(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO

[TimeWalker]

Hey all,
CodeRush chimed in today providing me this material for reading: http://wenku.baidu.com/view/55ecfbdcd15abe23482f4d75
(please don't share it widely as I've yet to gather enough Caifu Zhi to download the actual copy... and *someone* can take the file down by request in a matter of seconds).
A lot of things cleared up .. some on the other hand got more confusing. I won't have time to carefully read the document, but after skimming through it appears to have answers for most of our questions regarding ME and region permissions/structure.

[TimeWalker]

And here comes todays update .. again from CodeRush.
Pay attention to the right top corner on this page:

Then go ahead and download our 6-series chipset datasheet from Intel, which has to say the following on pp.91:


Now get your HDEF datasheet and find the following ...in a nutshell pin 5 has to be supplied voltage from pin 1 (shorted together) upon boot to trigger descriptor security override and enable debugging mode for ME:


CodeRush ended up with this:




As you can see the master lock is still intact and yet it allowed him to dump through host access..
What this means is that there's no need for a hardware flasher to gain write access to ME.
There's that for now props to the man behind this find.

[kasar]

thanks for the info!

mmm, so acording to this, bypassing the descriptor can be done with a single 1K resistor , right?

not bad, this will make things easier for you guys.
anyway, keep in mind having a flasher was the thing wich saved my laptop when it got screwed after flashing stuff from the OS with unlocked descriptor.

if I didnt had the chip backup from the flasher, I would have a brick now.

so in case you guys skip the flasher and the whole chip backup, make sure what you flash and where, the recovery cdrom can only restore the bios region, other regions are unrecoverable with the BIOS.cap trick.


note: I noticed it also said something about enable ME debugging.

as far I know I just unlocked descriptor by tweaking the flasher stuff.

do this means I still have to do the resistor trick even with modded descriptor to enable ME debugging?

[TimeWalker]

According to CR resistor is not needed, it's meant to have the board in debugging mode permanently at any boot up. if you just need to enable the override temporally then a simple short between pins 1-5 is enough. The document referenced above describes a lot of things in terms of fiddling with FITC and FPT.. so @kasar you are our test subject after Christmas and New Years.. based on this info we possibly can update the ME with just an updater and a custom binary .. without the need of any voodoo magic and chip content slicing and splicing.

[kasar]

well, anyway getting a 1K resistor is very easy, and it will save you to bridge it everytime the thing to enter in debugging mode, a little more soldering for a more lazy reboots then.

oh, updating it with modified binary would be awesome to all people, I'm almost sure electronical modifications keep most users away from it ^^
so it would be need only for testing and doing blind/crazy tests like I do

hehe, test subject, I like it ^^

with 4 extra preprogramed chips, programer, sockets and backups there is no way of bricking this laptop again, at least bios/firmware related


today I tried to flash another modded bios using conventional method, but it failed while the flashing were flashing, it asked weird beep and it asked also write errors at some sectors.

had to use the recovery CD to boot again the machine.

tried to flash again, but it happened again.

well, in order to make it flasheable from the machine itself, I had to extract the chip from the socket and place it again, then it flashed fine.

strange, maybe it was a bad contact again ^^

glad it fixed that, I was about starting to think the chip were different to the one initially installed and it had some issues, but hopefully that wasnt the cause.


edit:

also noticed something at the ivy procesor I have in mind for testing

http://www.ebay.es/itm/NEW-INTEL-i7-3720...3cca708663

go to the link


then you can read this

For intel mobile 75/76/77 Chipset etc use ONLY (It will NEVER work on 65/67 /55 etc chipset), check your laptop Chipset model with CPU-Z first.

this worries me again.

my chipset is HM67, one of the ones reported as not working, I would be a shame that after getting the cpu, updating ME, HD3000 to HD4000 vbios update and microcodes update it would still not working for IVY proccesors for hardware limitations.

:o

[TimeWalker]

To be absolutely fair with you I'm starting to doubt this will happen anytime soon...as per Intel there's this chart:

We have Huron River platforms, guh...
But if Intel is anywhere like Apple (who claim their iMac machines can support only 8Gb of memory which they in fact can support 16 perfectly fine) then we may have a chance of an upgrade headroom ahead of us.

[CodeRush]

I finally managed to register here.
I'm reading this topic since @TimeWalker pointed me to, and I must say that you guys are awesome.
I must also say that I don't have much time to help now and I did't believe that IB-processor can work on HR-chipset from the beginning, but it is a situation where process is more valuable then upcoming results.

[kasar]

welcome aboard CodeRush.

I heard really good stuff from you and your projects ^^

oh, about the IB-proccesor on our machines.

is it some kind of software limitation (BIOS, ME firmware ....) or it is more related with hardware/chipset?


if it is just software I think it can be done by the methods discussed here (ME8 + Intel 4000 vbios + microcodes)
but if it is a hardware limitation there isnt a lot we can do :o

well, a safe way to test it, it would be to edit the dump created by my programer, and replace the ME7 zone with ME8 firmware and check if it boot at least with a normal sandy bridge cpu.

timewalker had some kind of modified dump of mine, I think he said the size of the ME zones were identical and easy to replace.

as soon as he or someone else give me a hand with that I will flash it using the programer andthen will report results ^^

[CodeRush]

I heard really good stuff from you and your projects ^^

Thanks. BTW, I have a wiki page about RushSPI in english, no need to use crappy Google-Translate anymore.

is it some kind of software limitation (BIOS, ME firmware ....) or it is more related with hardware/chipset?

ME and/or hardware. I don't know much about the situation with Phoenix SCT 2.0 compatibility with ME 8, TBH. But I know that ME 8 is incompatible with rev. B2 of 6 series chipsets at all, and ASUS had to rewrite half of their code to add ME 8 support in new BIOS versions for B3. So it won't be surprise if ME 8 won't start on HM67. And without it IB won't start either.

Let's see test results, anyway.

[kasar]

well, then we lose nothing by trying ^^
however about getting a ivy proccesor to test, it would be nice to at least ensure first the ME8 firmware is running first on the motherboard ^^

oh, a quick question guys.

as for the software I use to write the chips, I use a DOS version of flashrom

is there are some windows alternatives for this software?

the flasher name I am using is rayer_spi (parallel port based)
I didnt found any software for windows.

and if I try virtualizacion, by installing DOS on a vmware machine and give it access to the phisical parallel port, it is slow as heck and cpu resources ussage goes crazy.

any ideas/alternatives?

spipgm can just read & verify,but it cant write for some reason, flashrom is the only one I noticed working properly while writting the chips