Yes, I read that link you gave, seems like you can overclock that way, but not by changing CPU multi, it looked like turbo bins and TDP edits.
What do you mean you can’t get files from my link? Use gray download button in middle of page, enter 4 digit shown (If you don’t see, disable ad-block and refresh page) and then download gray button again. Do you need another upload to different host?
You wont find SCEWin like I posted, it’s not a public tool and I put 4 different versions in there, you may get lucky and find one but you need a bunch of versions in order to get luck and find the one that works for your system.
If you need me to upload to somewhere else, please tell me what file host you like and I can upload there.
true,Khenligh mentioned TDP tweak in that thread,but he also mentioned mutiplier unlock,too.i’ll just quote his word here "Here’s 4.3ghz running with the override off. I had hwinfo64 on to prove that this was on a latitude.""NVRAM locations for turbo multipliers were 0x25 through 0x28." these 0x25 to 0x28 is exactly where im put my hands on,but the only outcome is Freeze on OS loading stage,here is the root of my believe in some sort of checksum or protection in the BIOS.
i managed to get a copy of SCEWin64 from MDL forum
BTW mega.nz will be fine for me:)
thanks for your reply
I thought so, that’s what I was thinking was “Turbo Bins” I will unlock those for you in BIOS then you can re-program, but it may also need changed in NVRAM too. On the SCEWin, did the version you get work for your board?
If not, here is few more mirrors for the package I posted, since you did not explain the problem? I can’t figure out how to upload and get link at NZ without making accounts
https://nofile.io/f/JGV5NgobY1m/SCEWin-Multi.zip
https://www.sendspace.com/file/yuoaw2
About the freeze after your current attempts, that is why I gave you the initial BIOS I did, unlocked the BIOS Interface lock (That’s probably what was stopping you previously). Program that BIOS again before doing anything further, that way those locks are all out of the way and don’t need to also be changed.
sry for delayed reply.
i actually unlocked those locks(by GRUB) at a very early stage of my research(and before any manipulation,of course),but still no luck.
i’ll try SCEWin you provided this time,tbh i dont think it will make any difference 
btw i dig into the W530 unlock thread mentioned above,and try to adopt the operation to my BIOS.it turns out i find some module highly suspected related to MSR0x194 settings.you can find it by searching “powermanagement” in UEFITool. the problem is i cant extract assembly code for further editing,maybe i just dont know how to use the tool correctly?
thanks for your reply
Well those need to be either permanently unlocked in BIOS, which is why I gave you modified BIOS, or unlocked by grub and then no BIOS flash after that or they get reset.
SCEWin is for us to look at NVRAM settings and edit if any are related. Did you get NVRAM.txt output from any of the versions?
I am looking at the powermanagement MSR 0x194 for you now, please be patient. May also be in other module instead (Like pchinitdxe), can you find anyone discussing your exact model and x194 unlock, so we can be sure correct module before digging in too deep?
I have found that MSR = 0x1AD in grub - see post #46 - https://forums.anandtech.com/threads/wha…2496647/page-2
See also, here in post #12 (And see #15 for explain) for MSR tool so you can check actual CPU options - https://www.overclock.net/forum/5-intel-…2-3-7ghz-2.html
@DeathBringer - can you help with the MSR 0x194 unlock? Thanks!
Update:NO luck with any version of SCEWin64
Ver2.11 and 5.00 throw an ERROR :4 - Retrieving HII Database and ERROR:4 - Dumping HII Database to File
Ver5.03 said Platform identification failed.
for now it seems like the only thing i could do is cross my finger and hope your research into that bios module could work.
