@Lost_N_BIOS
Now I got you, boss!
So here’s the report on my recent step:
Error 280: Failed to disable write protection for the BIOS space!
Waiting for your next orders, sir!
Waiting for your next orders, sir!
Great to see error 280!! 
Unless you ran into that before?? I think usually when there is the AFU caused issue, it’s always 204, before or after you do things to bypass 167/280/368 etc (ie no matter what, always error 204)
Please now do the following to disable SMI + BIOS Lock
You can do this via grub/setup var following my guide here (Start at step #6, I’ve done rest for you and info is below) - [GUIDE] Grub Fix Intel FPT Error 280 or 368 - BIOS Lock Asus/Other Mod BIOS Flash
Or you can use RU method - Go to section 2.2 and make bootable USB with RU program, then read 2.3-2.5 (Your setup GUID is EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9)
http://forum.notebookreview.com/threads/…-issues.812372/
For Grub/Setup_var method - Rename .efi file to >> Shellx64.efi
SMI Lock variable to change >> 0xA2
BIOS Lock variable to change >> 0xA3
So, at grub prompt you will type the following, one line at a time, enter between each (Case sensitive)
setup_var 0xA2 0x00
setup_var 0xA3 0x00
Then reboot and do FPT spoiler step #1-2 again but use a new bios region name, such as biosregnew.bin
Same for RU, after done making and saving changes, reboot back to windows and do FPT stuff again with new name
After that, you should see success at #2 step, if/when you do, send me the newly created biosregnew file
I remember having this error 204, so I glanced at the first posts and found confirmation: Post #48
@Lost_N_BIOS
Didn’t get this one. The step #1-2 from the GUIDE ?
------------------------------------
::: UPDATE :::
This is what I get when I trying to disable the SMI+BIOS locks:
Sorry, I mean the FPT spoiler (basically you do the FPT BIOS region dump again with new name, and then try to write that file back)
Ignore the “Write stock BIOS” stuff here, this is just copy/paste I use to have people dump BIOS, only pasting here in case you’ve not seen before etc.
You just need to do Step #1 (w/ new biosreg name) AFTER SMI/BIOS Lock both are successfully changed, then do step #2 after #1, but ONLY AFTER you get the locks disabled first.
If you have already modified the BIOS in ANY way, you will need to re-flash it back to factory defaults using factory method (NOT FPT)!!!
Additionally, please remove all BIOS passwords, disable secure boot, and disable TPM or Encryption if you have enabled. Do this before moving on to below
If you do not have Intel ME drivers installed, install them now from your system driver download page, then start over here after reboot.
Check your BIOS’ main page and see if ME FW version is shown. If not then > DOWNLOAD HWINFO64 HERE <
Once HWINFO is open, look at the large window on the left side, expand motherboard, and find the ME area.
Inside that section is the ME Firmware version. Take note of the version. (ie. write it down or get a screenshot)
Once you have that, go to the thread linked below, and in the section “C.2” find and download the matching ME System Tools Package for your system.
(ie if ME FW version = 10.x get V10 package, if 9.0-9.1 get V9.1 package, if 9.5 or above get V9.5 package etc)
> DOWNLOAD " ME System Tools " packages HERE <
Once downloaded, inside you will find Flash Programming Tool folder, and then inside that a Windows or Win/Win32 folder (NOT x64).
Highlight that Win/Win32 folder, then hold shift and press right click. Choose “open command window here” (Not power shell! >> * See Registry file below *).
If you get an error, reply to this post with a screenshot of it, OR write down the EXACT command entered and the EXACT error given.
((If “open command window here” does not appear, look for the “Simple Registry Edit” below…))
Step #1
Now you should be at the command prompt.
You are going to BACKUP the factory un-modified firmware, so type the following command:
Command: " FPTw.exe -bios -d biosreg.bin "
>> Attach the saved "biosreg.bin ", placed into a compressed ZIP/RAR file, to your next post!!! <<
Step #2
Right after you do that, try to write back the BIOS Region dump and see if you get any error(s).
Command: " FPTw.exe -bios -f biosreg.bin "
^^ This step is important! Don’t forget! ^^
If you get an error, reply to this post with a screenshot of it, OR write down the EXACT command entered and the EXACT error given.
Here is a SIMPLE REGISTRY EDIT that adds “Open command window here as Administrator” to the right click menu, instead of Power Shell
Double-click downloaded file to install. Reboot after install may be required
> CLICK HERE TO DOWNLOAD CMD PROMPT REGISTRY ENTRY <
If the windows method above does NOT work for you…
Then you may have to copy all contents from the Flash Programming Tool \ DOS folder to the root of a Bootable USB disk and do the dump from DOS
( DOS command: " FPT.exe -bios -d biosreg.bin " )
Additionally, please remove all BIOS passwords, disable secure boot, and disable TPM or Encryption if you have enabled. Do this before moving on to below
If you do not have Intel ME drivers installed, install them now from your system driver download page, then start over here after reboot.
