Warning: This guide was applicable only to old AMI Aptio IV BIOS and cannot/should-not be used anymore!
As I have promised to @Fernando a while ago, I wrote the guide about using AMI Aptio Flash Utility for flashing modified AMI Aptio-based UEFI BIOS images. Try this at your own risk, I have no responsibility for any damage you may do to your BIOS or board. — As we all know, in order to support SecureBoot technology stack, almost all desktop board vendors have enabled SMI lock and BIOS lock in latest BIOS versions, and it becomes rather difficult to flash modified BIOS because of failed security verification. There are some differences between vendors, and I personally have no access to any locks-affected board (my ASUS Maximus IV Gene-Z is too old and have unlocked BIOS, and my Zotac Z77-ITX has unlocked BIOS too). Please add your comments and solutions for any specific vendor, it will be appreciated.
Now, lets start the guide:
>Download latest version of AFU from AMI website<. From that archive you will only need AFU utilities from Aptio folder. It’s recommended to use AFUDOS from DOS-bootable USB-drive, because DOS is single-task system and nothing can interrupt you BIOS backup and flash there, but because it’s hard to make normal screenshots from DOS, AFUWIN64 will be used in this guide. After some testing on different boards I realized that the best method of using AFU is backup/modify/flash, because it isn’t as reliable as, for example, Intel FPT or flashrom.
Use standard vendor tools and vanilla BIOS file to update to any BIOS version you want to have.
Run AFU backup.rom /O command (replace AFU with actual file name, like afuwinx64.exe or afudos.exe, depending on your system) to make current BIOS backup.
Modify this backup as you want and rename modified file to modified.rom.
a) Try to flash modified file back using AFU modified.rom /P /B /K command, if the output is like
then your our BIOS have SMI lock and BIOS lock disabled, so you can use FPT or flashrom to flash it too, and your modified BIOS is now flashed. Reboot and check if it works.
b) If, on the other hand, the command above fails with “Security verification failed” message, try AFU modified.rom /GAN command. /GAN is undocumented key meant to flash all blocks regardless to any software locks. If the output is like
Reading flash … done Erasing All Block … done Updating All Block … done Verifying All Block … done
then your modified BIOS is flashed, reboot and check if it works.
It’s known, that sometimes AFU /GAN reports successful flash, but after reboot there are some modifications, that wasn’t applied. It’s in the nature of AFU, I don’t have any working solution to this problem now. I personally don’t recommend this method for daily use, AFU is not a reliable flasher in any way, and if you have another methods capable of flashing your modified BIOS - please try them first. SPI programmer can also be made from anything from FT2232H-based boards to every microcontroller or even RaspberryPi. My recommendation here is BusBlaster v3 or v4 from DangerousPrototypes, because it’s a good semi-universal JTAG debugger too, but you can buy this cheap board, if $40 is too much for you.
@ all: I’m waiting for your reports, meanings and suggestions. Have a nice flash.
First of all thanks for this guide. I am using backup/modify/flash method for my AsRock Z87 Extreme4 from the date I own it, without problems. One quick note for same board users, at step 2. if your flashing screen freezes as soon as selecting the rom file, reset and disable all sata options and try again, you will be successful.
I can add some info about modern Asrock boards too. There is a simple method to bypass security verification there by removing Aptio capsule header, making CAP file with signatures and verification check to ROM file without them. You can use UEFITool to do it for you, just open your CAP file, press RMB on "AMI Aptio Capsule" tree item and select "Extract body…" action. Save the resulting file as BIOS.ROM, and you are done. Now it can be modifed and flashed by any standard Asrock tools, AFAIK.
first, I got to point 3 of your guide and have a backup. Q1: can I use the UBU sw to update BIOS or should I do it manually? Q2: where do I find the SCEWIN_64 command/file? Q3: is it supposed to work from Windows in a DOS shell? Q4: will this method do away with all the above and will it make possible to update modded BIOS with BUPDATER? thanks
AFAIK this is just an Intel ME Firmware Updater for 8-Series Chipset Consumer mainboards. I don’t think, that this "Updater" is able to flash a modded complete AMI UEFI BIOS file into the BIOS chip of a mainboard. The name "BIOS Updater" may be misleading.
Actually, elisw is right. Inside the archive there is a BIOS folder containing some files for flashing and an update.bat which calls for PEExec and BIOS.cap as parameter. Maybe someone with an Asus board could check if it only works with unmodded/original ones.
Thanks for posting this. I was partially successful using the dump technique with /O option. After making modifications, I could not get the flash to work with /P /B /K. It would lock the system hard requiring a power off at the completion of checksum verification. I next tried the /GAN & that seemed to work as the OROM changes I made were evident in the next boot. There was still a problem however. When I entered the BIOS config it detected something wrong. It proceeded to the crashless protection and reloaded previous BIOS version.
At this point I tried the other approach - I used UEFITool to extract the body of the asrock firmware, made the modifications, saved it as the same name of the original firmware to USB drive & used F6 - Instant flash BIOS option to load the modified BIOS. Now I am able to enter BIOS config and all OROMs are updated. Sweet success thanks CodeRush!
I managed to flash my bios with DPCIManager CodeRush tool for home with flashbios.
For the successful open apricativo Clik on Misc Auto Patch then wait 10 seconds and restart put at rest and voila.
The great thing was that I noticed that the mother P8H77-i card it only works in bios until 1001.
In 1004, 1006 and 1101 (latest) DPCImanager autopatch simply finds several errors and does not work. I’m sure that errors and due to some new security Asus bios.
@ erbas: Welcome at Win-RAID Forum and thanks for your request.
AFAIK the ASUS P8H77-I doesn’t support the USB Flashback feature. That is why I don’t think, that there is any more reliable and safer method available than the AFU one, if you want to flash a modded version of your mainboard BIOS.
Inside the amiflash.zip there are 3 different folders each containing the flashing tool afudos (and afuefi and afuwin), i guess nowadays u should still be using the afudos inside the folder Aptio and ignore AptioV and AMIBIOS folders but whats the differente between Aptio and AptioV?.
Look >here<. The newest mainboards like the Z99 chipset ones have an AMI Aptio 5 (V stands for 5) BIOS, which cannot be opened and modded by using the previously used "standard" AMI Aptio UEFI tool v4.50.0.23.
Since AMI obviously has changed the storage place of the "AMIBIOS and Aptio AMI Firmware Update Utility", I have corrected the download link within the start post and hope, that this is ok for you.