i’ll try to provide as much info as i could
here is the W530 unlock thread,the most useful part should be on page 3(some failure of trying) and page 4(post #32 success finally)
https://www.bios-mods.com/forum/Thread-R…removal-special
here is coderush’s explaination of how to unlock some MSR from certain BIOS module on post #5(e.g. CPUPEI or Powermanagement.efi may also be called or PowerManagement2.efi PowerMgmtDxe.efi)
i know he is actually talking about PM patch for hackintosh and AES-NI unlocked,but i think its some similarity to MSR 0x194(you can see the W530 guy find his MSR 0x194 inside PowerManagement2.efi if i recalled correctly)
https://www.bios-mods.com/forum/Thread-R…21UC?pid=101614
thanks for your reply
Thought we’d get lucky, only some versions work on some chipsets, but sometimes OS matters too (Try win7 if you can, best luck for me has been that OS)
I ask a few people to help me on that MSR unlock, hopefully we can find for you! Thank you for the added links, I know how to unlock it for certain things and how to recognize like the 0xE2, but in other modules, I can’t seem to find in this one, that is why I thought maybe it’s not this module, but it’s different lock than normal too so I probably just am not recognizing it.
one more thing,there is TWO powermanagement module inside the bios image,and i cant tell which one is the correct one or higher possible one.but when i search HEX string «75080FBAE80F»(MSR 0xE2 related stuff),the outcome reduce to ONLY ONE.i’m not sure if its useful,just provide you this info here.
btw i remember i had no way getting bios dump with AFUWIN(error 46 cant get flash information or something like that),which makes me suspected there is some restrain with AMI’s tools including SCEWIN?are there anything like SCEDOS ever exist?due to lack of backup HDDs its pretty painful to switch operating systems you know…
appreciate for trying to call in more specialists,thanks for all your help 
thanks for your reply.
Yes, I saw that too already! I think I found it now, in the main powermanagement, will get into changing it tonight! Don’t worry about testing other OS, I was only tossing out ideas in case you had spare HDD’s around.
And solved… I think!
Will recompile tonight for you to test - Edit @Blossomcrown - had a minute now, so here it is, double checked the edit and all looks correct to me but be ready to recover via programmer if necessary since I don’t do these type of changes often 
Edit - new links
https://www.sendspace.com/file/372qvq
http://s000.tinyupload.com/index.php?fil…521893258749072
http://www.filedropper.com/m6700m2-194-jmp
PM or post if all links above die, thanks!
How genius you are![screaming loudly]
it will take me few days or up to a week to get a SPI programmer standing by,so i have to delay the field test for a while.
honestly i cant imagine that we could push forward sooooooo fast.maybe we cant achieve one-time success but im pretty sure we are not far from that.
Thanks for all your time and help,i’ll report back as soon as possible! 
Thanks for your reply.
I hoped, and thought you already had programmer in hand and had been using it?
I think, if that was all you knew from your research that needed unlocked, then I believe problem is solved, and now with MSR 0x194 bypassed you can do the other changes you wanted.
Isn’t that what you though, once this lock removed other things you previously tried that failed, would then be allowed to function properly?
Hope the programmer arrives soon! If you have other systems you can use in the meantime, then you can go ahead and flash and test this BIOS, but in case of bad flash if this is only system you have then yes please wait until you have programmer so you can recover if necessary.
with MSR 0x194 unlocked i expect CPU multiplier manually control,which will enable XM CPUs’ overclocking,become avaliable.
it should work if there is NO any other restriction(e.g. long concerned RSA checksum or some other integrity verification mechanism) inside the BIOS.
as metioned above,i’ll get programmer,do field test and report back as soon as i can.
Thanks for your reply.
Manual control how, in throttlestop?
RSA Checksum would/should only stop BIOS flash normal methods, using programmer would get around that, I think that’s what it’s used for but I’ve not read much about it or dealt with it much so you could be correct too.
SITREP:mixed outcomes
good news:i successfully flashed the modified bios image back with FPT,no errors NO BRICK.
i even tried to updated MCU with UBU and also succeed.which means there should be NO VERIFICATION OR LOCKS inside the bios.
with MSR 0x194 unlocked,the multiplier control do worked,but only partly worked.i’ll explain later.
bad news:the multiplier unlock with NVRAM variables,wont freeze at OS loading stage even if i tweaked 4-core turbo ratio,that’s good.but the CPU frequnency somehow locked at 1.6GHz(or 1.8GHz sometimes).when i tried to manually control multiplier with ThrottleStop,the system freeze.several trys,same ending.
personally i think maybe there is some sort of EC control or limit with multiplier need to overcome?
