Shuttle XH110 TPM control unlock

BIOS/UEFI Modding BIOS Modding Requests
1

Hello,
I have a Shuttle XH110 Mini PC that I’d like to enable the option to clear the TPM and TPM OS control on. Currently the only TPM control I have is on or off and that’s it.
I’ve already tried using boring boredom’s UEFI editor but all I got in the end was a broken setup, the BIOS would freeze on a blue screen upon entering.

These are the options I’m talking about.

image
image1884×868 64.1 KB

The thing is, I know it’s possible because on the previous BIOS it had on, a system-integrator modified 2.01 the option was there. But I stupidly did not backup it before upgrading to the latest 2.10.

2nd think I’m asking, but more as a side note. The previous S.I. custom bios had a post logo, the one that also replaces the Windows flag with the spinning dots and set the correct resolution during post as every name-brand machine does. The current bios as provided by Shuttle does not. At boot I have the old AMI logo in the corner and below text about the bios version and what key to enter setup, as if it were an old AMIBIOS machine (but actually is a current Aptio V). Then when windows loads it’s the generic flag.
Probably as a side effect the screen resolution is also stuck at 1024x768 until the graphics driver loads.
The bios does have a logo module, the AMI logo, but it does not seem to be one shown in the corner as I said, as replacing it does not change what I see at boot.
Could someone have a look at this too?

Attached is a dump of the bios I’m currently running, already coffeetimed as I’m running an 8th gen CPU

Thanks to anyone who can help! :slight_smile:

XH110_coffee.zip (4.4 MB)

2

Instead of using a BIOS with modded setup menu, what if you use the BIOS with original menu with this method to change the TPM settings? Does it also freeze?

3

Hello,
according to the ifr, TPM clear is controlled by variable 0xEFA in Setup. There are two consecutive entries for the same variable 0xEFA, one says that TPM clear is 0x5 and the other 0x1.
I’ve tried both with no effect, the TPM stays provisioned and I don’t get the usual screen i’d expect at reboot asking me to confirm the pending operation.

The output from grub is the following, if I read the variable back the value seems to have stuck but the program is not completely happy, so to speak, and I’m starting to doubt where it’s actually writing these values

grub> setup_var_cv Setup 0xEFA 0x1 0x1
Looking for Setup variable...
var name: Setup, var size: 12, var guid: ec87d643-eba4-4bb5 - a1-e5-3f-3e-36-b2-0d-a9

--> GUID does not match expected GUID, taking it nevertheless...
expected a different size of the Setup variable (got 4187 (0x105b) bytes). Continue with care...
successfully obtained "Setup" variable from VSS (got 4187 (0x105b) bytes).
offset 0xefa is 0x00
setting offset 0xefa to 0x01
var name: Setup, var size: 12, var guid: ec87d643-eba4-4bb5 - 9c-c9-80-76-2c-3e-58-63
--> GUID does not match expected GUID, taking it nevertheless...
successfully obtained "Setup" variable from VSS (got 6 (0x6) bytes).
error: offset is out of range

Same thing happens for value 0x5

4

If you have a CH341A programmer and clip, maybe you can try force downgrading the BIOS by first backing up the current one and then flashing the older 2.01 version from Shuttle, and afterwards take out and re-insert the CMOS battery.

Regarding your 2nd issue (old AMI logo in the corner and below text about the bios version and what key to enter setup), maybe you can try enabling “Quiet Boot”.

5

Already tried going back and forth with versions with no change, thankfully the EEPROM is socketed so that’s easy

There is no option to enable quiet boot, that’s the issue. If you look at pictures of the setup of similar vintage shuttle machines there’s no quiet boot option in any of them. I wonder if they have some OEM only tool to inject a logo and therefore enable the option.

6

Hello.
Try setup_var 0xEFF 0x1 and setup_var 0xF00 0x1.

I think, variables EFF and F00 are the ones that control visibility of the pending operation option.

110
1101346×558 287 KB

Other vars seemed fine to me.

To unhide Quiet Boot: setup_var_cv SystemAccess 0x0 0x1.
If Im wrong and it’ll do nothing, then I will edit the bios for you.

7

Thank you :slight_smile: ,
i tried with the vars but the options still doesn’t show.
The output when doing 0xEFF and 0xF00 didn’t seem particularly happy to me though, with the guid mismatch, see pics

TPM:

1698429711292
16984297112921280×960 306 KB

1698429711275
16984297112751280×960 225 KB

Quiet boot:

1698429711254
16984297112541280×960 222 KB

1698429711230
16984297112301280×960 196 KB

8

Ok. Then I’ll simply make some edits in Setup.

1 Like
9

By the screenshots I found the possible reason why grub method did not help. In your bios there are 4 instances of TPM menu.

One of them has just a single setting.

110

I tried to unhide others: ‘XH110_coffee.zip - Google Drive

1 Like
10

Hello,
I’ve tried your unlocked Bios and it now shows a lot of options. Quiet boot works now.
For TPM reset I see the options, they behave as they should (as in if I invoke reset at next reboot goes back to pending: none and doesn’t get stuck) but it actually doesn’t reset anything. I also tried a true Skylake CPU to see if my Coffeelake was confusing the fTPM but the behaviour doesn’t change.
At this point I’m starting to think these commands will only work with discrete TPM chip on the LPC bus and not with the fTPM.

In fact, and I’m aware I’m probably asking too much, could you hide again some options?
RTD3 Settings
OffBoard SATA Controller Configuration
the first Power Management Configuration
IT8728F Super IO Configuration
IT8768SEC Super IO Configuration
Intel(R) Bios Guard Technology
SDIO Configuration and
Switchable Graphics

IMG_20231027_222030
IMG_20231027_2220301280×960 276 KB

Still, thanks again for your time and skilled help!

11

On the next day.

12

No worries, I’m not in any kind of a hurry and it’s late here too.
Tomorrow, sunday, next week… when it’s most convenient to you.

Thanks again!