Manual control how, in throttlestop?
RSA Checksum would/should only stop BIOS flash normal methods, using programmer would get around that, I think that’s what it’s used for but I’ve not read much about it or dealt with it much so you could be correct too.
SITREP:mixed outcomes
good news:i successfully flashed the modified bios image back with FPT,no errors NO BRICK.
i even tried to updated MCU with UBU and also succeed.which means there should be NO VERIFICATION OR LOCKS inside the bios.
with MSR 0x194 unlocked,the multiplier control do worked,but only partly worked.i’ll explain later.
bad news:the multiplier unlock with NVRAM variables,wont freeze at OS loading stage even if i tweaked 4-core turbo ratio,that’s good.but the CPU frequnency somehow locked at 1.6GHz(or 1.8GHz sometimes).when i tried to manually control multiplier with ThrottleStop,the system freeze.several trys,same ending.
personally i think maybe there is some sort of EC control or limit with multiplier need to overcome?
Thanks for your reply.
Great no errors or brick! And it’s good to see 0x194 unlocked, IDA assembly use success!!
Great you have some control now too, since this is laptop I am sure BIOS limits somewhat anyway, maybe TDP needs unlocked, it’s too bad we can’t edit in AMIBCP.
I can manually change things though, let me look into TDP limits and see what I can set. Sounds like Speedstep, C1E or C3-6 enabled, or Turbo disabled. What all of those can you control in the BIOS?
Make sure enabled, and make sure operating system power option in control panel for CPU is to high performance and then max on min/max CPU
Accroading to AIDA64 report,M6700 should have 65W PL1 and 81.3W PL2,which means manufacturer already tweaked and unlocked TDP configuration(and maybe that’s related to why i can’t control multiplier with MSR 0x194 unlocked).
end-users have SpeedStep(can be selected between enable or disable) and C-state(enable or disable) as well as turbo boost and hyper-threading control.
yes,i’m sure turbo boost left enabled and power option in os has been set to high performance 
Thanks for your help.
btw i noticed i lose manufactured date of my machine during bios flash or what,can’t tell influence now,or if anything else lost.should be no harm but i’ll keep an eye on it.
Not sure on Manufacture date, I didn’t change or erase? But, I’m sure we can put back later once we’re done.
So, lets dump NVRAM how you linked in that other thread, can you dump NVRAM that way or was that only more of a guide to find a setting in grub only? It’s too bad none of those SCEwin work for you, you did try 32/64 type inside each version correct?
You said multiplier control works now, but something downclocked system correct? Maybe how I changed the 0x194 lock was wrong method, it can be set a few ways for same unlock I did.
Here in section 3 is where I choose which method to use (Change JZ to JMP=Jump)
https://www.codewithc.com/forums/topic/d…tions-examples/
Original was 74 28 I change to EB 28 per #6, flow of BIOS goes same way though no matter how I set the jump, I mean it always goes to the next original instruction. I changed it to go there (Same location before or after edit) no matter what, instead of going to other location if blocked by 0x194
So to summarize that in case it makes better sense to you, to see if you think it’s correct too. I changed jump (74) 28 bytes ahead if zero flag is set (which it’s not, it’s set=1), so we change jump 28 bytes unconditionally no matter what is set, skipping the 0x194 lock.
We could try 74 28 to 90 90 NOP’n the entire instruction, skip to next, but it seems like they advise better method is one I done above? Agree?
Here is original flow chart of instructions so you can see again, unedited. As you can see, even if this doesn’t make any sense to you, at that 0x194 instruction BIOS commands only go one way or the other (green/red arrow after 194h instruction block) based on what happens right then
I assume left side red arrows is the “When 0x194 block is enabled bit set 1” which was original way (First Image), we changed to go right side way “Bit set 0/1 does not matter/ jump anyway to 180001C2F” to left side skipping all next checks (Second image).
As you can see there, after 194h block blue arrow jump is only flow path now instead of choice red/green. Ignore stuff on far left, it’s just moved over there as “Set aside, not used, in the way of the chart” same stuff is in original too, unused but further down in the options paths
Maybe we need to 90 90 NOP? Here is how that looks once assembled, looks like a fail, same/similar flow as original, and makes JZ be JNZ (Jump if not zero), changing bytes I didn’t even edit with 90 90 and making me think jump if not zero means flag still=1, but I am not expert at interpreting this
Or 74 90 (Jump next no matter what, no operation possible)
Or we can try 74 00 as they noted as well, but I think that one they said may fail due to checks, but they are discussion another mod altogether so it may not apply at all here.
Which do you think makes most sense, or do you want to just make them all and try each one? I wish an expert on this topic would chime in, but not certain who knows most about this @DeathBringer @oldirdey @CodeRush @Mov_AX_0xDEAD @SoniX - what’s best way to disable 0x194 lock?
And @Fernando - who else is BIOS editing experts here? Please tag them for me, thanks!
1:agreed mfg date not important at all,we can just ignore it for now.
2:if there is anything related with NVRAM in any other thread i mentioned before,it’s just “a guide to find a setting in grub”.
