Updated 09/20/18
my rig:Dell Precision M6700 with i7-3940XM
Finally got Flash Descriptor Region unlocked as I intended after month long researching,which means i have full BIOS dump now.
Here is the problem
1:i believe this BIOS is somehow protected by some sort of checksum or signature verification,which cause me failed when trying to manipulate CPU multiplier by GRUB NVRAM settings.
could someone pls help me disable or get rid of such things metioned above?
2:i’ve read some thread about enable overclocking on ThinkPad W530 by"prevent MSR 0x194 Bit 20 set to 1".TBH i dont really understand what does it mean,but i’ll just paste it here if this rings a bell for experienced bios hacker 
https://www.bios-mods.com/forum/Thread-R…removal-special
full bios dump downthere,afaik this is an AMI UEFI non-standard BIOS,we need UEFITool or PhoenixTool to do anything with it.
Thanks for any help in advance and have a nice day.
EDIT by Fernando: Thread title customized (was too long and not meaningful enough)
To Fernando:I tried to make the title more specific
updated 09/20/18
Here, all three of these changed from default enabled to disabled - flash back using programmer only (Due to lock in place currently)
Otherwise you will have to change SMI + BIOS Lock via grub to 0x0 first, then flash from windows using FPTw.exe -bios -f filename.bin
SMI Lock, VarStoreInfo (VarOffset/VarName): 0x3F >>> Disabled
BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x40 >>> Disabled
BIOS Interface Lock, VarStoreInfo (VarOffset/VarName): 0x42, >>> Disabled << This one locks the BIOS settings
http://www.filedropper.com/dellm6700-mod-removelocks
This is AMI Aptio IV (4) BIOS, but strings are messed up, probably on purpose, that is why you can’t edit with AMIBCP
Thanks for your reply,i noticed those Locks(yep,mutiple locks,0x3F 0x40 0x41 0x42 0x43 and so on) and tried to unlock them with GRUB NVRAM editor but still no luck with CPU multipier tweak.so i think there is something else protect the bios or what.
PS:i already have my Flash Desc unlock(by pinmod) so i could use FPT to flash,much easier than programmer:)
Those are not for CPU multiplier. CPU itself lock the amount it can raise up to, BIOS usually does not lock this lower than CPU default.
Main one I changed, last one, should allow you to change BIOS settings now, possibly, but maybe not since we cannot edit in AMIBCP CPU multiplier setting. But main thing is CPU max multi is max multi, no matter what you do.
If you can find BIOS String file, then remove string that is over 400 bytes, and put back, then you should be able to properly open BIOS in AMIBCP 4.55
talking about the mutiplier thing,i’m think about overclocking CPU and i do have a full unlocked XM extreme edition,that’s why i want to adjust the multiplier.even if i have no XM CPU,i should still can raise 4x multiplier on 37x0 and 38x0QM CPUs
additional info about how to adjust mutiplier by NVRAM(on Latitude E6530) is here.i could assume there is something similar? https://www.techinferno.com/index.php?/f…ulti-unlocking/
The link on main thread explained how some hacker removed bios restrain on a W530 and pushed 3920XM to 4.5Ghz,that’s what i want:)
again,thanks for your reply
OK, that makes sense then! Please show me an image of your current CPU multi option page. No, only with extreme / unlocked / K type CPU’s can you raise the CPU multiplier past default, other than that auto turbo may boost on certain systems past max default.
To change NVRAM best way is not grub, best way to do that is dump it via SCEWin and write back once edited. Here, see if you can run any of these versions on your system, if you can send me back the NVRAM.txt output files and I will check to see if you have any good option there (You can check too of course)
I personally do not think you will find what you’re looking for in NVRAM, other than possibly unlocking a menu, but that’s best done in other ways.
http://www.filedropper.com/scewin
I will check your link too, leaving shortly though so may not be able to get back to you on this again until tonight.
