Search Entire Site
Twitter: BIOS_Mods

Posts Tagged ‘UEFI’

Universal IFR Extractor

Universal IFR Exractor

In case you didn’t already know, the Extensible Firmware Infrastructure’s Human Interface Infrastructure uses Internal Forms Representation protocol to display things like your setup utility’s menu. By having access to the Internal Forms Representation, we can know everything about a menu which can assist us immensely when modding bios. I’ll also be using this application in a few of the tutorials I write, so get used to using it now :)

 

I was getting tired of all the requests to expand EFI IFR Dumper to include support for UEFI’S IFR protocol, and as a result I decided that now is a better time than any to update my program. So here’s Universal IFR Extractor, the successor to EFI IFR Dumper. Designed to easily extract and convert the Internal Forms Representation used in EFI modules into a human readable format. Now supports both EFI and UEFI IFR protocols, so it should work with all cases :D

 

In additional, Universal IFR Extractor now has a graphics user interface to make it easier to use. It’ll quickly tell you what protocol a selected module uses so that you’ll be able to know what protocol format you should know in order to modify the forms. Intel has great documentation on how EFI and UEFI IFR is formatted, so it should be too hard to start modifying it after reading through those. I’ll also create a tutorial on how to preform simple modifications, like how to unsuppress hidden options, so stay tuned. Hope you all enjoy! Download it here :D

 

Universal IFR Extractor Download

Module Helper

Module HelperI first started working on Module Helper back in September when Andy’s tool V2.19 was released. As some of you may know, that iteration altered the format of the extracted EFI modules by storing a module’s header, code, and name all in the same file. This created some issues with disassemblers not being able to automatically recognizing the format of the EFI modules and the size of data modules not being updated if changed. Dealing with all these negative aspects was trivial but annoying, which is why Module Helper was developed. It was originally  capable of splitting the modules header and data into separate files an it could update the sizes in the headers. It also had a renaming feature that would make locating certain modules easier. I only made this program only for Linux, but I had always planned to port it over to Windows before releasing it.

 

However, Andy’s tool V2.50 was recently released, and it has switched back to using the earlier format for the extracted modules. This event made Module Helper obsolete, but by this time I had gotten used to how it would rename functionality. I didn’t want to lose this convince, so I changed it a little to work with the latest version of Andy’s tool.

 

Well that’s enough with the history behind it. Now I’d like to finally release Module Helper. It’s capable of renaming EFI modules to include each of their names before their GUID in order to make identifying them easier. There are some important modules that don’t contain names though, and fortunately those cases are also dealt with. Modules which contain only an image or data will be renamed reflect that. I’ll be using this is tool in nearly all the tutorials I write, so you’ll quickly be able to see how it can be used to speed up the modding process. Hope you enjoy! :)

 

Download Module Helper

BIOS Spotlight: (UEFI) Dell XPS 15z L511z

This article documents the exciting work being done by some of our top contributers in our forum. The modifications performed on systems like the Dell 15z reflect the most advanced examples of BIOS modifications done within our  community.  For more information, please visit the thread.
Phoenix SecureCore Tiano, used by Dell, is a tough nut to crack – we came to what we have today by taking little steps on a road that wasn’t smooth to begin with. Phoenix nor Dell have provided any information regarding SCT 2.0 and to this day the BIOS on these machines has not been upgraded to 2.3.1 which allows for ME v8 (brings IVB CPU support) and SecureBoot capabilities.

The number one utility in all of our research is without a doubt AndyP’s Tool, which can be found here. Huge props to him – without his tool our work wouldn’t be possible. Please note, that for some reason later versions of this tool such as 2.11 don’t seem to unpack the BIOS.wph’s capsule properly, so use versions prior to that if you are going to attempt doing some *magic* on your own. There have been a new Phoenix Tool release v2.12 but I have yet to try it, I personally still use 2.02 and it has been producing stable and working output.