Check your BIOS’ main page and see if ME FW version is shown. If not then > DOWNLOAD HWINFO64 HERE <
Once HWINFO is open, look at the large window on the left side, expand motherboard, and find the ME area.
Inside that section is the ME Firmware version. Take note of the version. (ie. write it down or get a screenshot)
Once you have that, go to the thread linked below, and in the section “C.2” find and download the matching ME System Tools Package for your system.
(ie if ME FW version = 10.x get V10 package, if 9.0-9.1 get V9.1 package, if 9.5 or above get V9.5 package etc)
> DOWNLOAD " ME System Tools " packages HERE <
Once downloaded, inside you will find Flash Programming Tool folder, and then inside that a Windows or Win/Win32 folder (NOT x64).
Highlight that Win/Win32 folder, then hold shift and press right click. Choose “open command window here” (Not power shell! >> * See Registry file below *).
If you get an error, reply to this post with a screenshot of it, OR write down the EXACT command entered and the EXACT error given.
((If “open command window here” does not appear, look for the “Simple Registry Edit” below…))
Step #1
Now you should be at the command prompt.
You are going to BACKUP the factory un-modified firmware, so type the following command:
Command: " FPTw.exe -bios -d biosreg.bin "
>> Attach the saved "biosreg.bin ", placed into a compressed ZIP/RAR file, to your next post!!! <<
Step #2
Right after you do that, try to write back the BIOS Region dump and see if you get any error(s).
Command: " FPTw.exe -bios -f biosreg.bin "
^^ This step is important! Don’t forget! ^^
If you get an error, reply to this post with a screenshot of it, OR write down the EXACT command entered and the EXACT error given.
Here is a SIMPLE REGISTRY EDIT that adds “Open command window here as Administrator” to the right click menu, instead of Power Shell
Double-click downloaded file to install. Reboot after install may be required
> CLICK HERE TO DOWNLOAD CMD PROMPT REGISTRY ENTRY <
If the windows method above does NOT work for you…
Then you may have to copy all contents from the Flash Programming Tool \ DOS folder to the root of a Bootable USB disk and do the dump from DOS
( DOS command: " FPT.exe -bios -d biosreg.bin " )
You will have to use RU method then, if you continue to get the “out of range” error at the end there with grub/setup_var
If you did not already, before doing that, make sure you have secure boot disabled, no BIOS password set, and no BIOS TPM or encryption enabled (This must always be this way before doing any of this)
yes, that’s exactly what I didn’t understand: where this step spoiler is. Now everything is clear and easy to do.
Yes boss!
No, I did everything as in instruction because with the Secure Boot enabled - the grub or any other DOS stuff won’t boot, or better to say - the USB key will be ignored (I tried that before, and it starts booting from USB only with Secure boot disabled + CSM enabled). So there is no way to do that with Secure boot enabled (at least in my case)
*Also No BIOS password set.
*No BIOS TPM or any other encryption enabled.
I will try to use RU method then.
--------------------------------------------------------------
--------------------------------------------------------------
--------------------------------------------------------------
: : : UPDATE : : :
@Lost_N_BIOS
I couldn’t find the BIOS Lock via RU.
#2.5 (FINDING AND DISABLING BIOS LOCK) says that I need to find the page starting at 0500 then find the respective row/column/position.
The problem is that in my case, the pages end at 0410.
@EthanWalker - Not sure where you are getting this “500” from? I gave you the variables for both settings above (0xA2 and 0xA3)
Maybe “500” is coming from something in that guide? If yes, ignore that, you’re variable is as I outlined above
You need to go to line 00A0, then go out to column 02 and column 03 = 0xA2/0xA3
Yes, it is coming from that Guide.
Considering it’s RU, I didn’t really understand what to change then, since I only knew about the setup_var commands.
I will check this in a couple of minutes.
Follow the guide, it shows you how to change and save your changes. If you know how to use hex editor, it’s same, you go to offset location (0xA2 + 0xA3) and change them from 01 to 00, then save and that’s all.
If you are still not sure, get into “setup” and go to line 00A0 and show me image, I will circle which you change to 00 and then you can make those changes and save your changes (outlined in the guide)
@Lost_N_BIOS
The problem is that many times I know what I have to do, but when I get to the action, there are details that leave me confused and I remain unsure whether it is correct or not.
For example in this case, I followed your instruction + that GUID to understand my steps:
I went to 00A0 - then to Column 02 and 03 but those are zeroes already. Or maybe I’m doing wrong or didn’t get what I need to do.
It’s OK, you got it! If they are both 00 already, then it’s already disabled.
