HP Pavilion g4-1012tx [UNLOCK ADVANCED OPTIONS]

[kenkit]

Hi,
I have tried to find the procedure as to how to unlock advanced options but with not much luck.
The bios itself is F.66 Rev 3.5 
The original link of the above bios is sp60864.exe and older sp55717.exe
I managed to use phoenix tool to decrypt the bios inside which is named 01666F66.BIN after looking at some log files
The logs 
______________________

Code:

--- Log started: 2018/10/06 02:15:29
Initializing...
Log file       : C:\SwSetup\sp60864\InsydeFlash.Log
Settings file  : C:\SwSetup\sp60864\platform.ini (found)
Executable     : C:\SwSetup\sp60864\InsydeFlash.exe
   Version    : 4.1.1.0    Build      : InsydeFlash
   Date       : Wed Apr 13 20:03:54 2011

Resource file  : C:\SwSetup\sp60864\iscflash.dll (loaded)
App name       : InsydesFlash
OS Information :  - supported

Preparation stage

IHISI Version  : 195
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 166C103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 166D103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 166E103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 166F103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 1670103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 1671103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 1672103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 1666103C
M-FD: Match!
M-FD: FD name 01666F66.BIN
Device Name:\Device\HarddiskVolume2
SearchVolumeFileAndCreateDirectory
Device Name:\Device\HarddiskVolume1
SearchVolumeFileAndCreateDirectory
Device Name:\Device\HarddiskVolume5
SearchVolumeFileAndCreateDirectory
Device Name:\Device\HarddiskVolume9
SearchVolumeFileAndCreateDirectory
Device Name:\Device\CdRom0
M-FD got:
01666F66.BINAllow Version: 000, Dex: 0
Current Version: F.66, Dex: 3942
Current BIOS version is bigger than the version setted in Ini.
Partition : 0 WMI 0x0D: 0
Check Package: 1
BIOS sign: 0
Decrypt sign File: 1
   Processing parameters...
M-FD got:
01666F66.BIN        Image file     : C:\SwSetup\sp60864\01666F66.BIN

______________________
There were a couple of other bin files there I suppose from other mobos
Any help will be greatly appreciated.
EDIT: Attached is the bios . Unpacked and decrypted with phoenixtool

[Lost_N_BIOS]

This is RSA Encrypted BIOS, so you probably wont be able to flash modified BIOS unless you do pinmod and unlock your FD, or have a flash programmer. However, you may be able to edit the platform.ini to ignore security/signature checks etc.

Can you currently see the advanced tab/section, and stuff is grayed out, or you cannot see advanced at all? Please add an image that shows all current tab/sections, so we can see what main sections are visible to you now.

[kenkit]

I cannot see anything about advanced settings. However after decompiling the file I managed to see that it is there.
Attached is the ifr file.
Also since I'm a programmer,I was wondering. Instead of having to rely on the efi prompt to access the advanced settings on encrypted bioses.
Couldn't we just make a tool that utilizes the efi prompt. Basically it should request the user for the ifr file parse it and display an alternative menu to users.  User will be able to access all the options that are locked away through our alternative menu. It should be safer since no bios flashing will take place.

[kenkit]

Something like an opensource bios setup menu that utilizes the users ifr file.
It should be part of grub where user places his ifr file in the root dir. Then the our custom menu program parses the file and retrieves all possible commands, then displays all the options for the user.
In the background it runs the commands when the user changes settings.

[Lost_N_BIOS]

Anything you can change in IFR, you can set permanently in the BIOS, that is why I was asking if you can see advanced or not because if you can I only needed to make rest visible, if not I need to try to make advanced visible for you. IFR file cannot be used in any manner like you mentioned, it's only useable to use as a reference source of what to modify where in hex or assembly etc. You may be able to make something similar to that since you are a programmer, but you would only use variables from the IFR, not the IFR itself, used along with Setup_Var via EFI Shell Grub

Do you have a flash programmer (hardware)? Or, have you already flashed modified BIOS to this board before in the past?
If no to either of those, you may need to do the pinmod to unlock FD (and then immediately reflash a unlocked FD), then you will be able to flash BIOS any way you want.

