HP Insyde RSA signed UEFI mod?

So I followed the CodeRush article about modding older RSA UEFI and I manged to apply the same bypass to SecureUpdating PEI module that he had done.
My notebook is a HP EliteBook 2570P and the BIOS revision F.50
Next I tried to disable the whitelist but the problem is that the computer doesn’t halt if a unsupported device is installed, when you press the ENTER key the boot process continues. In older version the system would end up in a infinite loop showing just the error message. In can find the VEN and DEV ids in several PEI modules but I can’t make heads or tails of the disassembly in IDA because this stuff is way over my head. I soldered a cable to the EEPROM so I can quickly connect my CH341A programmer and try different versions. If somebody would like to take a look at this I can send the dump. I also found a very interesting module called F10ExtendedFeature and in the mSATA is mentioned a few times, now the 2570P has disconnected SATA traces but it is currently missing the software support for mSATA. I would be veeeery grateful if someone would point me in the right direction on this whitelist stuff :wink:

Only replying so you don’t feel skipped over Maybe @CodeRush will stop in to advise since you used his method. I haven’t done many whitelist fixes, but the few I have done or looked at was only editing the setup module or HiiDatabase, in Insyde based BIOS.
I could take a look in the BIOS for you, but can’t make any promises or even say I might be able to help, but I’ll look if you link.

Found a new method on 51nb even easier but I’m not sure if it works correctly. I just removed the following modules SecureUpdating, WLAN, WWAN, Bluetooth, Computrace, ApsoluteDriver and now I can install a second wifi card without getting a error on startup The problem now is that the card doesn’t show up in Windows or in Ubuntu(lspci), I tried swaping the cards and taping pins 20 and 51 but that doesn’t help. Maybe the PCIe port is disable because this is a WWAN slot. The PCIe lanes are wired for sure, the BIOS wouldn’t complain in the first place if the port wasn’t wired but this is not a problem for me because the WiFi slot isn’t whitelisted in the first place. Also took the time and applied me_cleaner so no more Intel spyware :grinning:
I found a cheap(5€) 3G WWAN card so I will try the whitelist with that.

Put WLAN module back in and see if that fixes things. Sometimes WWAN slot is not connected at all to PCIE lanes. What is the exact error message, please put back BIOS with this issue if you have to in order to write down exact wording

https://h30434.www3.hp.com/t5/image/serv…6D1F437A5?v=1.0

This is the error message, the PCIe lanes should be connected at least the schematic says so :stuck_out_tongue: There are unbridged SATA lanes but the port is not enabled in firmware. Maybe it would be best to get the WWAN module and to try. I noticed that after this mod the WLAN FCC ID is blank in the BIOS info screen so it seems that I removed the module with the name strings. The Bluetooth/WLAN/WWAN list is the same in all of the modules. The current whitelisted card is 14E4 4359 182C103C. The whitelist is not that big of a problem because the WLAN whitelist contains a Test WLAN device with the ID 0000 0000 so any card works in this slot. I’m more interested in the F10ExtendedFeature module but it is not IRF formated.

Thanks for the info, I will look in there shortly. Never mind, that link only takes me to an HP Deutschland store. Please type out the exact error message for me (Just the first line is fine error xx : blah blah blah)

You can get into the F1 extended menu at boot time, there is guides on that posted, usually it’s only a few more useless in most instances settings.

Sorry for the link, https://i.postimg.cc/vmxf5Vdk/Wireless-M…d-Error-703.jpg
I tried the F10+A combo but that didn’t work, maybe I have to change some VSS to enable it?

Thanks for the image. Here will show you the F10 way - http://forum.notebookreview.com/threads/…options.563970/
I guess that’s same as you did, keep trying and maybe you’ll get it.

