[Solved] Gigabyte Server MB MX32-4L0 - failed to flash a backup

Hi,

It took me a whole week trying to figure out what happened on my gigabyte server MB, hopefully someone here could help

What’s my setup?
Gigabyte Server motherboard MX32-4L0, see https://www.gigabyte.com/Server-Motherboard/MX32-4L0-rev-10
CPU Xeon E-2176G
C246 chipset
AMI Aptio V

What do I expect?
Bypass the “18 - error secure flash rom verify fail” error when flashing back the modded BIOS or original-backup ROM

What did I do?
1. Backup the BIOS/UEFI using afu backup.rom /O, under Windows, Linux or UEFI APP
2. Try to restore the backup copy with same afu tools

What happened?
1. I tried to use afuwin3.05, afudos3, afulnx3(with /GAN), all of them led to a whole system freeze. Yes, afuwin freezes the windows 8/10/PE, afudos freezes the FreeDOS and MSDOS, afulnx freezes ubuntu14/16/18, that’s crazy.
2. I tried to use Gigabyte provided 5.09 and AMI latest version 5.12 of AFU, both of them failed with error: 18 - error secure flash rom verify fail

I couldn’t find any secure-flash related options in BIOS/UEFI settings so I’m unable to disable such feature. but if I flash the ROM with the gigabyte original ROM file, which downloaded from gigabyte drivers page, everything work like a charm, so I’m pretty sure I’m in the right path.

Here I’d like to provide the original gigabyte rom and my backup.

gigabyte_flashabl.rom.zip (4.33 MB)


afuwin_backup.rom.zip (4.36 MB)



Just in case someone want to check the BIOS feature and screenshot of this motherboard:
http://download.gigabyte.cn/FileList/Man…2-4l0_e_v10.pdf

EDIT by Fernando: Thread title shortened

Maybe you can use FPT instead, make backup, unlock anything necessary, then you can flash back your backup anytime? I checked and it looks like BIOS Lock and FPRR are both disabled by default, so you may not need to unlock anything.
Is Intel ME version shown in BIOS?

Thank you so much for showing the direction!
I was afraid of the FPT coz it’s from intel, not the manufacturer but yes I should have given it a try. This server board supports offline bios flashing via BMC anyway I hope FPU won’t corrupt the bios.

This board do have ME support I’ll check the version once I get a chance. and I’ll try fpt later.

I have no experience with BMC, or how that affects/checks the BIOS, but yes if you have Intel ME FW in there then you can usually flash via FPT.
If you dump BIOS region only (FPTw.exe -bios -d biosreg.bin) and then try to immediately flash back BIOS region only (FPTw.exe -bios -f biosreg.bin) you will find out if you can easily or not.
If you get error, let me know the error # and I can advise further on how to get around or if it’s only possible to dump with programmer, edit the BIOS to unlock, then program back in and then any subsequent dumps/reflashes could be done with FPT

Be careful with FPT, never flash anything stock, or you can loose your board specific details and NVRAM volumes etc. Only try to flash something you dumped yourself.

Your reply enlighten me!

Since the BMC on this MB is able to program the bios when MB/BIOS POWERED OFF, it probably works like a physical programer! May I know how does the “18 - error secure flash rom verify fail” check work? it’s more like a signature check by running BIOS? or it’s just a special bit flag in the ROM? or it’s just a check in flash tool?

I have checked the BMC flash payload(a file with .rbu extension), comparing with the standard image payload, seem like they just append a few extra bytes at the end of the image, as below:
[img]

Gigabyte_RBU_Payload.jpg

[/img]
(Sorry I tried many times but still unable to render the attachment as image, just click at the blank space to open it)

I guess GBT is short for Gigabyte Tech. and ROM is fixed.
But after taking a look at the BMC flash payload for other two similar MB, I realized that the last two bytes 0x31 0x59 is dynamic, probably a checksum or signature, which I need to figure out too.

So here is my plan:

1. Go with FPT.efi first, dump the bios and flash back. I’m pretty sure the version of ME is 12.x coz the chipset is C246, a brandnew C240 series chipset, which only supported by the latest ME tools. Many thanks to this forum I can easily find what I need.

2. If that doesn’t work, I’ll try to figure out how they calculate the last two bytes checksum and go with the BMC offline flash.

I’m now heading home and will start working on it soon.

AFU error 18 (I assume you mean this), is a security check error, BIOS you saved is not signed BIOS since it’s a direct chip dump, so can’t be used with AFU like you are trying.