The BIOS chip structure is the following:

Platform: Intel(R) HM67 Express Chipset

— Flash Devices —

W25Q32BV    ID:0xEF4016

Size: 4096KB (32768Kb)

00000000h – 00000FFFh: Flash Descriptor Region

00001000h – 00037FFFh: Common ME Header

00038000h – 0017FFFFh: ME Region

00180000h – 003FFFFFh: BIOS Region

+

00400000h – 00420FFFh: EC Region (flashed to a secondary SPI chip W25X40VSIG, as of BIOS A13 my EC firmware is V02-14 For PHOENIX EC Version P1A38)

 1.  Unlocking Advanced Menus and Modifying Option ROMs

First came the nVidia VBIOS modding for XPS 15 and XPS 17 laptops. This was a pretty straight-forward discovery because nVidia bios modding was documented all over the place with a software package called NiBiTor that was coded a few years back which allows a user to adjust a range of options inside the video bios of the card. The guys with nVidia cards onboard have been playing with undervolting and overvolting successfully which allows for room for overclocking or gaining overall stability if you are experiencing hang/freeze/overheating issues with stock configuration. There are values for voltage already predefined in the VBIOS but they can be easliy altered as the voltage table for nVidia is well-documented. There’s also a way of swapping VBIOSes for nVidia cards, like having a 525M utilize 540M VBIOS or vice versa, but this isn’t necessarily a good thing to do.

For people with AMD Switchable Graphics things are still not looking good since only Vostro 3450 of the laptop range with SCT UEFI uses this technology. The ROMs for AMD are not really easy to come by, even though they are documented pretty well. It’s just that Dell’s implementation on SG is kind of lousy anyway, so attempting any modifications on the ROM is pointless, really.

Then based on information from dgsga here and aldo androdev here we were able to overcome a huge problem for OS X users – Phoenix has locked write access to MSR register 0xE2 which stores C-State data. The register has only read access and therefore Apple’s Power Management implementation was unable to write necessary values to it resulting in kernel panics. SCT 2.0 from Phoenix has this restriction hardcoded inside the PowerManagement2.efi module (GIUD F7731B4C-58A2-4DF4-8980-5645D39ECE58) .. patching out the sequence specified in the reference topics seems to solve the issue.

After about 9 month of waiting with the help of Mikhail based on information found on Phoenix’s wiki page jkbuha was able to reverse the EFI_IFR_SUPPRESS_IF operator inside the PlatformSetupAdvancedDxe module which resulted in unlocked BIOS menus. Same patter was then found inside SystemSetuplSecurityDxe module, but the result wasn’t that exciting as with Advanced setup. The only thing unlocked in Security tab of the BIOS was the option to specify the length of the password.

Some of the menus that unlock has brought us and some of the main option highlights:

* Boot Configuration

- Lets you enable classic BIOS post screen with diagnostics summary

- Enable/disable UEFI and Legacy boot modes. Classic Legacy mode allows booting from MBR-formatted drives only (which in hand limits you to 4 partitions on your HDD), UEFI mode support GPT and virtually any amount of partitions. UEFI-capable Windows boot manager (Windows installed in UEFI mode) or a third party UEFI bootloader such as Clover is required to boot from GPT volumes)

- Enable QuickBoot – skips EFI Dxe driver loading which are already loaded, essentially speeds up your reboot. Doesn’t affect first boot.

* ACPI Configuration

- Allows to enable\disable Dell’s proprietary temperature and voltage monitoring device PTID, which essentially drops one of the SSDT tables called PtidDevc from the BIOS if you set to disable this feature.

* Processor Configuration

No, this won’t bring you OC features as this is one of the options that has to be supported by Intel’s Management Engine firmware.

- Intel’s Hyper Threading technology – well, this speaks for itself. this options controls whether virtual core thread is in use or not

- Flex Ratio is essentially the Plimit of your CPU, this is the highest multiplier your CPU can utilize. Please note it’s not the maximum multiplier used for TB.

- Execute Disable Bit (XD) – Intel’s hardware-based security implementation to protect your system against worm/rootkit exploits.

- CPU fast strings – Brings better CPU  better performance.

- Processor Power Management submenu lets you manipulate the Turbo Boost setup  a swell as your idle power C-state switching.

* Peripheral Configuration

- Nothing interesting to see here for the end-user

* HDD Configuration

- This menus basically lets you alter you SATA port configuration, setting it as Hot-Pluggable, External or Internal etc. Just make sure to never enable the ports that are disabled from the factory, otherwise you may run into some issues.

* Memory Frequency

If you bought some flashy 1600Mhz modules, well.. too bad you can’t really see your 800Mhz effective clock because chipset is locked to 1333Mhz.

