Good evening,
I have a problem how do I activate the Extended BIOS settings with the following software, AMIBCP5,UEFITool,MMTool
Does one know how to unlock an MSR?
AMI Setup - IFR version —> BIOS Lock VarOffset - 0xB0
UEFI BIOS Updater UBU v1.70.rc20.1
Scanning BIOS X555LBAS.603. Please wait…
BIOS platform - AMI Aptio V
BIOS version - X555LB.603
Manufacturer - ASUSTeK COMPUTER INC.
Model - X555LB
BIOSLock_str.txt (28 Bytes)
setup_extr.txt (721 KB)
X555LB-BIOS.zip (2.35 MB)
@M4rc0 - What MSR and why do you need unlocked (Do you mean for MAC/OSX - MSR 0x2E/CFG Lock?) Your model name is X555LB not XL555LB, confusing title 
If you did mean MSR 0x2E for MAX/OSX, that is at Advanced >> CPU Config >> CFG Lock - Set to disabled, or set access level to user for CPU Config menu and then see if setting is visible, if not then edit again and set access level to user on the setting itself.
I can unlock this BIOS for you. Mainly enable chipset menu made visible is all that’s needed here, rest of what’s hidden in advanced you can enable now via AMIBCP by setting Access to User on the root advanced page for each submenu (Right side of your image).
Then test, any individual settings still hidden can be set to User within their own individual submenus inside advanced.
Please Download HWINFO64 and on the large window expand motherboard section on the left, look for ME section and get the ME Firmware version.
Then from this page, in section “C”, download the matching ME System Tools package.
Intel Management Engine: Drivers, Firmware & System Tools
Inside you will find a Flash Programming Tool folder, and inside that a Windows or Win/Win32 folder. Select the Win/Win32 folder, hold shift and press right click, choose open command window here (not power shell).
Then run the following command and send me the created file to modify.
FPTw.exe -bios -d biosreg.bin
If you are stuck on Win10 without command prompt option (needs to be admin CMD Prompt, which above method will open, start menu way will not), then here is how to get it back
https://www.windowscentral.com/how-add-c…creators-update
https://www.windowscentral.com/add-open-…menu-windows-10
https://www.laptopmag.com/articles/open-…ator-privileges
Before you can flash back the mod BIOS I will send you, you’ll need to boot to Grub and use setup_var to unlock BIOS lock. Here’s a guide I wrote about doing this, you can start at step #6 because I’ve done steps 1-5 for you (info below)
[GUIDE] Grub Fix Intel FPT Error 368 - BIOS Lock Asus/Other Mod BIOS Flash
Your BIOS lock variable to change in Grub >> 0xB0 as you already mentioned
Rename your .efi file to >> Shell.efi
At grub prompt you’ll type the following >> setup_var 0xB0 0x0
Hello Lost_N_BIOS
thank you for your help and instructions,
I did everything as you requested, but at Grub Bio’s launch I received several bug reports.
grub: setup_var 0xB0 0x0
Lokiing for Setup variable varname Setup, var size, 12 var Guid: ec87d643-eba4-4bb5-a1-e5-3f-3e-b2-od-a9
GUID does not matsch expcted GUID,taking it neverhheles...
expected a different size of the Setup variable (got 1251 (0x4e3) bytes
continue with care....
successfull obtained "Setup" vanoble from VSS (got 1251 (0x4e3) byte offset: 0xb0 is 0x00
setting ofset 0xb0 to 0x00
varname Setup var size 12, var guid: 80e1202e-2697-4264-9c-c9-80-76-2c-3e-58-63 Guid does not match expected Guid, taking it neverthlesss
Successfukky obtained "Setup" variable from VSS (got 6 (0x6 bytes)
error offset is out of rangegrub
biosreg.zip (2.4 MB)
@Lost_N_BIOS can i choose Supervisor access right and what i actually get in comparison with user access level or extended user?
@M4rc0 - Yes, I can edit and enable all this for you, but first you need to get BIOS Lock disabled, unless you have a flash programmer? So, due to the errors you received with grub, you’ll need to try two other modified grub files
First though, lets check to be sure BIOS Lock is enabled, I think it is, but you can confirm. Take the biosreg.bin file you created from FPT and try to flash it back via FPT >> FPTw.exe -bios -f biosreg.bin
If that fails and gives you error 368 then BIOS lock is enabled as I found in the setup module, if it flashes it back in then all great and BIOS lock is disabled - let me know which happens.
As for the modified grub files, you will need to try these one at a time, same was as before, rename each to the same name and run the following command for each one
http://brains.by/posts/grub_setup_var.7z
setup_var2 0xB0 0x0
grub w/ Var2 is in this page, on releases tab - https://github.com/datasone/grub-mod-setup_var
setup_var3 0xB0 0x0
We need to disable BIOS lock, or find working AFU version that works with this BIOS and allows mod BIOS flash, or you need programmer.
