Okay, so the authentication process seems pretty complete and difficult to bypass (speaking as someone with security knowledge but zero experience attempting to bypass these types of mechanisms). I've read articles about people bypassing similar but less complete kinds of security mechanisms before to bypass laptop battery whitelists (yes, they exist unfortunately), but I lack the skills to do so by myself.
However, there are two different cases that the authenticate requirements could apply to:
1.) Microprocessor/CPU attempts to read/write the BIOS chip. This almost certainly makes use of the authentication procedure, with Asus providing any relevant signing of BIOS updates.
2.) Hardware programmer attempts to read/write the BIOS chip. I know the documentation says "SPI device" but I think this could refer to the CPU as well if it uses the "SPI interface" to interact with the BIOS chip. If the authentication procedure does not apply here, then I think I know how to read/write the BIOS.
This is from Winbond's documentation for this chip:
Code:
- 5 -
PIN DESCRIPTIONS
Chip Select (/CS)
The SPI Chip Select (/CS) pin enables and disables device operation. When /CS is high the device is
deselected and the Serial Data Output (DO, or IO0, IO1, IO2, IO3) pins are at high impedance. When
deselected, the devices power consumption will be at standby levels unless an internal erase, program or
write status register cycle is in progress. When /CS is brought low the device will be selected, power
consumption will increase to active levels and instructions can be written to and data read from the device.
After power-up, /CS must transition from high to low before a new instruction will be accepted. The /CS
input must track the VCC supply level at power-up and power-down (see “Write Protection” and Figure 10a
& 10b). If needed a pull-up resister on the /CS pin can be used to accomplish this.
I found a page about pull-up and pull-down resistors:
https://learn.sparkfun.com/tutorials/pul...istors/all
It seems that resistors can modify the voltage on the /CS pin to meet the requirements for reading from/writing to the device. Regardless of authentication requirements, this is going to be one of our requirements (crossing fingers that this is all we have to do). Please see page 5 of the BIOS chip documentation for a BIOS chip pinout. Descriptions of the pins are on the next page if you are curious.
I imagine we will be using a pull-up resistor. The resistor will have a button on it. When this button is not pressed, the resistor connects the /CS pin to the VCC pin, bringing up /CS's voltage to near VCC's (in other words, putting it in a "high" state). When the button is pressed, the resistor connects the /CS pin to the GND (ground) pin, which lowers the voltage on the /CS pin (in other words, putting it in a "low" state). When the voltage goes from a high state to a low state after power up (whatever "power up" means in this case - probably connecting the flash programmer or plugging in the computer), then read/write operations are allowed because the internal mechanisms in the BIOS chip allow it to use enough power to work properly.
I believe this is the way we read/write data from the BIOS chip in any useful manner. I'm going to continue doing research on this. Hopefully this is the only thing we have to do.
If anyone is a regular hardware modifier/specialist/electrician and/or knows about this stuff, any input would be greatly appreciated!