- Memory Frequency will let you set the memfrq to as  hight as 1867Mhz (including 1600Mhz in between). This has been confirmed as working for XPS machines and is yet to be confirmed by Vostro 3450/3750 owners. The only catch here is that mobile Sandy Bridge CPUs are limited to support 1333Mhz only, so one has yet to see what is the result of setting the clock higher than theoretically supported.

* System Agent (SA) Configuration

- DMI Settings submenu

- Graphics Configuration and PEG Configuration submenus will let you allocate the amount of shared  memory to IDG (integrated graphics) and change all sorts of options associated with it. There’s still no way to set nVidia or AMD cards (PEG) as primary GFX accelerator on OPTIMUS and Switchable-Grapchics machines.

* South Bridge Configuration (which is HM67 chipset for this generation of machines we are looking at)

- Adjustments to HPET (Hight Precision Event Timer) which is is one of the interrupt timers used in computers for ages.

- PCI Express Port Configuration submenu is there to control your mPCI-E port behavior (such as Wi-Fi and WIMAX). Same deal as with SATA – don’t enable ports that were disabled from the factory. Even though my computer doesn’t physically has a WIMAX port soldered to the deaugtherboard the port is enabled in the setup nevertheless.

- USB Config is your USB port configuration. And again .. don’t play detective here, enabling disabled things won’t do you any good.

- Azalia Configuration lets you disable onboard audio codec and HDMI audio.

- SB Serial IRQ Config is there for managing the allocation of computer interrupts (IRQs) ..

* Network Configuration

* LPC Configuration

* SMBIOS Event Log

- These 3 above again are submenus completely useless for the end-user

* ME Configuration

Here you can see the version of the Intel Management Engine firmware Dell has coded into your SPI chip. Dell still hasn’t updated to the latest v7 ME firmware to this day and the version currently supplied with newer BIOS releases is 7.0.4.1197 whils the newest one out there is 7.1.52.1176. I personally wouldn’t advise installing ME from different platforms just because platform features of the firmware tend to differ. If you still think it’s feasible for some reason, kasar has put together an upgrade package which will bump your ME firmware to the latest v7 version.

- Intel AT is your Intel Anti-Theft feature which is huge on modern day Ultrabooks… and according to Intel isn’t really supported on the range of machines we are discussing here. Nevertheless I believe you can purchase your activation code (supplied as a pre-paid card with a scratch-off code) to subscribe to this service. This allows you to track your machine, remotely lock it (so that the thief won’t be able to enter BIOS setup) and even remotely wipe your machine. Basically an analog of Apple’s Find My Mac (or iPhone if you like) service from iCloud. Intel doesn’t support this range of machines officially due to Dell’s Computrace being hardcoded into the BIOS with essentially same capabilities as AT.

* Thermal Configuration

- CPU Thermal Configuration submenu allows you to disable Intel’s original thermal monitoring, enable the T-States (throttling states), also there’s an option to disable DTS (Digital Thermal Sensor) which uses optical fiber to report data from Thermal Zones and works in conjunction with PTID device (I have mentioned it earlier in the article) which reads data passed from Thermal Zones as well.

- Platform Thermal Configuration

1. Trip point temperatures for fan kicking in at HIGH and LOW RPMs.. the use is pretty obvious.

2. Passive TC1, TC2 and TSP values are used in a formula defined in ACPI Specification (see ACPI Spec 5.0, 11.1.5.1 Processor Clock Throttling, pp.525)

3. PCH Thermal Device which is a HM67 chipset sensor that is disabled by Dell because there are already 3 ways of monitoring temperature implemented and there was no need for SMBUS temperature reporting according to Dell.

You can enable the PCH Sensor nevertheless, but please note – most of the settings on this menu won’t do anything .. they don’t override anything because temperature values for tripping are most likely hardcoded into EC (ITE IT8158E Enchanted Controller found on this series of machines) firmware.

After this HUGE progreess came a tiny exporation – a way of updating the CPU microcode, which Dell is not really doing a gread job of themselves.. my A13 comes swith microcode v23, while the latest one supplied by Intel for CPUID 0x000206A7h is v28. You can read about the procedure in detail here, as described by jkbuha. The only thing I should mention is that it’s not required to enable of the Control Options as said in the linked post. It’s enough to enable ‘No SLIC’ and ‘Allow users to modify other modules’.