3:yup,none of those SCEWin works for me,tried with every version,32 and 64bit. it always throw out ERROR:4 - Retrieving HII Database and ERROR:4 - Dumping HII Database to File(2.x and 5.0) or unidentified platform (5.03).
4:things become a little bit complicated here.
4.1:with unlocked MSR 0x194,if i left everything untouched and boot,nothing happens.it works like never unlocked and ThrottleStop cant set multiplier over default 39x.
4.2:if i set 1/2/3/4 cores ratio 0x25 0x26 0x27 0x28 with grub to OCT value 0x50(should be 40x multiplier),this thing will locked at 1.6GHz.ThrottleStop can set a multiplier over 39x,but even 40x will lead to a freeze system.
5:your current unlock way (Change JZ to JMP) seems fine for me.due to my lack of knowledge and experience with assembly code,i’m sorry i cant say which method you mentioned is better.the best idea i can provide is to stick with the successful w530 unlock method,and personally i think our method is just same as that right?
6:imo our MSR 0x194 unlock is successful,and maybe the problem is something in EC controlling multiplier or cpu behavior could override bios settings?please correct me if i was wrong.
update:i accidentally found something interesting about EC.
i’ll qute it here
"We have just shown in the case of my i7-4700MQ that power limits are programmable and unlimited. It is indeed the manufacturer setting the limits. There are a least 2 other ways to program power limits other than through MSR’s, those being memory mapped addresses and PECI and it does not matter if the MSR is locked, seems lowest setting wins. For instance PL1 and PL2 can also be programmed via MCHBAR+0x59A0 and MCHBAR+0x59A4 while PP0 and PP1 can be found at MCHBAR+0x59A8 and MCHBAR+0x59AC. The PECI ones though are generally controlled by the Embedded Controller (EC). If you are lucky the manufacturer might provide access to the relevant registers. If not, then an EC firmware mod would be required."
in this case the post owner is actually talking power limits about Precision Dell M6800 with Haswell processors.but maybe we can somehow try to follow this path and find out if there’s something controlling multiplier in my M6700?
the thread is here in case you are interested in it.http://forum.notebookreview.com/threads/…haswell.766743/
Again,all your help is greatly appreciated 
On your post #24 image, did it show that “unlocked” stuff for your CPU previously? I forgot to ask.
Thanks for the image info, any/all other posts relating to this may not really help, other than explaining what they do at the end/jump location, due to all BIOS coding being different. I have seen that and many other similar.
OK, thanks for further details. on 4:2, sounds like you are maybe setting incorrect values for the cores, since immediately after that it’s 1.6Ghz, I am not familiar with how all of that works but I think maybe you have wrong value to use, possibly based on some other threads info not related to your exact CPU.
Did you run the 0x194 program I linked you to previously, it should show you values to use, I think. For some reason 48 comes to mind where you mentioned 50, maybe I read that somewhere, but even if so probably not for your CPU since I didn’t lookup values for your CPU. Maybe check around for exact values to use for your CPU.
Yes, I think way I changed the jump is correct way to use, not the only possibility but I do think it’s right way to do it, but I could be wrong and we could be wanting to jump the other way (Left instead of right line of flow, but that would require editing next block instead which makes me think maybe not correct)
See, in image above at end, you have instruction to jump xxx if bit set to 0, or jump to xxx if bit set to 1. Comparing that to your BIOS it’s not the same, and I can’t tell which direction of flow/R/L is bit for 194 set to 0/1
Did they make any progress with EC mod? I can’t edit EC, and any time I’ve looked I only see fan control, rest is not legible data.
Hopefully someone else can chime in to help eventually!
Yes,Dell make it unlocked as AIDA shows.
I understand,due to different manufacturers and models there must be huge variant between machines.
Talking about the OCT value i set for 1/2/3/4 Core turbo ratio,imo OCT 50=DEC 40 which means 40x multiplier.Please point me out if I was wrong.
I believe your way to unlock MSR 0x194 (change JZ to JMP) is right.The real problem maybe deep inside the EC.I noticed that 1/2/3/4 Core turbo ratio are all 0x00 with stock settings,which means this value most likely not used by origin manufacturer.I guess they control that in EC.
Unfortunately,compare to BIOS things,there is much less info about EC to get on Internet.So I dont know,maybe I’ll just suspend my research for a while,proceeding after get info and learn something more about EC.
And about you LNB,you have my greatly respect and appreciate.We can never get this far without your patience,knowledge and genius ideas.Many thanks for help again.
I’ll be back there and update thread if anything new found.
BTW do you think i could find some other skilled specialists just like you at BIOS-MODS,My Digital Life,NoteBookReview or any other similar forums and get some sort of help?
OK, I just wondered if CPU show that, it’s reading CPU nothing Dell did.
I do not know about variables to use for that, I just assumed maybe you used wrong one since you said as soon as you try it went to 1.6Ghz instead. That tool I linked you to at overclock.net 0x194 tool will show you which variables to use.
I don’t think EC has anything to do here, maybe NVRAM though. I do see this, so maybe you are correct about EC >> EC Turbo Control Mode (VarOffset/VarName): 0x160 - Disabled, Value (8 bit): 0x0 (default), change that to 0x1 in grub and see if it helps, but I would assume you want it disabled?