You may need modified BIOS with this option enabled (I can do for you, or you can do from Grub with Setup_Var)

*Edit- Never mind, I tried to find values for you, from the usual places/tools and just noticed this is not usual HP Insyde based BIOS, and does not have those kind of settings like the old ones. Maybe that is left in there by being lazy.
To enable hidden menus and settings etc, this BIOS needs to be modified like a usual BIOS mod to unhide stuff, but that brings into question RSA and reprogramming mod BIOS failure. Maybe mod BIOS is ok with this RSA System and programmer, since you have already modified and flashed without issue!
So if you want, tonight I can make you mod BIOS with more stuff enabled. Please take some images of your current BIOS showing all visible tabs/sections and I’ll see if I can enable things for you.

On that F10 module, you can read all included settings in notepad or hex, looks like it’s simply TPM and MEBx menu’s in several languages, and maybe some recovery. I also see from the PlatformSetup Module that it allows you to control user BIOS access via policy and password



RSA is no problem, I messed a bit with IDA and the ErrorLog module and changed a jnz to jmp, the notebook booted with the mod. The main gotcha on this BIOS is that some modules have a copy in a second volume the shows as RAW in UEFITool but if you change a byte in the header it is recognised as Freeform.

Maybe the problem with F10+A was that I tried it from a hot reboot, I will try from cold.

The newer HPs aren’t hackable I think from 2013 and onwards, Code Rush posted that somewhere.

If you have the time to mod it I would love to try, if it’s not too much ask.
I’m still learning a lot, thanks a lot for your time :sunglasses:

EDIT: I tried the F10 + A a few more times but no luck. Also my BIOS doesn’t seem to be the standard InsydeH2O because my BIOS has a full GUI with mouse support.

Please add some images of your BIOS, showing main, advanced, security, and save & exit pages if you have all those, make sure at least one of these shows all currently visible tabs/sections. Actually, if you don’t mind, show the entire BIOS scrolling top/bottom on pages where there is long list of settings
This way I can see all the settings you currently have, then any missing I can try to enable for you. Please put in zip please and upload to any file host

I don’t see a lot of settings in platformsetup IFR, but maybe that is all the sections in your BIOS (System, Security, and file as main sections)? If not, your images will surely help me find the other module needed
I found these regarding WWAN, do you see them in your BIOS? >> Embedded WWAN Device + WWAN Quick Connect (both enabled by default, so I guess even if you can’t see they shouldn’t be causing problems)

Ohhhh, creepy, but I guess more-so bad-form of them to hide (3 x separate chunks of this too!) >>
Form: Hidden Form >> With all options looking like below
One Of: Hidden Option, VarStoreInfo (VarOffset/VarName): 0x10, VarStore: 0x1000, QuestionId: 0xA7, Size: 1, Min: 0x0, Max 0x0, Step: 0x0 {05 A6 72 00 11 00 A7 00 00 10 10 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
One Of Option: Enable, Value (8 bit): 0x1 {09 0E BF 00 00 00 01 00 00 00 00 00 00 00}
One Of Option: Disable, Value (8 bit): 0x0 {09 0E C0 00 00 00 00 00 00 00 00 00 00 00}
0x11D6E End One Of {29 02}

I guess due to the above rubbish, and looking through the IFR, there may not be any good settings hidden from you that I can enable

First 2570P with backlight keyboard?
https://i.postimg.cc/37xTYgfw/IMG-20181203-113602.jpg

I took the PlatformSetup of the 8770w because the 8770w is a workstation class notebook so it has more options. Found the mSATA settings with the Universal IFR Extractor now I don’t know how to enable it because it’s suppressed. Do I also need the HiiDatabase of the 8770w for this to work? Also Windows doesn’t want to boot now but Kubuntu works normally. I will post the 8770w BIOS I used here.
EDIT
https://drive.google.com/open?id=1mC6MKu…htPUlmyV7DNAvxa
EDIT2
Got the mSATA in my BIOS but if I enable and save the BIOS settings and open the BIOS again it is disabled. Some variables missing?

https://i.postimg.cc/nzhmY3nG/IMG-20181203-130315.jpg
https://i.postimg.cc/DzFLm2DD/IMG-20181203-172841.jpg
The whitelist mod works, at least the USB part of the WWAN slot works as you can see the original BCM943228HM4L and the Bluetooth of the Intel Wireless-AC 8265. Here is also the screenshot of the mSATA setting I mentioned above.