Later we discovered that Dell is lazy to update their Intel IGD VBIOS as well and as seen from XPS L502x changelog they are actually downgrading the versions because their ePSA Diagnostics Utility is getting confused by changes in the VBIOS. We are not blaming Dell here, but it sure is nice to at least update your machines that haven’t gone through their support lifespan yet… then to roll something back because you are too lazy to update your propriatory diagnostics utility. So we went ahead and took a VBIOS v2130.0  (it seems that Itel’s VBIOS always goes by GUID of 29206FC2-9EAB-9EAB-4612-ACA1-1E3D098FB1B3) from an Inspiron 17R Special Edition laptop which also has SCT, but of version 2.3.1 already (still not documented by Phoenix on their wiki). We discovered that connector table as well as hardware ID table do differ across machines due to the nature of different port setup as well as available CPU support. jkbuha has found out that for Intel’s Mobile VBIOS the connector table always starts at offset 0xC20 and ends and 0xD1F, you have to use a connector table from your original VIDEO bios to support all the video-out ports. If the ID of your onboard graphics card is not found in the donor Video BIOS you have to carry over the ID table as well which is 0×44 to 0×80.

Right now we have settled on a Lenovo (product code H0ET70WW) mobile VBIOS v2137.0 which seems most stable and glitch-free (like broken brightness controls for eg.). It’s not advisable to use desktop board VBIOSes even though the version is higher the scructure is totally different, also turned out they are missing the text mode 80×25.

The wake issue has been plaguing OSX users on Dell laptops based on SCT2.0 with later BIOS version. As a temporary measure I have troubleshooted what was causing the issue – the module PlatformSmm.efi of known to work BIOS version has to be backported into later versions to fix the issue. The module is responsible for loading DSDT and locating and loading SSDT tables based on RSTD/XSDT data.

Now that I know the module, I dug deeper and it turns out that changes to memory allocation across BIOS versions have caused the issue. Theoretically this can be solved purely by altering DSDT – in other words.. here are the changes for my Vostro going from A04 (wake works) to A07 (wake doesn’t work):

130c130

< OperationRegion (GNVS, SystemMemory, 0xBAF42E18, 0x01B0) A04

> OperationRegion (GNVS, SystemMemory, 0xBAF41E18, 0x01B0) A07

655c656

< OperationRegion (PNVS, SystemMemory, 0xBAE0D018, 0x100E) A04

> OperationRegion (PNVS, SystemMemory, 0xBAE0C018, 0x100E) A07

I have a proof of this concept over at InsanelyMac forums but I have yet to try this myself. What’s needed is you take the regions from a later version of the BIOS (A07 in this case) and swap the regions in DSDT of an older version of the BIOS (A04). This slight shift in memory has caused the machine to fail at locating ACPI tables upon wake. This is for people who prefer to keep older DSDTs even with new BIOS versions.. I’m such a person myself, but when I saw Brabbelbla was using the DSDT from latest BIOS while actually running the latest BIOS – this got me thinking what’s causing this. jkbuha once said that he has’t experienced the wake from sleep issue ever on his 15z. After checking DSDT of this machine going from one BIOS version to another version it appeared that memory regions haven’t changed .. to this has lead me to the conclusion above.

N.B.

A good person that goes by the name CodeRush has created an automated cross-platform utility that is able to do the patching for Apple’s PM and uncloks advanced menus at the same time, the software is constantly updated and the source code can be found here. A compiled version 0.5.5 for Windows can be found here. You can even pass the .exe straight from Dell’s support page to apply the patch.

2. UEFI Shell access on Dell-Phoenix SCT 2.0:

Sadly, there’s still no way to unlock internal EFI Shell, but fortunately an external binary of SHELL 2.0 (best compatibility with UEFI 2.0 based SCT) can be used on a usb stick to initiate the UEFI SHELL. The stock shell used by Dell is very limited, so there’s no point in using the one supplied in the firmware.

Technically it is possible to add shell.efi in the same manner Windows adds itself to bcfg (Boot Configuration or your Boot Order that you see when you fir F12 on boot) or even assign a hotkey to it, but you need to have your HDD formatted with GPT partition table.

Load up the shell from external media. To do this you get a third-party SHELL binary from Intel’s EDK II  and put it on a FAT32 formatted USB stick in a catalog hierarchy of /EFI/BOOT/bootx64.efi

Reboot your machine, enable UEFI Boot in Boot Configuration. Insert the USB flash drive and reboot your machine, it will boot up straight to SHELL.