To use img tags here, you need to upload image to some image host, then put direct image link into the tags.
If you want to attach image using the forum software, then click insert it will paste correct code into place, here is more info on that - [Guide] How to insert pictures or attach files to a post

I can see your image, but I have no clue what any of that is for/means etc. As mentioned, if you want backup you can reflash later use FPT

You can’t guess ME FW, check it out, check BIOS main page or use HWINFO64

You can look into the original bios file from gigabyte, there’s a folder SPI_UPD and Relnotes. The bad news is that it’s SPS 05.00.03.101.0 (PC), the possibly good news is that in the folder SPI_UPD are both spsFPT.efi and AfuEfix64.efi (according to readme 5.09.03.1448) which both should be able to flash a complete image?

±-----------------------------------------+
| ME Analyzer v1.88.0 r167 |
±-----------------------------------------+

±---------------------------------------+
| image.bin (1/1) |
±------------------------±-------------+
| Family | CSE SPS |
±------------------------±-------------+
| Version | 05.00.03.101 |
±------------------------±-------------+
| Release | Production |
±------------------------±-------------+
| Type | Region |
±------------------------±-------------+
| SKU | 3 |
±------------------------±-------------+
| Chipset | CNP-H B,A |
±------------------------±-------------+
| Security Version Number | 1 |
±------------------------±-------------+
| Version Control Number | 0 |
±------------------------±-------------+
| Production Version | Yes |
±------------------------±-------------+
| OEM RSA Signature | Yes |
±------------------------±-------------+
| OEM Unlock Token | Yes |
±------------------------±-------------+
| Date | 2018-07-09 |
±------------------------±-------------+
| File System State | Configured |
±------------------------±-------------+
| Size | 0x39F000 |
±------------------------±-------------+
| Flash Image Tool | 05.00.03.101 |
±------------------------±-------------+
| Chipset Support | CNP-H |
±------------------------±-------------+
±----------------------------------------+
| Power Management Controller |
±------------------------±--------------+
| Family | PMC |
±------------------------±--------------+
| Version | 300.2.11.1014 |
±------------------------±--------------+
| Release | Production |
±------------------------±--------------+
| Type | Independent |
±------------------------±--------------+
| Chipset SKU | H |
±------------------------±--------------+
| Chipset Stepping | B |
±------------------------±--------------+
| Security Version Number | 2 |
±------------------------±--------------+
| Date | 2018-06-21 |
±------------------------±--------------+
| Size | 0xE000 |
±------------------------±--------------+
| Chipset Support | CNP |
±------------------------±--------------+

Error: Detected CSE Extension 0x16 with wrong Partition Hash at OPR > FTPR.man!

That only shows what is in that BIOS file, not necessarily what is in the BIOS currently, always best to check. And it’s not part of his dump, due to using AFU to create his dump, and or ME locked from read in the FD, or both
But yes, thank you for checking that out, at least we know it’s likely to be V5 SPS. And yes, since SPSFPT is include that would be the one to use if same major version as current MW FE

Hi thanks all of you here I bring good news!

* They hide all ME firmware related information in the BIOS, no version at all.
* Unable to get the ME version from hwinfo64 either, it shows nothing in ME firmware version field.
* None of MEInfo including DOS/EFI/Win/DOS doesn’t work at all, just get stuck silently.

Seems like they are trying to hide the ME things probably coz the server motherboard has full featured BMC and IPMI inside, they are much powerful and easy to use. they didn’t mention the ME stuffs in there docs and specs, nowhere. and there is no such entry like “ME Tools” during POST process.


* FPT12.x DOS doesn’t work. it get stuck after the banner text of FPT “Intel® Flash…All rights reserved.” and then nothing happens, no error, no exit, just hang.
* FPT12.x EFI version doesn’t work either. it get stuck after the banner text of FPT “Intel® Flash…All rights reserved.” same as DOS.

* But FPT12.x Win10/64bit works! both dump and write work like a charm!
And now I have already made a customized BIOS via AMIBCP5.x, then have it flashed back successfully!

Thanks All of you @Lost_N_BIOS @lfb6

BTW if you are interested in this motherboard I’ll be happy to help! something like provide more information, dumps or screenshots.
P.S. @Lost_N_BIOS Now I see why I was unable to insert the images in the previous post. it’s not about the way I did, it’s about the width/resolution of the image. maybe too big?

Untitled-1.jpg

@suriv520 - great you have found all this out and were able to now make your backup and reflash at-will so you know you can later now too

If you need anything unlocked in BIOS that you can’t get revealed with 5.02.0023 or 0031 let me know

Yes 5.02.0031 works perfect.

Hello
But FPT12.x Win10/64bit works! both dump and write work like a charm!
can you upload this file please
i tried many fptw.exe ver 12 …but not working
can not found this FPT12.x Win10
Thanks

Flash with Ez flash in bios but charge battery