Here’s more for you to check in grub
Intel® TurboBoost™, VarStoreInfo (VarOffset/VarName): 0x29F (no default setting I can see, only marked as “Checkbox” without a default setting
Intel® TurboBoost™ , VarStoreInfo (VarOffset/VarName): 0xFFFF - not sure why it’s there twice?
Enable Intel® TurboBoost™, VarStoreInfo (VarOffset/VarName): 0x29F - make that three times!? Another “Checkbox” here
Turbo Mode, VarStoreInfo (VarOffset/VarName): 0xB2D - default is enabled
4-Core Ratio Limit, VarStoreInfo (VarOffset/VarName): 0x28
3-Core Ratio Limit, VarStoreInfo (VarOffset/VarName): 0x27
2-Core Ratio Limit, VarStoreInfo (VarOffset/VarName): 0x26
1-Core Ratio Limit, VarStoreInfo (VarOffset/VarName): 0x25
I really appreciate it, thank you too! Hope we can figure this out for you!
Yes, all of those forums have great minds always helping people hack their BIOS, you just have to catch one ready to help at the right time that knows how to take apart your particular BIOS.
I joined over at BIOS-mods not long ago, but so many people need help with BIOS types I know nothing about, so many requests I have to look at and move on without even saying anything, because I know I can’t help at all.
So you have to find someone that specializes in your BIOS type and the type of mod you need done. Like some of those BIOS I mentioned I can’t work with, I can, but only simple things like CPU microcode update, when most people want menu unlock or settings changes etc,
So it really all depends on what you need and your BIOS type, then who reads your topic and is ready to help that day. But YES, all those places have great people who cam mod BIOS in amazing ways.
I’m sure someone at any of those can solve all this for you in one reply, a Dell BIOS mod specialist, with skills on CPU or BIOS menu settings, would solve this real quick for you.
I am none of those for Dell, so as you can see it’s been a while and we’ve not made huge progress yet
Google for "Intel® 64 and IA-32 Architectures Software Developer’s Manual"
Maybe you can find something in the document.
UPDATE:I THINK WE MAKE IT!!!
My boss called me just now,i’ll be back and explain asap.
Sounds promising! Please update when you get a chance, thanks! Hope boss didn’t give you a hard time 
Job done and I’m back.
Again,your way of modify is totally CORRECT.
The problem is,as you mentioned,I actually messed up with NVRAM variables value.That value of 1/2/3/4-core turbo ratio control shoule be HEX,and I took it as OCT.After read that thread you provided i finally realized this problem.
Now,my gear works like a charm.PLS look at CineBenchR15 result down there.Around 670CB for stock and around 720CB after overclocking to 40/40/40/40x.And as we know,720CB is higher then a stock Haswell i7-4930MX (around 710CB)!
Dude,thanks for all thing you did for me and you are a real genius:D
For now i’ll try to push this thing to its limit,and find a decent value for daily use.Later I’ll dig into the ACPI table and try to figure out the specific compatibility problem between M6700 and mobility Quadro P5000 graphic card.Could I request for your help again in the near future?thanks in advance!
Great you found the correct method, I was going crazy as it seemed like my first time actually unlocking this was correct but it failed, so I was sad 
Very nice overclock and scores, for a laptop too! Faster than my system I’m using now I think
You’re very welcome, and thank you for sticking with me too while we figured it out together!
I’ll have to call in help with ACPI tables, that one is definitely above my head, I think… I thought assembly/disassembly use was too, until this 0x194 lock help me figure it out, so thanks to you for making this thread and having me dig into IDA again!
Thanks for checking in @oldirdey and thanks for all your help/discussions on assembly we’ve had too, it kept me going on figuring things out.
Now I just need to learn how to change a DVMT selection choice from 128MB to larger values like 512MB or 1024MB, I thought I had it but reality it only changes the selection labels 
Might have to hit you up on PM to look at that for me, if you don’t mind? If you’re OK to check let me know in PM and I’ll send, thanks!
Thanks for trying to provide useful infomation!
We finally made it thanks to LNB’s outstanding works and helpful community members just like you
Have a nice day.
For my machine I think I have seen the DVMT settings somewhere in NVRAM variables list,not 100% sure about the certain machine you are researching.
Thanks again to you as well!
The DVMT I’m needing to change has to be edited in/by assembly, like this edit I made for you, it’s part of the setup module of the BIOS I’m trying to sort that out in, it’s an Acer 1830Z (With super-limited options shown in Intel tools, it does not open it’s menu options fully, but that wouldn’t help anyway)
I don’t need to change the setting, well I will once done, but I need to change the actual allowed values and the included variable/instruction sets that call them into play. Change option of 64Mb, 128MB, 256MB for example into 128MB, 512MB, 1024MB, or really just change one of them into a large amount would be ideal.
I made some edits that I thought looked like it would change them, it changed the code and auto updated the instructions defined value info too, but in reality the BIOS only changed the labels, once selected same original values were applied