At this point you would have two possible mount points for fs, one would be MBR (your usb) and another on would be GPT (your HDD partition).

Map your media by doing: map fs*

I assume you have 3 or more fs partitions now, fs0: is MBR (the USB drive) and the rest are GPT (EFI, primary part .. etc)

Do the following:

fs1:

fs0:

cp fs0:\EFI\BOOT\bootx64.efi fs1:\efi\shell64.efi

It will copy bootx64.efi (which is your third-party shell efi application) from USB /EFI/BOOT to your EFI partition /efi/shell64.efi

* Just to add SHELL as a Boot Order Entry do the following:

fs1:

cd efi\

bcfg boot add 10 shell64.efi “Shell 2.0″

bcfg boot dump

* If you want SHELL to be accessible from a hotkey as well (like F12 or F2):

fs1:

cd efi\

shell64.efi (this will initiate the SHELL binary we just copied to the EFI partition)

dh (this will produce a long list of loaded and initialized efi modules, the SHELL we just loaded will appear toward the end, make note of the directory and the handle number of it, it can be 1AE for example)

bcfg boot addh 10 handle_number_here “Shell 2.0″ -opt 0×40000000 0×0015 (this will add Shell Boot Option with a hotkey of F11 – 0×0015)

 3.  Crisis Recovery

With all the modifications to the system BIOS there was a much needed way of doing Crisis Recovery, which again wasn’t documented anywhere for SCT 2.0. We have been looking and looking around for a way to initiate it with no apparent success. There was an inside document leaked from Packard Bell (division of Acer) which described the use of PFlash.efi (withci is an EFI SHELL Flasher that you see when you update the BIOS from an OEM updater) and some form of startup.nsh which is the script that is being executed when you start the EFI Shell (if it’s placed in the same folder where shell.efi is located). We have been able to find the latest releases of the mentioned utility on some ftp server, but to no avail . This wasn’t really useful because this application can only run when machines is booted in the firmware update boot mode (there are multiple boot modes possible with SCT 2.0 UEFI BIOS).

Like on some older Dell machines recovery is initiated in a pretty known manner. You basically prepare an external media with a recovery capsule (Torito CD or FAT32 flash drive), unplug the power cord from the laptop, press and hold the End key on the keyboard (it’s Right Arrow key on XPS 15z due to the lack of dedicated End key), plug the power back in as let go of the End key the moment you insert the power jack. The machine starts in a crisis boot mode and expects a valid recovery capsule. This was a piece of cake part of the recovery process .. the hardest part was the structure of the capsule that we need to be using. Phoenix wiki has some documentation regarding the structure but the information provided there wasn’t enough. After many misleading analogies from other machines and BIOS makers it was finally figured out.

To my surprise I was able to find the way of making the capsule. First I used a software called Universal BIOS Backup ToolKit 2.0 which essentially dumped the BIOS region of my W25Q32BVSIG SPI chip (2.5Mb in size) and I have renamed it as BIOS.cap (because this was the name I had originally found referenced inside the modules related to CD and USB booting in crisis boot mode) and following the method of initiating the recovery I was able to boot the machine. There came another surprise – the BIOS from the USB is not flashed directly to the SPI chip, but loaded into memory rather.. which allows the machine to boot while having the on-chip BIOS still corrupted.

Following superb feature which later allowed us to test BIOS modifications without actually flashing the BIOS we still had to figure out how to make the capsule by hand to include all the modifications. The answer was pretty obvious. Take the BIOS1.WPH supplied by Dell, extract it with Phoenix Tool and you will end up with a 4.12 Mb F33… RAW BIOS capsule and the actual EFI SHELL flasher which is 1.06 Mb in size and is of version v1.5.02 (while the latest version of Phoenix EFI SHELL Flasher is actually v1.5.66.. way to go Dell) that is used to flash the capsule to the chip. The capsule is of the exact size of the flashrom SPI chip and EC chip combined – 4329471 bytes or 4.12 Mb.. and If you followed the article carefully you’ve seen that BIOS region is 0×180000 to 0x3FFFFF – this is the part that has to be cut of the F33 RAW capsule (using a HEX editor of personal preference) and named as BIOS.cap to be used as a crisis recovery capsule.

