Safe to flash?

TheRealLion · October 18, 2018, 1:01am

Hey guys

I just finished modding my BIOS for my BTO 15CL68 laptop(CLEVO N150SD barebone - i7 4720HQ - APTIO IV BIOS). Here’s what I did:

*Updated microcode for my cpu and updated FIT table using UEFITool
*Enabled a bunch of settings using AMIBCP
*Changed the boot logo using AMI Change logo

Now, the reason I am here is because UEFITool is giving me a few warnings(even in original) about BootGuard and AMI protected range. So, I’m not sure if my modded version is safe to flash.
Below is a link to a ZIP file with the original and modded version of the BIOS. Also included is a screenshot of the results when running MEInfoWin64 on my laptop - another thing that worries me as there’s no mention of BootGuard or FPF unlike other screenshots I’ve seen here.
https://we.tl/t-x6ryS0X5q4
If anyone could have a look at them I’d appreciate it.

Gilles

Lost_N_BIOS · October 18, 2018, 4:31am

@TheRealLion - Usually I find, and try to make my goal, if original BIOS has errors that final edited BIOS have those same errors (Except checksum errors, I tend to fix those when I see).
It’s probably OK. On MEinfoWin, the way to check about bootguard is at the bottom of the report (left side), if you see Measured Boot and Verified boot, if enabled on left then it’s enabled.
Your MEInfoWin image is either not complete, can’t see bottom, possibly due to you needed to hit enter to view the rest, or it does not run properly from Shell use CMD instead.

FIT Table is broken still in your mod, same as the original, microcode locations are incorrect thus blank entries. And in the mod, there is only one position for microcodes in FIT, what did you do in regards to microcodes? Was your intention to have only a single microcode?
Never mind, I see now, it’s all messed up. No, don’t flash this until it’s fixed. In original I see 14 microcodes (7 x 2 volumes), in your mod BIOS I see only 8 microcodes in only a single volume
FIT table is of course broken in original and your mod BIOS, but your mod BIOS FIT is really messed up due to incorrect microcode count and zero locations for any of the microcodes so blank entries. There is also two entries in there for 306C3 microcode, should only be a single.
I’m working on a UEFITool microcode update and FIT Table correction guide right now, hope to get in done in next day or so, you can wait for that or I can fix this for you if you want?

Sorry, forgot to mention BG protected ranges, this is not an error in original BIOS, only in the mod, so you will have to take a chance it boots OK once all mods are done correctly.
Full MEInfoWin will tell us if it’s likely to be OK or not, get me a full image of report and I’ll show you where it’s at. It’s probably disabled though, and should be OK once all the other problems are corrected.

*Edit 2 - here in post #7, I found recent post that shows full MEInfoWin report in text, see at the bottom Measure Boot and Verified Boot
If those are “Enabled” at the FPF (Left) side then Bootguard is set at the PCH and enabled on that side permanently, if also enabled there on right then it’s fully enabled (without left side FPF enabled, then right side/ME does not matter)
How can I access my gt 930m bios?

TheRealLion · October 18, 2018, 8:29am

@Lost_N_BIOS Hey, thanks for your reply!

Having just one microcode was indeed my intention. I originally just wanted to update the ucode for my cpu, but it was larger than the original so I just said screw it and got rid of all the others(or so i thought).
The original FIT table only had positions for 6 ucodes and only 6 showed up in MMTools as well, so I assumed I didn’t have to touch the others. I made sure to expand the size off that ucode to make up for the removal.
Thanks for the offer to fix it for me, but I’d rather do it myself so that I can learn from my mistakes :).

And about MEInfo - that’s why I mentioned it in my post, that is the full output I get from MEInfoWin64. I ran it again from cmd using the verbose parameter and this is what I get: https://pastebin.com/syQgunsi

I don’t think the 4720HQ even supports BG, but I don’t know if that’s why MEInfo doesn’t mention it at all.

Gilles

Lost_N_BIOS · October 18, 2018, 9:20am

@TheRealLion - You’re welcome!

Thanks for the info. There is still 7 microcodes in the BIOS then if your intention was to only have a single The reason there is still 8 based on what you said is the other microcode volume you didn’t edit, would then still contain all of the original 7 microcodes + the one you added by itself in the volume you edited.
You can see what I mean on that by dropping the BIOS file in MC Extractor, you’ll see 8 microcodes - https://github.com/platomav/MCExtractor/…v1.24.1_r86.rar

The original BIOS FIT table is broken (Blank entries for CPU microcodes), and as you mention count is off then because there should be 7 microcode entries. Broken FIT table is common unfortunately for some manufacturers, poor BIOS coding skills makes for sad BIOS.
See, here is an image from my guide, you can see side by side broken FIT table (like your BIOS, stock and modified), and correctly fixed FIT Table.