Update a microcode or something, make some AMIBCP change etc, something so you can have a simple modified BIOS, then you can try all AFU until you find one that works (Don’t forget CMD line versions too, not just DOS versions, aside from AFUWinGUI)
There is also this method to try, see end last spoiler for method, flash stock first then without reboot flash mod BIOS. - https://linustechtips.com/main/topic/592…r-motherboards/
I will PM you AFU package
*** WAIT!!! *** I see I’ve already unlocked this BIOS for one user, and he sent back success report/images etc, so let me find his thread and see how he flashed!
He didn’t specify in the thread, so I had to email him. Please go ahead and try flashing back your FPT bios region dump as outlined above and let me know the outcome.
@klaxklax3
Setting supervisor or extended user will not help, some might even hide something from you doing that, default or User is what you want, but you can only use that within sections you can already see, sections you cannot see now need BIOS mod other than AMIBCP to make the sections visible
@Lost_N_BIOS
Hello I’m back, next I had a "Bios bricked" dead !!!
Now I got a new bios from a company
You made me a bios for the model "X555LD" on it, see photos below.
But I’ve had a bios for X555LB before.
Now the mistake.
My internal 2 graphics card "Nvida graphics card 940M" can not be installed because of the bios!
Another mistake: In HWiNFO64 no Intel ME section is displayed to me any more!
How can I switch to the X555LB BIOS? Can you help me??
BIOS platform - AMI Aptio V
BIOS version - X555LDB.307
Manufacturer - ASUSTeK COMPUTER INC.
Model - X555LDB
The Intel ME tool works, I get a dump.
[GUIDE] Grub Fix Intel FPT Error 368 - BIOS Lock Asus/Other Mod BIOS Flash
grub w/ Var2 is in this page, on releases tab - https://github.com/datasone/grub-mod-setup_var
setup_var3 0xB0 0x0
Bios Unlocked!!!
So you ordered new BIOS, or someone put on there for you? Wrong model, and looks like they may have messed up the ME FW too 
Please run this, and send me dump, so I can copy out your details (serial, UUID, LAN MAC ID etc, if they are in the BIOS still/now) Does your Ethernet work?
FPTw.exe -d SPI.bin
Which motherboard do you have, LB or LD??? Look on your board, if you sent it out for repair they could have switched the boards on you.
I did not send you any BIOS, you said I sent you LD BIOS, but I checked above and I’ve not posted a BIOS for you anywhere??
I ordered a new BIOS they made a mistake there. 
FPTw.exe -d SPI.bin
Ethernet everything works, only my video card Nvidia 940m not. (Yes, they have also confused the ME)
I have an Asus X555LB ( https://www.asus.com/Laptops/X555LB/HelpDesk_BIOS/)
X555LBAS605.zip (2.41 MB)
Ahh, sorry, I thought it looked like you had it all unlocked.
Please dump ME and see what happens (Send me file if created) >> FPTw.exe -me -d me.bin
Please also dump FD >> FPTw.exe -desc -d fd.bin
Finally BIOS region >> FPTw.exe -bios -d biosreg.bin
Send me all of the above, if created.
Also, post image of this report >> FPTw.exe -i
Thanks for confirming exact board! Yes, if you purchase BIOS they almost always send stock BIOS flashed onto chip, so you loose serial, UUID, and often LAN MAC ID and messed up ME sometimes too (lazy people!)
Your original dump in post #1 above, is that a good dump, where I can pull out your serial, UUID and hopefully MAC ID too? Does your Ethernet currently work properly (not wireless, I mean Ethernet where you connect the cable)
Hello, @Lost_N_BIOS Ethernet work (cable)
Yes, if the old BIOS dump is good, use it. Thanks
FPTw.exe -me -d me.bin
Error 26: The host CPU does not have read access to the target flash area. To enable read access for this operation you must modify the descriptor settings to give host access to this region.
FPTw.exe -desc -d fd.bin = Is working
FPTw.exe -bios -d biosreg.bin = Is working
FPTw.exe -i
biosreg.zip (2.37 MB)
fd.zip (329 Bytes)
Great, please try putting system to sleep (not hibernate) for one minute, then wake it up and try the ME dump again.
ME FW is there, at least the region is defined, I am not sure if this is 100% sign it’s there and just corrupt or only defined but not there etc.
If above sleep method gives same error on reboot, we’ll have to try to see if we can update it via ME FW update tool (wont work if it’s corrupted), or we maybe can allow it via a mod BIOS flash, fix ME, then flash back in regular BIOS until I have the LB BIOS ready for you.