Sadly as of the latest BIOS version (for my Vostro 3450 at least), Dell has decided to revoke Boot Manager and exclude the USB boot feature while machine was in crisis boot mode. The latest known BIOS version for my particular machine that supported this feature was A04. It is possible to obtain the feature back by backporting the appropriate modules to newer BIOS versions, but I just prefer to have a custom A04 crisis recovery capsule to avoid the need for backporting.

Our fellow comrade kasar or in other circles knows as capitankasar has put together a Windows PE (Bart PE) bootable image for BIOS crisis recovery via a Torito CD. You have to burn it to a bank CD/DVD.

When you boot the CD up, go to CMD and write repair, it will start the flasher … Follow the onscreen instructions and you should be all set in the matter of a couple minutes.

XPS L502x: http://www.mediafire.com/?z4lt1n56catjme6

XPS L702x: point me to one ? :)

XPS L511z: http://www.mediafire.com/?36xadbbn4a8udxd

Vostro 3450: http://www.mediafire.com/?c3cc3mqofabh5m3

Another positive thing about initiating crisis recovery is that CMOS gets reset while doing so. This won’t wipe your NVRAM if you screwed something up by using SHELL, but sure can save you from going through a hassle of dismantling the unit to reach for a coin-cell battery to reset the CMOS.

Pending projects are the following:

 1. Flash Descriptor and ME Region unlocking, potentially leads to overclocking capabilities.

This requires a hardware solution, currently there is no way for Dell Phoenix SCT machines to do this via software. This is required to enable write access to these regions and potentially exploit ME region to enable Overclocking platform feature. A sequence of 00 00 FF FF 00 00 FF FF 18 01 08 08 FF has to be flashed by a hardware flasher to the offset 0×60 (part of the Flash Descriptor) to remove the master lock protection:

Master Region Access:

CPU/BIOS – ID: 0×0000, Read: 0x0B, Write: 0x0A

ME       – ID: 0×0000, Read: 0x0D, Write: 0x0C

GbE      – ID: 0×0118, Read: 0×08, Write: 0×08

Basically we overwrite the lock keys for FD and ME regions that appear as 00 00 0B 0A 00 00 0D 0C 18 01 08 08 FF at the noted offset, there is no GbE region on the SPI chip, so it’s pointless to remove the master lock on it.

This has been partially done by kasar at a cost of a dead motherboard on his XPS L502x machine, which was a result of an unsuccessful ME flash in attempt to unlock overclocking features. However, he was finally able to recover the motherboard by building an external BIOS programmer, and after restoring the chip backup, he got the unit back to working status, he also got a successful BCLK overclocking mod by modding the ME region.

 2. Permanent DSDT modification

There are ACPI tables out there in the open inside the firmware’s capsule. We are able to decompile and recompile them using the AML iASL decompiler from Intel but there’s no known way of integrating them back inside the firmware and actually having the machine to boot. Replacing the module directly results in a black screen during boot. Using respective functionality from Phoenix Tool has the same result..

Credits for all the things related to SCT 2.0 unlocking/hacking/tweaking go to: Mikhail, Andy (of PhoenixTool fame!) djjonastybe, jkbuha, kasar, Ahmed and you humble servant TimeWalker.

 

UEFI, Secure Boot and what it means to you

With the advent of UEFI and Windows 8 comes some security and usability issues. When Windows 8 is released, UEFI’s “Secure Boot” will be required to be turned on by default and it will be left to the OEM’s on how to implement it. What does this mean to you? Maybe nothing.

Windows is still the most popular PC Operating System in the world. As such, it is highly likely that the computer you are reading this article on is running some version of Microsoft Windows. If you are running Windows 7 and up, your OS is compliant to UEFI specifications. But what if you want to run a different OS, like Linux, older versions of Windows? You could be out of luck.

What is Secure Boot?

Secure Boot is a UEFI 2.3.1 specification that during the boot process verifies certificates (or keys) held in the firmware, and compares them to other Option Roms and OS boot loaders. If the correct key is not in the firmware, or is in the “Blacklist”, Secure Boot will prevent the OS from loading or could prevent you from upgrading to certain manufacturers option cards. Since it will be up to the OEM (Original Equipment Manufacturer) to implement the Secure Boot feature, it is also up to them whether or not to add an option in the set-up to disable it, or to be able to update the “Allowed” OS list. So, if you were to buy a Windows 8 PC and want to install a new version of Linux, and there is no option to disable Secure Boot, and the key for the version of Linux you are installing is not found in the firmware, the OS will fail to load. This feature is intended to prevent malware such as “rootkits” and “bootkits” to install themselves and run when booting your OS. According to Microsoft, the Windows 8 implementation of Secure Boot, programs will not be able to change Secure Boot security settings to prevent malware from gaining access through reprogramming the firmware.

