ROM Image update denied

Hi,
I tried to modify the boot Logo of my UEFI with UEFITool but everytime I make a modification it shows me this message.

IMG_20200608_033314.jpg



Is there any way to solve this problem ? What causes that ?

Thanks

(Working .zip = original working bios, not working.zip = my modified bios with custom logo which makes this message show on boot)

Teclast F5 wifi working.zip (4.46 MB)

Not working.zip (4.47 MB)

@Thymidin - Could be bad mod BIOS, or you can’t update mod BIOS in this way. It’s common that you often can’t update mod BIOS using normal methods. I checked your BIOS, looks “OK” Generally.
Sometimes, you can only use certain tools to make the image too, and newer paint.net I’ve seen cause issues before, so this could be a problem too, aside from flashing in a mod BIOS. You may need to use Gimp or older Pain.net, or I prefer CS3 and use “Save for Web” for BIOS logo images in modern BIOS.
To confirm if image or mod BIOS generally is the issue, make a new test BIOS from working, with just one updated microcode, then flash and see if it’s accepted or not, if yes then you know the image is causing the issue not mod BIOS itself.
I bet though, it’s probably all about how you are trying to flash the mod BIOS, because generally if an image fails to load or work properly you just would not see it, or sometimes it may brick, but it usually wouldn’t stop BIOS from being flashed in.

What is this system model, so I can keep these BIOS in properly named folder. Is this Intel CPU or AMD CPU system?
If this is Intel system, do as below, and tell me what error you get at #2 so we can then work around hopefully. If you do not get error at #2 and successfully flash in the BIOSreg.bin dump, then send me that dump and I will put your image into it (or you can, and then FPT flash it back)
Be VERY careful with FPT, you can brick your board in one click if BIOS mod is bad, or if you use incorrectly (ie forget a parameter etc). And NEVER uFPT to flash stock BIOS, only dump BIOS areas then modify, then flash it back.

If you have already modified the BIOS in ANY way, you will need to re-flash it back to factory defaults using factory method (NOT FPT)!!!

If you do not have Intel ME drivers installed, install them now from your system driver download page, then start over here after reboot.
Check your BIOS’ main page and see if ME FW version is shown. If not then > DOWNLOAD HWINFO64 HERE <

Once HWINFO is open, look at the large window on the left side, expand motherboard, and find the ME area.
Inside that section is the ME Firmware version. Take note of the version. (ie. write it down or get a screenshot)

Once you have that, go to the thread linked below, and in the section “C.2” find and download the matching ME System Tools Package for your system.
(ie if ME FW version = 10.x get V10 package, if 9.0-9.1 get V9.1 package, if 9.5 or above get V9.5 package etc)
> DOWNLOAD " ME System Tools " packages HERE <

Once downloaded, inside you will find Flash Programming Tool folder, and then inside that a Windows or Win/Win32 folder (NOT x64).
Highlight that Win/Win32 folder, then hold shift and press right click. Choose “open command window here” (Not power shell! >> * See Registry file below *).

If you get an error, reply to this post with a screenshot of it, OR write down the EXACT command entered and the EXACT error given.

((If “open command window here” does not appear, look for the “Simple Registry Edit” below…))

Now you should be at the command prompt.
You are going to BACKUP the factory un-modified firmware, so type the following command:
Command: " FPTw.exe -bios -d biosreg.bin "

>> Attach the saved "biosreg.bin ", placed into a compressed ZIP/RAR file, to your next post!!! <<

Right after you do that, try to write back the BIOS Region dump and see if you get any error(s).
Command: " FPTw.exe -bios -f biosreg.bin "
^^ This step is important! Don’t forget! ^^

If you get an error, reply to this post with a screenshot of it, OR write down the EXACT command entered and the EXACT error given.

Here is a SIMPLE REGISTRY EDIT that adds “Open command window here as Administrator” to the right click menu, instead of Power Shell
Double-click downloaded file to install. Reboot after install may be required
> CLICK HERE TO DOWNLOAD CMD PROMPT REGISTRY ENTRY <

If the windows method above does NOT work for you…
Then you may have to copy all contents from the Flash Programming Tool \ DOS folder to the root of a Bootable USB disk and do the dump from DOS
( DOS command: " FPT.exe -bios -d biosreg.bin " )

Thanks for the answer ! It is a laptop Jumper EzBook X1, Intel CPU Celeron N4100 on which I flashed the Teclast F5 BIOS without any problem. Should I go back to the original BIOS before trying this ?

Thanks. You can use whatever BIOS you are on now, if it’s the one you like and want to use

Sorry to bother you with those kind of stupid questions but I can’t find any Intel ME driver, however I can see on device manager that intel Trusted Execution Engine Interface driver is installed. Without installing anything else, HWInfo shows Intel ME Version: 4.0, Build 1242 (attachement below for full screenshot).

Could you please confirm that I need to use " Intel ME System Tools v4 r1 " package ?