@adrian_sa - Upload the setup module file you are using (Original before your edit) that has the mSATA setting you need unsuppressed properly. And, how did you unsuppress that didn’t work, so I don’t use that same method, actually attach your mod one too so I can compare with stock.
Then I’'ll see if I can get it correctly for you.

I changed the expected values in the suppress from 0x0 to 0x3, I will upload the file.

Thanks, I will do different way and show you, once you upload the file I think this way will be better

@Lost_N_BIOS
https://drive.google.com/open?id=1mC6MKu…htPUlmyV7DNAvxa
Here is the 8770w BIOS from which I extracted the PlatformSetup module.

What is the name or varname/varoffset of the item you unsuppressed? Or just both instances of mSATA?

Actually, here, this is best way to do it
Suppress If {0A 82}
0x1176D QuestionId: 0xD1 equals value 0x0 {12 06 D1 00 00 00} << Insert here 29 02
0x11773 One Of: mSATA, VarStoreInfo (VarOffset/VarName): 0x2EF, VarStore: 0x1000, QuestionId: 0x9D, Size: 1, Min: 0x0, Max 0x0, Step: 0x0 {05 A6 2F 01 11 00 9D 00 00 10 EF 02 10 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x11799 One Of Option: Change, Value (8 bit): 0x2 {09 0E C3 00 00 00 02 00 00 00 00 00 00 00}
0x117A7 One Of Option: View, Value (8 bit): 0x1 (default) {09 0E C4 00 10 00 01 00 00 00 00 00 00 00}
0x117B5 One Of Option: Hide, Value (8 bit): 0x3 {09 0E C5 00 00 00 03 00 00 00 00 00 00 00}
0x117C3 End One Of {29 02}
0x117C5 End If {29 02} << Move this (ie delete in hex), Insert above, before "One Of: mSATA"

Same for the other one

Gray Out If {19 82}
0xF344 QuestionId: 0x9D equals value 0x1 {12 86 9D 00 01 00}
0xF34A QuestionId: 0xB0 equals value 0x0 {12 06 B0 00 00 00}
0xF350 And {15 02}
0xF352 End {29 02}
0xF354 Suppress If {0A 82}
0xF356 QuestionId: 0xD1 equals value 0x0 {12 86 D1 00 00 00}
0xF35C QuestionId: 0x9D equals value 0x3 {12 06 9D 00 03 00}
0xF362 QuestionId: 0xB0 equals value 0x0 {12 06 B0 00 00 00}
0xF368 And {15 02}
0xF36A Or {16 02}
0xF36C End {29 02} << Here, insert both removed 29 02’s from below
0xF36E One Of: mSATA, VarStoreInfo (VarOffset/VarName): 0x368, VarStore: 0x1000, QuestionId: 0x3A, Size: 1, Min: 0x0, Max 0x0, Step: 0x0 {05 A6 2F 01 11 00 3A 00 00 10 68 03 04 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0xF394 One Of Option: Enable, Value (8 bit): 0x1 (default) {09 0E BF 00 10 00 01 00 00 00 00 00 00 00}
0xF3A2 One Of Option: Disable, Value (8 bit): 0x0 {09 0E C0 00 00 00 00 00 00 00 00 00 00 00}
0xF3B0 End One Of {29 02}
0xF3B2 End If {29 02} << Move this (ie delete in hex), Insert above, before "One Of: mSATA"
0xF3B4 End If {29 02} << Move this (ie delete in hex), Insert above, before "One Of: mSATA"

If you don’t get what I mean, let me know and I will do the edits, and then show you after-edit IFR when I get back tonight.

