Posts Tagged ‘UEFI’
This article documents the exciting work being done by some of our top contributers in our forum. The modifications performed on systems like the Dell 15z reflect the most advanced examples of BIOS modifications done within our community. For more information, please visit the thread.
Phoenix SecureCore Tiano, used by Dell, is a tough nut to crack – we came to what we have today by taking little steps on a road that wasn’t smooth to begin with. Phoenix nor Dell have provided any information regarding SCT 2.0 and to this day the BIOS on these machines has not been upgraded to 2.3.1 which allows for ME v8 (brings IVB CPU support) and SecureBoot capabilities.
The number one utility in all of our research is without a doubt AndyP’s Tool, which can be found here. Huge props to him – without his tool our work wouldn’t be possible. Please note, that for some reason later versions of this tool such as 2.11 don’t seem to unpack the BIOS.wph’s capsule properly, so use versions prior to that if you are going to attempt doing some *magic* on your own. There have been a new Phoenix Tool release v2.12 but I have yet to try it, I personally still use 2.02 and it has been producing stable and working output.
The BIOS chip structure is the following:
Platform: Intel(R) HM67 Express Chipset
— Flash Devices —
Size: 4096KB (32768Kb)
00000000h – 00000FFFh: Flash Descriptor Region
With the advent of UEFI and Windows 8 comes some security and usability issues. When Windows 8 is released, UEFI’s “Secure Boot” will be required to be turned on by default and it will be left to the OEM’s on how to implement it. What does this mean to you? Maybe nothing.
Windows is still the most popular PC Operating System in the world. As such, it is highly likely that the computer you are reading this article on is running some version of Microsoft Windows. If you are running Windows 7 and up, your OS is compliant to UEFI specifications. But what if you want to run a different OS, like Linux, older versions of Windows? You could be out of luck.
What is Secure Boot?
Secure Boot is a UEFI 2.3.1 specification that during the boot process verifies certificates (or keys) held in the firmware, and compares them to other Option Roms and OS boot loaders. If the correct key is not in the firmware, or is in the “Blacklist”, Secure Boot will prevent the OS from loading or could prevent you from upgrading to certain manufacturers option cards. Since it will be up to the OEM (Original Equipment Manufacturer) to implement the Secure Boot feature, it is also up to them whether or not to add an option in the set-up to disable it, or to be able to update the “Allowed” OS list. So, if you were to buy a Windows 8 PC and want to install a new version of Linux, and there is no option to disable Secure Boot, and the key for the version of Linux you are installing is not found in the firmware, the OS will fail to load. This feature is intended to prevent malware such as “rootkits” and “bootkits” to install themselves and run when booting your OS. According to Microsoft, the Windows 8 implementation of Secure Boot, programs will not be able to change Secure Boot security settings to prevent malware from gaining access through reprogramming the firmware.
Ever since the computer was born, there needed to be a program to tell the CPU where things are and how to use them. In 1981 the IBM 5150 introduced the BIOS (Basic Input/Output System) to the IBM-PC market. The IBM 5150 had an 8088 16bit (16bit internal bus, 8bit external bus) processor, so the BIOS chip was limited to 16 bits and 1MB of memory space. Years went by and the CPU became more powerful, with a wider bus and more memory access. However, the BIOS remained the same, and retained it’s 16bit bus and 1MB memory limit, depending on the PC-AT hardware platform.
Enter EFI/UEFI (Extensible Firmware Interface/Unified Extensible Firmware Interface respectively). EFI was introduced in the mid-1990′s with the Intel-HP Itanium processor systems as the older BIOS was considered too limited for large server systems. In 2005 Intel dropped the EFI platform and handed it over to the Unified EFI Forum, which then became the UEFI.
There are several advantages to UEFI over the BIOS. UEFI boots faster, has the ability to boot from very large hard disks over 2TB, drops the MBR (master boot record) for the GUID Partition table, architecture and drivers are CPU-independent, an extensive GUI with mouse and network capabilities are possible, and ACPI and SMBIOS are also included as these are not dependent on the 16bit limitations of the older BIOS.
Ive got some really good news for owners of Intel motherboards which use the UEFI framework (Newer BIOS). Up until now Intel boards couldnt be modded for SLIC 2.1 but after some hours of scouring the internet I found a post which i translated and am ready to provide to those willing to test.
In theory , this method should work for ALL Intel Motherboards using UEFI. The original poster has fully confirmed this mod working on an Intel DG45ID motherboard , so you should at least give it a go if you have one of these!
Basically , the mod allows you to access the UEFI Terminal Interface and therefore lets you “Inject” a Dell 2.1 SLIC into the bios.
We would like some Intel testers to try out this new mod. Please PM me on the forums if you are interested.