I forgot to add command to write back NVRAM in the text file
SCEWIN_64 /i /s nvram.txt
or
SCEWIN /i /s nvram.txt
Afterwards it’s suggested to do a global reset with FPT (Version must be from FPT package matching your ME Version) >> fpt -greset
yes,i understand the NVRAM has its limit and maybe cant overclock CPU as i want.To make some NVRAM adjustment ISNT my point here.its just my initially assumed way to OC 3940XM
As far as we know this road of NVRAM editing to OC seems to be a dead end.Then i’m open with any further BIOS modification to remove the signature check or protection(if existed),and OC my CPU:)
BTW i cant actually get any files from your link so i’ll do some search to find SECWin and hope it’ll work
thanks for your reply
Yes, I read that link you gave, seems like you can overclock that way, but not by changing CPU multi, it looked like turbo bins and TDP edits.
What do you mean you can’t get files from my link? Use gray download button in middle of page, enter 4 digit shown (If you don’t see, disable ad-block and refresh page) and then download gray button again. Do you need another upload to different host?
You wont find SCEWin like I posted, it’s not a public tool and I put 4 different versions in there, you may get lucky and find one but you need a bunch of versions in order to get luck and find the one that works for your system.
If you need me to upload to somewhere else, please tell me what file host you like and I can upload there.
true,Khenligh mentioned TDP tweak in that thread,but he also mentioned mutiplier unlock,too.i’ll just quote his word here "Here’s 4.3ghz running with the override off. I had hwinfo64 on to prove that this was on a latitude.""NVRAM locations for turbo multipliers were 0x25 through 0x28." these 0x25 to 0x28 is exactly where im put my hands on,but the only outcome is Freeze on OS loading stage,here is the root of my believe in some sort of checksum or protection in the BIOS.
i managed to get a copy of SCEWin64 from MDL forum
BTW mega.nz will be fine for me:)
thanks for your reply
I thought so, that’s what I was thinking was “Turbo Bins” I will unlock those for you in BIOS then you can re-program, but it may also need changed in NVRAM too. On the SCEWin, did the version you get work for your board?
If not, here is few more mirrors for the package I posted, since you did not explain the problem? I can’t figure out how to upload and get link at NZ without making accounts
https://nofile.io/f/JGV5NgobY1m/SCEWin-Multi.zip
https://www.sendspace.com/file/yuoaw2
About the freeze after your current attempts, that is why I gave you the initial BIOS I did, unlocked the BIOS Interface lock (That’s probably what was stopping you previously). Program that BIOS again before doing anything further, that way those locks are all out of the way and don’t need to also be changed.
sry for delayed reply.
i actually unlocked those locks(by GRUB) at a very early stage of my research(and before any manipulation,of course),but still no luck.
i’ll try SCEWin you provided this time,tbh i dont think it will make any difference
btw i dig into the W530 unlock thread mentioned above,and try to adopt the operation to my BIOS.it turns out i find some module highly suspected related to MSR0x194 settings.you can find it by searching “powermanagement” in UEFITool. the problem is i cant extract assembly code for further editing,maybe i just dont know how to use the tool correctly?
thanks for your reply
Well those need to be either permanently unlocked in BIOS, which is why I gave you modified BIOS, or unlocked by grub and then no BIOS flash after that or they get reset.
SCEWin is for us to look at NVRAM settings and edit if any are related. Did you get NVRAM.txt output from any of the versions?
I am looking at the powermanagement MSR 0x194 for you now, please be patient. May also be in other module instead (Like pchinitdxe), can you find anyone discussing your exact model and x194 unlock, so we can be sure correct module before digging in too deep?
I have found that MSR = 0x1AD in grub - see post #46 - https://forums.anandtech.com/threads/wha…2496647/page-2
See also, here in post #12 (And see #15 for explain) for MSR tool so you can check actual CPU options - https://www.overclock.net/forum/5-intel-…2-3-7ghz-2.html
@DeathBringer - can you help with the MSR 0x194 unlock? Thanks!