Thanks for your reply.
Great no errors or brick! And it’s good to see 0x194 unlocked, IDA assembly use success!!
Great you have some control now too, since this is laptop I am sure BIOS limits somewhat anyway, maybe TDP needs unlocked, it’s too bad we can’t edit in AMIBCP.
I can manually change things though, let me look into TDP limits and see what I can set. Sounds like Speedstep, C1E or C3-6 enabled, or Turbo disabled. What all of those can you control in the BIOS?
Make sure enabled, and make sure operating system power option in control panel for CPU is to high performance and then max on min/max CPU
Accroading to AIDA64 report,M6700 should have 65W PL1 and 81.3W PL2,which means manufacturer already tweaked and unlocked TDP configuration(and maybe that’s related to why i can’t control multiplier with MSR 0x194 unlocked).
end-users have SpeedStep(can be selected between enable or disable) and C-state(enable or disable) as well as turbo boost and hyper-threading control.
yes,i’m sure turbo boost left enabled and power option in os has been set to high performance
Thanks for your help.
btw i noticed i lose manufactured date of my machine during bios flash or what,can’t tell influence now,or if anything else lost.should be no harm but i’ll keep an eye on it.
Not sure on Manufacture date, I didn’t change or erase? But, I’m sure we can put back later once we’re done.
So, lets dump NVRAM how you linked in that other thread, can you dump NVRAM that way or was that only more of a guide to find a setting in grub only? It’s too bad none of those SCEwin work for you, you did try 32/64 type inside each version correct?
You said multiplier control works now, but something downclocked system correct? Maybe how I changed the 0x194 lock was wrong method, it can be set a few ways for same unlock I did.
Here in section 3 is where I choose which method to use (Change JZ to JMP=Jump)
https://www.codewithc.com/forums/topic/d…tions-examples/
Original was 74 28 I change to EB 28 per #6, flow of BIOS goes same way though no matter how I set the jump, I mean it always goes to the next original instruction. I changed it to go there (Same location before or after edit) no matter what, instead of going to other location if blocked by 0x194
So to summarize that in case it makes better sense to you, to see if you think it’s correct too. I changed jump (74) 28 bytes ahead if zero flag is set (which it’s not, it’s set=1), so we change jump 28 bytes unconditionally no matter what is set, skipping the 0x194 lock.
We could try 74 28 to 90 90 NOP’n the entire instruction, skip to next, but it seems like they advise better method is one I done above? Agree?
Here is original flow chart of instructions so you can see again, unedited. As you can see, even if this doesn’t make any sense to you, at that 0x194 instruction BIOS commands only go one way or the other (green/red arrow after 194h instruction block) based on what happens right then
I assume left side red arrows is the “When 0x194 block is enabled bit set 1” which was original way (First Image), we changed to go right side way “Bit set 0/1 does not matter/ jump anyway to 180001C2F” to left side skipping all next checks (Second image).
As you can see there, after 194h block blue arrow jump is only flow path now instead of choice red/green. Ignore stuff on far left, it’s just moved over there as “Set aside, not used, in the way of the chart” same stuff is in original too, unused but further down in the options paths
Maybe we need to 90 90 NOP? Here is how that looks once assembled, looks like a fail, same/similar flow as original, and makes JZ be JNZ (Jump if not zero), changing bytes I didn’t even edit with 90 90 and making me think jump if not zero means flag still=1, but I am not expert at interpreting this
Or 74 90 (Jump next no matter what, no operation possible)
Or we can try 74 00 as they noted as well, but I think that one they said may fail due to checks, but they are discussion another mod altogether so it may not apply at all here.
Which do you think makes most sense, or do you want to just make them all and try each one? I wish an expert on this topic would chime in, but not certain who knows most about this @DeathBringer @oldirdey @CodeRush @Mov_AX_0xDEAD @SoniX - what’s best way to disable 0x194 lock?