Thanks for your BIOS region dump, this is LDB BIOS. Can you write it back >> FPTw.exe -bios -f biosreg.bin
If there is error, no need for image, just tell me the error number. I assume you will get error 368 or 280 Then we have to get you around that first, then I can make you BIOS mentioned above to try and let us fix ME, then once done make other BIOS to switch you over to LB
To get past 368, first try the S3 sleep bug mentioned above, after you wake system again try to FPT flash BIOS region as noted above. If fails, then here is guide to unlock BIOS lock, you can start at step #6 because I’ve gathered the variables you need and noted the below
[GUIDE] Grub Fix Intel FPT Error 280 or 368 - BIOS Lock Asus/Other Mod BIOS Flash
Your BIOS Lock and SMI lock Variable you need to change >> 0x99 + 0x9A
Rename your .efi file to >> Shell.efi
So at grub prompt you will type the following commands one at a time
setup_var 0x99 0x0
setup_var 0x9A 0x0
Then reboot, and try to FPT flash back your dumped BIOS region. Once that is success, then we can begin both of the BIOS edits and flashes mentioned above.
I have to leave now, will be back tonight. Be careful with FPT, don’t do anything other than what’s mentioned here, you can brick the system in one click if used incorrectly!
If you get any “Size” or Red warnings when trying to flash, stop there, do not proceed. And, don’t do anything with other files (ie stock, or other BIOS etc) except what I’ve mentioned here only.
Okay @Lost_N_BIOS
I am also waiting for you, thank you very much!
putting system to sleep ME dump = No Works
Error 26: The host CPU does not have read access to the target flash area. To enable read access for this operation you must modify the descriptor settings to give host access to this region.
Can you write it back >> FPTw.exe -bios -f biosreg.bin
FPTw.exe -bios -f biosreg.bin
Error 280: Failed to disable write protection for the BIOS space!
I did then
setup_var 0x99 0x0
setup_var 0x9A 0x0
and now it works !
FPT flash back dumped BIOS region.
@M4rc0 - great progress, thanks. Here is next BIOS package, this is to fix ME First.
http://s000.tinyupload.com/index.php?fil…061017005575089
First flash this BIOS via >> FPTw.exe -bios -f biosregm1.bin
Sorry, I forgot to ask you to clarify, and just remembered. BIOS posted at post #1, is that stock BIOS (I didn’t download yet)?
If it is, then is BIOS at post #3 a backup you made via FPT (BIOS 204), before you had BIOS repaired, correct? If yes, this one, then I will download BIOS from #3, and it should have your serial, UUID, and hopefully LAN MAC ID in same block too.
After the above BIOS flash, I also included ME FW to flash. Please reboot after the above flash, enter BIOS and load optimal defaults, then go to windows and flash ME FW via >> FPTw.exe -me -f me.bin
Then once that is complete, run this command >> FPTw.exe -greset
If system does not automatically reboot, please shut down, remove main battery, unplug power cable from back of system. Then press and hold the power on button for 10-15 seconds, then let the system sit for one minute without power.
Then you can put battery back in, plug in power, load windows or BIOS and reflash this bios next (biosregm2.bin) >> FPTw.exe -bios -f biosregm2.bin
Then, once done reboot to BIOS, load optimal defaults, then load windows and from the MEInfo folder run this command and show me entire output >> MEInfoWin.exe -verbose
Also, can you confirm if this was your previous MAC ID (1C B7 2C 04 98 98) It should be current MAC ID also, if BIOS tech did anything during his lazy work day 
But, I see this in your dump now (F0 79 59 2A 79 A6), which would be incorrect and shouldn’t be functioning (Ethernet), unless maybe he swapped your board for another?
If you are unsure what your current MAC ID is, but you know your Ethernet works, connect a cable to it and disable your wireless so it’s easier to see wired connection via this command at CMD prompt >> Ipconfig /all
If your Ethernet does not work, this is why
Sadly, I do see different motherboard ID + Motherboard serial, actual system serial, all that, and since we know he’s to lazy to transfer this info, possibly swapped boards on you Have you looked at the board itself yet to confirm?
This may all be incorrect due to his lazy and programming in some other random dump he found too, hard to say.
Hello @Lost_N_BIOS
have the following problem 
Thank you for your detailed description and great help
1. FPTw.exe -bios -f biosregm1.bin = Works
I had to use Grub first, I have to use that again Grub: setup_var 0xB0 0x0
2. FPTw.exe -me -f me.bin
Error 25: The host CPU does not have write access to the target flash area. To enable write access for this operation you must modify the descriptor settings to give host access to this region.
@Lost_N_BIOS
Here you have an abstract of MEINFOWin verbose, many mistakes.
