EFI IRF txt .

What you need to change is the following >> BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x6DD and 0x17

Setup [7B59104A-C00D-4158-87FF-F04D6396A915]

BIOS Lock, 0x17
Flash Protection Range Registers (FPRR), 0x6DD

Go to offset 0x6DD and change the 01 to 00 (This is at line 6D0 >> out to line 0D = 6DD)
Go to the offset 0x17 and change the 01 to 0x00 (This is at line 10 >> out to line 07 = 17)

Some Guides to make that :

http://forum.notebookreview.com/threads/…-issues.812372/

https://nstarke.github.io/0037-modifying…ing-ru-efi.html

https://www.instructables.com/Lenovo-Y70…Me-Gen3-Speeds/

[GUIDE] Grub Fix Intel FPT Error 280 or 368 - BIOS Lock Asus/Other Mod BIOS Flash

[Help needed] Hidden Advanced menu Bios HP Z1 J52_0274.BIN (2)

[Request] Gigabyte Aero 15 OLED BIOS unlocked (8)

In secure boot options, disable legacy boot (Or enable UEFI USB Boot), and set USB as first device, then reboot to it and it should load the EFI Shell.
(Don’t rename the bootx64.efi), did you disable secure boot, or switch to legacy mode?
Also, make sure you disable any BIOS password or bitlocker etc, before you try to boot from USB.

After that, you can backup your bios and use a patch posted above.
If you are not sure I will make for you , write me !!!

P.S. these variables are differents into bios versions and can be to 0x1202 or 0x1207 - 00xB48 or 0xBDD, so it’s important extract the EFI IFR and search the
names “Bios lock” and “FPRR” to be sure on offset hex address of them …

How did you reflash and dump?

First you need to know your Intel ME FW type, then you can download the matching package of tools for that version here, inside you will find Firmware Engine Tool (FITc, I assume this is what you mean) Intel Management Engine: Drivers, Firmware & System Tools :

Intel (Converged Security) Management Engine: Drivers, Firmware and Tools

To find your ME FW version, first look on BIOS Main page, sometimes it’s shown there.
If not, download HWINFO64 tool :

https://www.hwinfo.com/download/

Once HWINFO is open, look at the large window on the left side, expand motherboard, and find the ME area , then go to the link above and find
the matching package of tools CSME) to get your Fpt tool and backup your bios (reflash too).
Regards