And @Fernando - who else is BIOS editing experts here? Please tag them for me, thanks!
1:agreed mfg date not important at all,we can just ignore it for now.
2:if there is anything related with NVRAM in any other thread i mentioned before,it’s just “a guide to find a setting in grub”.
3:yup,none of those SCEWin works for me,tried with every version,32 and 64bit. it always throw out ERROR:4 - Retrieving HII Database and ERROR:4 - Dumping HII Database to File(2.x and 5.0) or unidentified platform (5.03).
4:things become a little bit complicated here.
4.1:with unlocked MSR 0x194,if i left everything untouched and boot,nothing happens.it works like never unlocked and ThrottleStop cant set multiplier over default 39x.
4.2:if i set 1/2/3/4 cores ratio 0x25 0x26 0x27 0x28 with grub to OCT value 0x50(should be 40x multiplier),this thing will locked at 1.6GHz.ThrottleStop can set a multiplier over 39x,but even 40x will lead to a freeze system.
5:your current unlock way (Change JZ to JMP) seems fine for me.due to my lack of knowledge and experience with assembly code,i’m sorry i cant say which method you mentioned is better.the best idea i can provide is to stick with the successful w530 unlock method,and personally i think our method is just same as that right?
6:imo our MSR 0x194 unlock is successful,and maybe the problem is something in EC controlling multiplier or cpu behavior could override bios settings?please correct me if i was wrong.
update:i accidentally found something interesting about EC.
i’ll qute it here
"We have just shown in the case of my i7-4700MQ that power limits are programmable and unlimited. It is indeed the manufacturer setting the limits. There are a least 2 other ways to program power limits other than through MSR’s, those being memory mapped addresses and PECI and it does not matter if the MSR is locked, seems lowest setting wins. For instance PL1 and PL2 can also be programmed via MCHBAR+0x59A0 and MCHBAR+0x59A4 while PP0 and PP1 can be found at MCHBAR+0x59A8 and MCHBAR+0x59AC. The PECI ones though are generally controlled by the Embedded Controller (EC). If you are lucky the manufacturer might provide access to the relevant registers. If not, then an EC firmware mod would be required."
in this case the post owner is actually talking power limits about Precision Dell M6800 with Haswell processors.but maybe we can somehow try to follow this path and find out if there’s something controlling multiplier in my M6700?
the thread is here in case you are interested in it.http://forum.notebookreview.com/threads/…haswell.766743/
Again,all your help is greatly appreciated
On your post #24 image, did it show that “unlocked” stuff for your CPU previously? I forgot to ask.
Thanks for the image info, any/all other posts relating to this may not really help, other than explaining what they do at the end/jump location, due to all BIOS coding being different. I have seen that and many other similar.
OK, thanks for further details. on 4:2, sounds like you are maybe setting incorrect values for the cores, since immediately after that it’s 1.6Ghz, I am not familiar with how all of that works but I think maybe you have wrong value to use, possibly based on some other threads info not related to your exact CPU.
Did you run the 0x194 program I linked you to previously, it should show you values to use, I think. For some reason 48 comes to mind where you mentioned 50, maybe I read that somewhere, but even if so probably not for your CPU since I didn’t lookup values for your CPU. Maybe check around for exact values to use for your CPU.
Yes, I think way I changed the jump is correct way to use, not the only possibility but I do think it’s right way to do it, but I could be wrong and we could be wanting to jump the other way (Left instead of right line of flow, but that would require editing next block instead which makes me think maybe not correct)
See, in image above at end, you have instruction to jump xxx if bit set to 0, or jump to xxx if bit set to 1. Comparing that to your BIOS it’s not the same, and I can’t tell which direction of flow/R/L is bit for 194 set to 0/1
Did they make any progress with EC mod? I can’t edit EC, and any time I’ve looked I only see fan control, rest is not legible data.
Hopefully someone else can chime in to help eventually!