Are you losing control?

Because it’s the OEM’s decision to make a choice whether to include a disable feature for Secure Boot, or a way to update keys, PC’s can effectively be “locked” to one certain OS without the option to install a different OS. This would not affect usability for most people, but for “techies” and “geeks” (such as myself) this poses a very real problem. Canonical and Red Hat wrote a white paper addressing these issues. Microsoft wrote an article in their blog that clarifies Microsoft’s requirements regarding Secure Boot. Microsoft insures that an option to turn off Secure Boot in x86 PC’s setup must be present to be Windows 8 certified. However, that option will not be present in ARM processors (as of this writing). Meaning that, if the specifications are not changed, equipment that use ARM processors, i.e. Netbooks, will be “locked” to using Windows 8 if it was installed at the time of purchase.

This could be a very real threat for those who choose to run an alternate OS, and could be difficult for those who are not technically inclined.

 

Image: Stuart Miles / FreeDigitalPhotos.net

Out with BIOS, in with UEFI.

Ever since the computer was born, there needed to be a program to tell the CPU where things are and how to use them. In 1981 the IBM 5150 introduced the BIOS (Basic Input/Output System) to the IBM-PC market. The IBM 5150 had an 8088 16bit (16bit internal bus, 8bit external bus) processor, so the BIOS chip was limited to 16 bits and 1MB of memory space. Years went by and the CPU became more powerful, with a wider bus and more memory access. However, the BIOS remained the same, and retained it’s 16bit bus and 1MB memory limit, depending on the PC-AT hardware platform.

Enter EFI/UEFI (Extensible Firmware Interface/Unified Extensible Firmware Interface respectively). EFI was introduced in the mid-1990′s with the Intel-HP Itanium processor systems as the older BIOS was considered too limited for large server systems. In 2005 Intel dropped the EFI platform and handed it over to the Unified EFI Forum, which then became the UEFI.

There are several advantages to UEFI over the BIOS. UEFI boots faster, has the ability to boot from very large hard disks over 2TB, drops the MBR (master boot record) for the GUID Partition table, architecture and drivers are CPU-independent, an extensive GUI with mouse and network capabilities are possible, and ACPI and SMBIOS are also included as these are not dependent on the 16bit limitations of the older BIOS.

UEFI requires the Operating System and the Firmware to be matched. Therefore, 64bit UEFI can only run a 64bit Operating System. Microsoft Windows started support for UEFI beginning with 64bit Windows Vista Service Pack 1 and Windows 7 64bit versions support UEFI, as does Linux and Intel Mac’s OSX.

UEFI does not boot the same as a BIOS does. It requires a special partition table that points to a partition that has a special file that UEFI can load rather than just relying on the boot sector. Since the UEFI boot loader is a kind of UEFI application, it can be used to add extra functionality, such as choosing which Operating System to boot from. It can also auto-detect the boot loader so that it can be used to boot from removable media.

Several Virtualization platforms have implemented  UEFI. Virtualbox 3.1+, VMware Fusion 3+,  and QEMU can be used with UEFI. Virtualbox with UEFI will only work with Linux/Unix Operating Systems, so Windows will not work on Virtualbox using UEFI.

Intel UEFI Motherboard 2.1 SLIC Modding May Be Possible!

Hey Everyone

Ive got some really good news for owners of Intel motherboards which use the UEFI framework (Newer BIOS). Up until now Intel boards couldnt be modded for SLIC 2.1 but after some hours of scouring the internet I found a post which i translated and am ready to provide to those willing to test.

In theory , this method should work for ALL Intel Motherboards using UEFI. The original poster has fully confirmed this mod working on an Intel DG45ID motherboard , so you should at least give it a go if you have one of these!

Basically , the mod allows you to access the UEFI Terminal Interface and therefore lets you “Inject” a Dell 2.1 SLIC into the bios.

We would like some Intel testers to try out this new mod. Please PM me on the forums if you are interested.

Regards
1234s282