Here is mod BIOS, with full access enabled and Advanced Menu's enabled hopefully.
This may take a few different attempts on the advanced menu enable, until I can find right method to enable this for your BIOS.
https://www.sendspace.com/file/eske2e

Section E here shows several method on how to possibly unlock your FD
https://www.win-raid.com/t3553f39-Guide-...icing.html

First thing to check is for FD/FDO/ME/Service jumpers on the board, if you have that then we'll be good to go easy, set the jumper and reflash the FD. To do that, first you will dump the BIOS on the board, then upload to me unless you know how to extract the FD and edit, or edit the FD per the guide below and then reflash using FPT. It's contained in your stock BIOS download (Starting at 2000h), but not at proper location, so best to use a dump to do this once you unlock the FD. I unlocked it in the BIOS below, but it wont get flashed in, unless you unlock the FD first and then use FPT to flash the entire BIOS at once. If you can do via pinmod unlock and then flash entire BIOS, that then you wont need to dump, edit etc.

For the general mod BIOS for now, you may be able to flash using FPT from Intel System Tools Package for ME Version 6. Intel ME drivers will need to be installed I believe.
Try >> FPTw.exe -bios -f -01666F66M2.BIN

https://mega.nz/#!rVt3jJCC!-l2IP-MnuK993...z78XBCXfwU

Please add image of your current BIOS, so I can see all visible main sections, just so I can see the name of each section currently shown.

[kenkit]

That opened up a whole new level of complexities. I didn't know there were more levels to locking bios firmware.
I have not attempted to dump the chip. But the image I last installed is the one I had uploaded.
I suppose the easiest solution is to remove the chip and flash it off-board. I've manage to flash a couple of bios chips before using a hardware programmer I built from scratch. But I don't like messing with the mobo since it's quite easy to mess things up.
EDIT:I found the schematic http://www.s-manuals.com/pdf/motherboard...matics.pdf for the board. Since the model and parts are like mine I suppose it's the same board.
Now all I need to do is short the two pins [page 25] on the audio controller, then flash the mega link file you sent through intel flash tool ?

[kenkit]

Btw about ifr parsing. I didn't mean to modify it and flash it back to the system.
What I meant was a way to view the ifr file from grub efi shell then when the user sets his options it can e.g build a script with the modified options when the user is done the script would contain the variables that would be set using the setup_var command.

[kenkit]

With the new info, i've been snooping around this is what I have managed to find.
It seems I'll go the audio controller hack.
This is the meinfo output

Code:

Intel(R) MEInfo Version: 6.0.0.1184
Copyright(C) 2005 - 2009, Intel Corporation. All rights reserved.

GBE Region does not exist.
Intel(R) ME code versions:

BIOS Version:                           F.02
MEBx Version:                           6.0.3.19
Gbe Version:                            Unknown
VendorID:                               8086
PCH Version:                            400006
FW Version:                             6.1.1.1045
UNS Version:                            Not Available
LMS Version:                            Not Available
MEI Driver Version:                     6.0.0.1179
Wireless Hardware Version:              Not Available
Wireless Driver Version:                Not Available

FW Capabilities:                        7264

   Intel(R) Anti-Theft Technology PC Protection
   Intel(R) Capability Licensing Service
   Protect Audio Video Path

Cryptography Support:                   Disabled
Last ME reset reason:                   Power up
BIOS and GbE Config Lock:               Enabled
SPI Flash ID #1:                        EF4016
SPI Flash ID VSCC #1:                   20052005
BIOS boot State:                        Post Boot
FWU Override Counter:                   Always
FWU Override Qualifier:                 Always
Local FWUpdate:                         Enabled
OEM Id:                                 00000000-0000-0000-0000-000000000000
FW behavior on Flash Descriptor Override Pin-Strap: Halt

[kenkit]

Here is fpt dump for bios region. I have not unlocked the registers yet

[kenkit]

More infos

Code:

Platform: Intel(R) HM55 Express Chipset Revision: B2
Reading HSFSTS register... Flash Descriptor: Valid

       --- Flash Devices Found ---
       W25Q32BV        ID:0xEF4016     Size: 4096KB (32768Kb)

       --- Flash Image Information --
       Signature: VALID
       Number of Flash Components: 1
               Component 1 - 4096KB (32768Kb)
       Regions:
               Descriptor - Base: 0x000000, Limit: 0x000FFF
               BIOS       - Base: 0x180000, Limit: 0x3FFFFF
               ME         - Base: 0x001000, Limit: 0x17FFFF
               GbE        - Not present
               PDR        - Not present
       Master Region Access:
               CPU/BIOS - ID: 0x0000, Read: 0x0B, Write: 0x0A
               ME       - ID: 0x0000, Read: 0x0D, Write: 0x0C
               GbE      - ID: 0x0118, Read: 0x08, Write: 0x08

Used Space: 4096KB, Actual Space: 4096KB

FPT Operation Passed