Whatever you saw in MMTool could be due to incorrect version used, or due to the broken FIT Table, I did not check the file with MMTool, no need. However, since you mentioned I checked just now and on your mod BIOS I see 8 microcodes as suspected (1 you added in Volume 1, and the original 7 in volume 4)
I used 5.02.0024 patched (unpatched OK for this too), and I checked original just now too, all 14 microcodes show up. So when you saw only 6 previously, that’s most likely due to incorrect/older version of MMTool not detecting them all properly.

I totally understand what you mean about wanting to fix it yourself, and I kind of thought you might, so I’ve hurried up and finished my microcode + FIT correction guide for you tonight (Another user has been waiting on my for this about a week now too, so had to get it done anyway!)
I am almost done with my guide, hopefully it will help you sort things out! I’ll update this post with a link as soon as I have it done, maybe 30-45 minutes, or less (done, but formatting and getting posted right now)

*Edit - here is guide, hope it helps you figure this all out! If not, feel free to ask and I’ll help!
[GUIDE] Update CPU Microcode + Fix FIT Using UEFITool / Hex

On MEinfoWin, try the not x64 version, or make sure you are using the correct latest version for your BIOS/ME - here is latest for V9.1
https://mega.nz/#!uQV12IxD!KGAUutQZrdL7T…SugQhzGkt5K5EWU

If this still does not help, I am not sure why this is not being shown (Maybe only certain ME versions output these values?) It could be what you mentioned, or maybe only certain boards or newer ME versions, I am unsure.

plutomaniac Can you please advise on this MEInfoWin concern, thanks! ME is 9.1, we want to check Measure/Verified Boot values

plutomaniac · October 18, 2018, 12:39pm

If it is not shown at all then it is probably disabled

TheRealLion · October 18, 2018, 12:43pm

Hey @Lost_N_Bios

I’m not home and on my phone right now. But thanks for the detailed reply and guide!

I understand how i should update my FIT to make it valid. But I’m kinda lost on what to do with the microcode in the other section(marked in red in uefitool— every byte is covered by one of IBB entries). Should I completely remove the microcode(replace everything with FF) or update it so it matches the already modified microcode in the other section?

I’ll try running the 32 bit MEInfo and might even see if i get a different result from a DOS stick.

Gilles

TheRealLion · October 18, 2018, 1:29pm

@Lost_N_BIOS

Same result on 32bit MEInfo.

By the way, should I update ME FW for any reason? And what are the risks involved?

Lost_N_BIOS · October 18, 2018, 1:39pm

On the microcodes, follow what I mentioned in the guide about 3 x that GUID, this applies to your BIOS exactly. Extract both the 2nd and 3rd body files, see which is the one you already edited with a now single microcode (If that is still all you want in there).
Then replace the unedited one with a copy of your already edited single microcode file so both are exact same. Pay attention to the images and what I said in the guide, so you don’t end up replacing the wrong one (first one) from the GUID search.
Marked in red does not matter, since Bootguard is not likely to be enabled. Then once done with microcodes, save the BIOS, and reopen to fix the FIT table

On ME, yes you can update it, and should probably. That can be done easiest with FW Update tool, there is FW posted here in the ME Section and guide I believe, but if you need guidance on that I can help you with it later on.
Risks involved are “Somewhat bad” if done incorrectly, so read, and read again to be sure you are doing things correctly before hitting enter. You can brick your board with incorrect ME or ME flash/update methods.
Intel Management Engine: Drivers, Firmware & System Tools

TheRealLion · October 18, 2018, 4:13pm

@Lost_N_BIOS

Oh yes thanks! Great guide! I missed the 3x GUID part on my first read somehow, sorry about that. Yeah I’m still going with just 1 microcode, the 4720HQ is soldered to the mainboard and it’ll simplify things if I want to upgrade microcode again in the future.

Before I go on and update my FIT, I have another question. In my OP I mentioned that I used AMIBCP to unlock some settings/features in the BIOS. Well, I just noticed that doing that changed the size of the compressed section and even added a pad-file. This caused everything below to shift down and I don’t know if it’s something to worry about or not?

Here’s a screenshot of what I mean:

Lost_N_BIOS · October 19, 2018, 5:06am

@TheRealLion - thank you, I was worried it might not be detailed enough. I’m glad you noticed the 3 GUID’s in microcode section after looking at it again, do you think I need to make more things in there bold or somehow more noticeable?

That makes perfect sense about the 1x microcode now that you mention CPU is soldered in there, I’d do exactly the same then too. On AMIBCP, I noticed the same with a quick test using AMIBCP 4.55.0070, I checked the pad file and it contains some data but I am not sure what it is.
It could be removed via hex possibly, but that may cause other issues? I searched the entire contents against the whole BIOS file via hex and that same string is found 6 times, vs only 5 in stock BIOS. So it’s a valid header or something since it’s in there so many times and in the stock file too.
I also tried 15, maybe 20 ways to increase it’s size so that next entry (microcode) started at same size as original 3F5268h, but no matter what 95% of the time my changes were removed and the paddings contents reset back to original 24bytes

I think it will be OK, but if you are really worried about it, wait to flash until you have CH341A (And SOIC8 test clip cable) or other programmer kit in hand.