*Edit @adrian_sa - I went ahead and did the edit real quick, here is the file and IFR - http://s000.tinyupload.com/index.php?fil…191987533220193
This is the PE32, extracted as-is via UEFITool, so you can put back in same way I extracted

Outcome is this, so that nothing is within the gray out/suppress

Gray Out If {19 82}
0xF344 QuestionId: 0x9D equals value 0x1 {12 86 9D 00 01 00}
0xF34A QuestionId: 0xB0 equals value 0x0 {12 06 B0 00 00 00}
0xF350 And {15 02}
0xF352 End {29 02}
0xF354 Suppress If {0A 82}
0xF356 QuestionId: 0xD1 equals value 0x0 {12 86 D1 00 00 00}
0xF35C QuestionId: 0x9D equals value 0x3 {12 06 9D 00 03 00}
0xF362 QuestionId: 0xB0 equals value 0x0 {12 06 B0 00 00 00}
0xF368 And {15 02}
0xF36A Or {16 02}
0xF36C End {29 02}
0xF36E End If {29 02}
0xF370 End If {29 02}
0xF372 One Of: mSATA, VarStoreInfo (VarOffset/VarName): 0x368, VarStore: 0x1000, QuestionId: 0x3A, Size: 1, Min: 0x0, Max 0x0, Step: 0x0 {05 A6 2F 01 11 00 3A 00 00 10 68 03 04 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0xF398 One Of Option: Enable, Value (8 bit): 0x1 (default) {09 0E BF 00 10 00 01 00 00 00 00 00 00 00}
0xF3A6 One Of Option: Disable, Value (8 bit): 0x0 {09 0E C0 00 00 00 00 00 00 00 00 00 00 00}
0xF3B4 End One Of {29 02}

And

Suppress If {0A 82}
0x1176D QuestionId: 0xD1 equals value 0x0 {12 06 D1 00 00 00}
0x11773 End If {29 02}
0x11775 One Of: mSATA, VarStoreInfo (VarOffset/VarName): 0x2EF, VarStore: 0x1000, QuestionId: 0x9D, Size: 1, Min: 0x0, Max 0x0, Step: 0x0 {05 A6 2F 01 11 00 9D 00 00 10 EF 02 10 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x1179B One Of Option: Change, Value (8 bit): 0x2 {09 0E C3 00 00 00 02 00 00 00 00 00 00 00}
0x117A9 One Of Option: View, Value (8 bit): 0x1 (default) {09 0E C4 00 10 00 01 00 00 00 00 00 00 00}
0x117B7 One Of Option: Hide, Value (8 bit): 0x3 {09 0E C5 00 00 00 03 00 00 00 00 00 00 00}
0x117C5 End One Of {29 02}

Thanks man, unfortunately it’s late here so I will try tomorrow. I tried to figure the IFR stuff myself but didn’t understand the length part after the instruction. In donovan6000 guide the If statement would be 0A 03 00 but mine were 0A 82. If I got your edits right you made a empty container by moving that end if instructions.

You’re welcome! Yes, @ket showed me this method, and it works best I think. You got it right, it moves the settings outside the suppress/gray if constraints, so nothing is contained within them we want enabled. You just have to make sure you remove same amount of bytes you insert when doing that
I used to edit by FF the entry value, similar to what you mentioned trying, like this >> Gray Out If {19 82} 0xF344 QuestionId: 0x9D equals value 0x1 {12 86 9D 00 FF 00}, which works, but not always and the other way I showed above is easier and a more clean method of doing it.

Suppress/Gray out If xx instructions can be any number of things, sometimes there is only true/false after that instead of questionID’s or other values.
And sometimes true/false (46 02 / 47 02) have different values in different BIOS (27 02 / 28 02). So any guide may not apply always to all BIOS, you have to get inventive sometimes

Edits like these in IFR/hex can also be used to switch values, or switch default enabled/disabled settings or we can even hide things we want to disable too

Tried the new Setup module but the settings still don’t stick. The mSATA setting in Security works but the mSATA setting in BuiltIn devices doesn’t stick after exiting the BIOS.

https://i.postimg.cc/7YnGZ6d2/IMG-20181204-164854.jpg

https://i.postimg.cc/gJLLzKbz/IMG-20181204-165106.jpg