Annotation 2020-06-08 134141.png

Annotation 2020-06-08 135504.png

Sorry, I need to update my FPT copy/paste for this, you need V4 TXE system tools, from this thread - Intel Trusted Execution Engine: Drivers, Firmware & System Tools

TXE drivers would already be installed I think, since you can see that in HWINFO and device manager etc. But if not, you can download them from the manufacturer download page for this system.

Thanks,
I see that the Intel CSME System Tools v14.5 r2 only contains an EFI version of FPT. Wouldn’t it be too risky to try dumping and flashing right from the UEFI Shell ? Wouldn’t I need first to only dump it with “FPT.efi -bios -d biosreg.bin”, then follow the Step 7 of this guide [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization to check if “OEM Public Key Hash” field exists and whether it is empty/zeroed or not, and if it is not, it means there would be no way for me to modifiy the bios region ?

Again, I’m so sorry for those kind of questions, I am not used to deal with Intel ME/CSTXE, it’s something new for me…

----------------------

My bad, I confused between two folders. I tried with FPT and RESULT: “The data is identical. FPT Operation Successful.”. The biosreg file generated is attached at the end of this message.

Edit: tried to modify the logo the same way with UEFITool but from the dump biosreg.bin then flash is with FPT. FPT Operation Successful but it shows the exact same message after reboot.

EDIT2: I can see this bios has an OEM public key hash with Intel Flash Image Tool. Would this mean there is no way I can mod this BIOS without knowing the private key ?

Annotation 2020-06-08 180619.png

biosreg.zip (4.46 MB)

I’ve litteraly tried everything I know on this BIOS, even extracting a module and replacing it with the same one with MMTools… And everytime I get the same message on boot. Does anyone knows what’s going on here ?

Please I am litteraly stuck without being able to make any modification on this BIOS… I can’t figure out what I am doing wrong.

@Thymidin - You need to use V4 TXE tools, not 14.5 ME tools, not sure how there was confusion there after post 4-5? Looks like you got it all working though, so not sure what you used now?
OEM public key hash is normal, nothing to be concerned with in regards to what we’re doing here. The guide you linked is about cleaning and updating ME FW, also nothing to do with anything we’re discussing here, and be careful if you mess with ME FW, follow the guide exactly or you may mess up your ME FW
In regards to step #7 if using that method, follow the guide exactly as mentioned at step #7. But really, if you want to update TXE ME FW, you do not need to follow or use that guide at all, you can directly flash the latest matching RGN FW using ME FW Update tool included with the System Tools Package in FWUpdate folder.
None of this has anything at all to do with modifying the BIOS region though, so you do not need to mess with any of that.

What version UEFITool and MMTool did you use?

Some BIOS have internal signature or checksum checks, that stop you from modifying the BIOS, so this may be what’s happening and we wont be able to get past that, unless “maybe” if done with flash programmer (CH341A + SOCI8 test clip w/ cable if BIOS is soldered to board, or U Type Flat IC extractor if BIOS is in a socket)

Please test these two BIOS and let me know if you see same message. I changed original logo to inverted, just as test
If either of these work, then it’s the tool version you are using, or method your replacing files is not correct, or the image editing method.
Also, before you flash any mod BIOS, disable secure boot and remove any BIOS password you’ve set, and disable any TPM or encryption as well.
http://s000.tinyupload.com/index.php?fil…610344647330885

* Edit - I see TCO Lock is enabled, we may need to disable that, not sure.
If all of the above fail, I will help you to test this, first we’ll make one settings change in BIOS and test flash it, then if same error message we’ll disable this, and then test again, to confirm or not if this is causing the issue.

I just downloaded the files in case I needed them (before your answer) and made the confusion between the 14 and the 4, a dumb careless mistake haha… Don’t worry, I am currently using the correct file so no problem about that. Also, I’m sorry about the guide I linked, I don’t want to update the TXE ME FW, I just tried (and failed haha) to find some explanation about this error.

I tried to use MMTool Aptio 5.02.0024 and UEFITool 0.26.

I tested every modded BIOS you sent, and I have some exciting news and some less exciting…
The exciting news is that the boot logo effectively changed ! The less exciting one is that the messages is always here. It doesn’t prevents me to boot completely but I need on every reboot to select “save/discard and exit” to boot on the OS.

About the TCO Lock, would I need to use setup_var with the custom Grub ? Because this one only showed an underscore when I tried it without any way to enter any command. However I know that amisetupwriter works on this machine (Sorry if i’m wrong about that, I hope those infos are not useless).

Thank you so much for your help !

Edit: All those tests were made with secure boot disabled, without any BIOS password and with all TPM settings disabled in the BIOS before.

Same here, would even sacrifice the device to find out what’s going on (not really, i can always flash back a working bios dump) Maybe there is any progress or idea where to start research? All Apollo / Gemini Lake bios are affected.