This must all be due to secure boot enabled then, disable that, and try FPT #1-2 again.
If you can’t get it sorted, then we’ll have to do via programmer (and when we do that, I can disable all this for sure as part of the BIOS edit you will program back in, then next time you wont have this issue)
You can try, change 0xA5 to 00, but it’s generally not needed (and secure boot must always be disabled while we do all this, so I assume this is the issue if you still have it enabled)
I know, you would rather not use programmer, so we can try one more thing before you have to resort to that.
Please do the following with FPT and let me know if you can get success at #2, if yes, send me file from #1. For all this, secure boot must be disabled, no TPM/Encryption, no BIOS password etc
1. FPTw.exe -a 0x280000 -l 0x4B0000 -d vol1.bin
2. FPTw.exe -a 0x280000 -l 0x4B0000 -f vol1.bin
Also, show me image of this output >> FPTw.exe -i
That’s why I was unsure - I saw them disabled but in my head, the following idea was doing some storm: It is impossible, he said that I need do disable the locks which means they are locked, so they can’t be zeroed already…I’m doing wrong etc. etc. etc. 
Ok, let me see what can I do.
Yes, sorry, I should have mentioned if already 00 then = disabled.
I just checked the latest FPT dump you sent me, and I see 0xA2 and 0xA3 BOTH = 01 in NVRAM setup area, so I think maybe you are not in correct setup (And or, it’s due to secure boot enabled too)
Be sure you are in the largest “Setup” with GUID - EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9
I got the idea after reading the RU guide, that’s why I got confused.
Weird because there were two setups: 1 that had a smaller size and a different GUID and the other one that had a larger size + the GUID you mentioned above. Of course I chose the 2nd one with the respective GUID.
I can check again if needed.
Yes, there is always two setups, once is tiny (sparse content)
Sounds like you are in correct one then, must be due to secure boot enabled. Disable that, then do as mentioned (That must be done, even for the last FPT stuff I mentioned on page #10 too)
The Secure Boot is always disabled. I will try again now.
You said it’s enabled at #145, that’s why I keep mentioning it. But, now that I looked back you were explaining why it’s disabled, only mentioned “with enable” etc. Sorry for my confusion
If it is disabled, then not sure why you are seeing those set to 00, it’s not that way in the BIOS you dumped and sent to me.
If you still see 00 for both, try 0x05 and then see if FPT lets you do #2. If not, then do what I mentioned with FPT at the end of page #10 and see if you get success on #2 of that way or not.
In the meantime, as long as I check the variables and secure boot - here is the result of steps 1 and 2 (dumped the BIOS region with a new name biosregst1.bin and flashbacked it).
Add this to your post #150 (End of page 10) stuff too!
1. FPTw.exe -a 0x10000 -l 0x20000 -d NVRAM.bin
2. FPTw.exe -a 0x10000 -l 0x20000 -f NVRAM.bin
Ohh! Haha, so it’s disabled and now FPT step #2 passes! You must have disabled it via grub even though it was saying “out of range”!! 
Sorry I did not think to have you recheck that with grub! If you type just the offset, without 0x00 after it, then it shows you current value (in grub/setup_var I mean), I should have had you check, but usually out of range means it’s failing and nothing is going to change.
So, all set now!!
Send me biosregst1.bin, and when I get back in later today, or tonight, I will do the mod BIOS for you again!
@Lost_N_BIOS
So, if I got that right: out of range error occured because the locks were disabled already ?
No, I was thinking to verify that, and then I googled: check bios locks status, check grub setup_var locks, check bios locks, verify smi lock etc. - all I found are your posts on this forum with the commands setup_var - nothing about how to check that
Btw, PDR Region does not exist - what does it mean ?
DOWNLOAD for free: biosregst1.bin
No, out of range usually means setup_var can’t edit whatever you tried. Nothing to do with anything already being set to any value in NVRAM (This what you are editing with RU or setup_var, the “Setup” storage area for setup values)
Various things cause this, not sure what did in this case. But, it was untrue anyway, since it changed it, so you should not have seen that error 
Yeah, to check an offsets current value with setup_var you do like below
setup_var 0xA2 xx << To change to xx value
setup_var 0xA2 << To just check value, you don’t need to do above first (ie no need to attempt a change), I only added there for complete example. When you type just this, it will then readout the current value for the given variable/offset
PDR region does not exist means it looked and it’s not in the BIOS, it’s not part of this BIOS at all anyway, you can ignore.
GbE region error is same, if/when you ever see it, simply means it’s not in the BIOS (boards with Intel Gigabit LAN have it, those that do not may or may not have it, but FPT will often mention if you flash certain things in certain ways.
^^ Your BIOS DOES have this But, we are not trying to dump or flash the whole BIOS, or GbE, so you should not see message about it