—> https://pastebin.com/yY82xuXU
@Lost_N_BIOS I think there is a ME error in their bios version for ME FW!
ipconfig
Realtek PCIe GBE Family Controller
Physische Adresse . . . . . . . . : 1C-B7-2C-04-98-98
@M4rc0 - Sorry, I don’t know what you mean about “BIOS Closed”?
Also, variable >> 0xB0 (BIOS Lock), I only disabled in one place, because sometimes if you disable in both then it makes it enabled again. Since that was still locked, this means for this board Setup edit is needed instead of AMIBCP-AMITSE/SetupData (This what I changed)
You can always change them yourself with grub/setup_var, same for the ME FW Re-Flash option too which is probably still disabled now that I know your board uses setup instead of what AMIBCP changes (or still could use NVRAM instead of either of these too, for some variables)
So, I can make you new set of BIOS with setup edited instead, or NVRAM, or you can change things in setup_var instead
Did you look at the motherboard yourself?? They would not put in a new chip either, they’d just reprogram original chip (improperly )
Thanks for MAC Confirmation, this at least means it’s correct in the GbE module, since incorrect MAC is stored in the BIOS at the system specific info area.
SMI Lock, VarStoreInfo (VarOffset/VarName): 0xAF << As noted below
BIOS Lock, VarStoreInfo (VarOffset/VarName): 0xB0 << Disabled both these << ^^ in grub, using 0x0
Me FW Image Re-Flash, VarStoreInfo (VarOffset/VarName): 0x3FF << Enable this in grub via 0x1 >> This only survives one reboot, so enable, boot to windows and do FPT flash right then
If you can’t get it, I will make you new set of BIOS with setup and NVRAM edited instead of how I made previous package (Making now just in case you need, will edit it in once I’m done)
* Edit, in regards to your edit above.
No need for MEInfo right now, you did not flash the ME FW yet, so you are still at step #1 until I send you new BIOS or you make these changes in grub first, then flash ME and do the -greset, then disable ME FW Image Re-Flash again (or flash stock BIOS or your original FPT Dump), then reboot and run MEINfoWin
And really, even after that it may be messed up still, until I get you flashed over to the correct model BIOS (This is what I took ME settings from as source), so this is target BIOS and ME FW may be still incorrect on some stuff until we get final BIOS conversion done.
* Edit - here is new BIOS package, use M3/M4 like M1/M2 mentioned above, if M3 fails to allow FPT ME FW reflash, skip M4 and move to M5/M6 instead (replacing above instructions for M1/M2 with M5/M6 instead)
http://s000.tinyupload.com/index.php?fil…439934795429392
If these fail, it must be something to do with the wrong BIOS or I’m confusing you with how to do things , and we’ll just flash you over to correct BIOS, see if ME FW is working properly then, and then if it is you can update ME FW via ME FW Update tool.
Hello @Lost_N_BIOS
Bad news I tried everything …!
I have used these values in Grub after every bios flash,
setup_var 0xAF 0x0
setup_var 0xB0 0x0
setup_var 0x3FF 0x1
but FPT ME FW flash just does not work !!!
BIOS from M3 to M6
FPTw.exe -me -f me.bin
Error 25: The host CPU does not have access to the target flash area. To enable write access for this operation you must modify the descriptor settings to give access to this region.
What else can we do now? Why is this error always coming?
Thank you very much for your help and time really great from you …
Go back and redo all tests, do not change anything in grub for any of the test files I sent you.
Error 25 is because the FD is locked for read-write to ME, this is security locks. If we can’t get it in BIOS I made for you then your only option is flash programmer, or you can do pinmod to dump the FD and unlock it
Hallo @Lost_N_BIOS
I did everything without "Grub" and it came out.
FPTw.exe -bios -f M3.bin = Works "Laptop restart"
FPTw.exe -me -f me.bin
Error 25: The host CPU does not have write access to the target flash area. To enable write access for this operation you must modify the descriptor settings to give host access to this region
M4 up to M6 Bios
Error 280: Failed to disable write protection for the BIOS space!
@Lost_N_BIOS
I have now updated to "X555LB Bios" now everything goes My graphics card Nvidia works and can be installed.
But there is still a problem here the extract of MEInfo.
Also in HWiNFO64 I can not find a ME section
https://pastebin.com/M2WFimBg
And what I also noticed when I start my laptop he needs up to 20 seconds that he starts Asus logo! And then I come first in bios or Windows start. Bios loop? how can you fix this?
How can I apply this pinmod variant? Do you have an introduction? Thank you
@M4rc0 - Sorry I missed your post until now. Pinmod method is E1 in this thread - [Guide] Unlock Intel Flash Descriptor Read/Write Access Permissions for SPI Servicing
Or, you need CH341A + SOIC8 test clip with cable