Update:NO luck with any version of SCEWin64
Ver2.11 and 5.00 throw an ERROR :4 - Retrieving HII Database and ERROR:4 - Dumping HII Database to File
Ver5.03 said Platform identification failed.
for now it seems like the only thing i could do is cross my finger and hope your research into that bios module could work.
i’ll try to provide as much info as i could
here is the W530 unlock thread,the most useful part should be on page 3(some failure of trying) and page 4(post #32 success finally)
https://www.bios-mods.com/forum/Thread-R…removal-special
here is coderush’s explaination of how to unlock some MSR from certain BIOS module on post #5(e.g. CPUPEI or Powermanagement.efi may also be called or PowerManagement2.efi PowerMgmtDxe.efi)
i know he is actually talking about PM patch for hackintosh and AES-NI unlocked,but i think its some similarity to MSR 0x194(you can see the W530 guy find his MSR 0x194 inside PowerManagement2.efi if i recalled correctly)
https://www.bios-mods.com/forum/Thread-R…21UC?pid=101614
thanks for your reply
Thought we’d get lucky, only some versions work on some chipsets, but sometimes OS matters too (Try win7 if you can, best luck for me has been that OS)
I ask a few people to help me on that MSR unlock, hopefully we can find for you! Thank you for the added links, I know how to unlock it for certain things and how to recognize like the 0xE2, but in other modules, I can’t seem to find in this one, that is why I thought maybe it’s not this module, but it’s different lock than normal too so I probably just am not recognizing it.
one more thing,there is TWO powermanagement module inside the bios image,and i cant tell which one is the correct one or higher possible one.but when i search HEX string «75080FBAE80F»(MSR 0xE2 related stuff),the outcome reduce to ONLY ONE.i’m not sure if its useful,just provide you this info here.
btw i remember i had no way getting bios dump with AFUWIN(error 46 cant get flash information or something like that),which makes me suspected there is some restrain with AMI’s tools including SCEWIN?are there anything like SCEDOS ever exist?due to lack of backup HDDs its pretty painful to switch operating systems you know…
appreciate for trying to call in more specialists,thanks for all your help 
thanks for your reply.
Yes, I saw that too already! I think I found it now, in the main powermanagement, will get into changing it tonight! Don’t worry about testing other OS, I was only tossing out ideas in case you had spare HDD’s around.
And solved… I think!
Will recompile tonight for you to test - Edit @Blossomcrown - had a minute now, so here it is, double checked the edit and all looks correct to me but be ready to recover via programmer if necessary since I don’t do these type of changes often 
Edit - new links
https://www.sendspace.com/file/372qvq
http://s000.tinyupload.com/index.php?fil…521893258749072
http://www.filedropper.com/m6700m2-194-jmp
PM or post if all links above die, thanks!
How genius you are![screaming loudly]
it will take me few days or up to a week to get a SPI programmer standing by,so i have to delay the field test for a while.
honestly i cant imagine that we could push forward sooooooo fast.maybe we cant achieve one-time success but im pretty sure we are not far from that.
Thanks for all your time and help,i’ll report back as soon as possible! 
Thanks for your reply.
I hoped, and thought you already had programmer in hand and had been using it?
I think, if that was all you knew from your research that needed unlocked, then I believe problem is solved, and now with MSR 0x194 bypassed you can do the other changes you wanted.
Isn’t that what you though, once this lock removed other things you previously tried that failed, would then be allowed to function properly?
Hope the programmer arrives soon! If you have other systems you can use in the meantime, then you can go ahead and flash and test this BIOS, but in case of bad flash if this is only system you have then yes please wait until you have programmer so you can recover if necessary.
with MSR 0x194 unlocked i expect CPU multiplier manually control,which will enable XM CPUs’ overclocking,become avaliable.
it should work if there is NO any other restriction(e.g. long concerned RSA checksum or some other integrity verification mechanism) inside the BIOS.
as metioned above,i’ll get programmer,do field test and report back as soon as i can.
Thanks for your reply.