Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Lenovo Thinkpad E130 (H4ETxxWW...
Last Post: Tim82
Today 09:08 AM
» Replies: 508
» Views: 101030
[REQUEST] Lenovo Yoga 11E (N15ETxxW) Whi...
Last Post: Dudu2002
Today 08:15 AM
» Replies: 5
» Views: 2516
[REQUEST] Lenovo G50-70 (9ACNxxWW) BIOS ...
Last Post: Dudu2002
Today 07:23 AM
» Replies: 139
» Views: 40957
[REQUEST] CPU Support for Ryzen 5 3600 o...
Last Post: flexpavillion
Today 04:32 AM
» Replies: 1
» Views: 330
Clevo P775TM1-G BIOS
Last Post: ActivatedNut
Today 01:36 AM
» Replies: 145
» Views: 55301
ASUS P5G41T-M LX2/GB Unlocked Hidden Ove...
Last Post: GangsteR23
Yesterday 04:58 PM
» Replies: 25
» Views: 64127
lenovo z570 Advanced Menu Unlocked
Last Post: Kaluva12345
Yesterday 04:58 PM
» Replies: 7
» Views: 4095
[Request] HP Elitebook 6930P WLAN Whitel...
Last Post: Maxinator500
Yesterday 02:25 PM
» Replies: 15
» Views: 6564
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: RedfieldHUN1987
Yesterday 09:23 AM
» Replies: 2
» Views: 140
L14 Gen 3 AMD , Need UEFI unlock advance...
Last Post: frankeinstein2532555
Yesterday 04:08 AM
» Replies: 0
» Views: 87
[REQUEST] Lenovo Y400 & Y500 (6BCNxxWW) ...
Last Post: freedome
03-26-2024 11:00 PM
» Replies: 188
» Views: 52167
[REQUEST] Lenovo G510 (79CNxxWW) Whiteli...
Last Post: ghostinoss
03-26-2024 09:21 PM
» Replies: 655
» Views: 167114
[Request] CPU support for Lenovo IQ57I
Last Post: DeathBringer
03-26-2024 10:02 AM
» Replies: 5
» Views: 235
unlocked Bios for Machenike s16
Last Post: Dudu2002
03-26-2024 09:06 AM
» Replies: 5
» Views: 325
[REQUEST] Bios Unlock Whitelist HP DV6-6...
Last Post: DimanTLT63
03-26-2024 03:03 AM
» Replies: 0
» Views: 137
[REQUEST] HP Pavilion G6-1252ss Whitelis...
Last Post: joseefitness
03-26-2024 01:40 AM
» Replies: 0
» Views: 122
[REQUEST] Lenovo S310 & S410 (8BCNxxWW) ...
Last Post: morgley
03-25-2024 10:43 PM
» Replies: 14
» Views: 6331
Acer Nitro ANV15-51 Bios Bin File Reques...
Last Post: Papethzkie23
03-25-2024 06:04 PM
» Replies: 0
» Views: 137
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: si1975
03-25-2024 01:28 PM
» Replies: 468
» Views: 125404
[REQUEST] Lenovo Yoga 2 Pro (76CNxxWW) W...
Last Post: TalKaz
03-25-2024 11:10 AM
» Replies: 844
» Views: 317052

[NEEDINFO] Variable + Var store in IFR extracted
#1
Hello, everyone! I have an already modded uefi bios dump -- the whitelist removal and the advanced menu is unblocked. But every item in this advanced menu is not saved properly and therefore does not work. My goal is to enable <Boot Performance Mode> to <Max Battery>, <Turbo Mode> to <Disabled>, i.e to squeeze out max powersaving.

So i have here ->

#################

0x3BBA4 Setting: Boot Performance Mode, Variable: 0x4C {05 A6 9B 00 9C 00 34 00 0A 00 4C 00 00 10 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x3BBCA Default: 8 Bit, Value: 0x0 {5B 0D 00 00 00 00 00 00 00 00 00 00 00}
0x3BBD7 Default: 8 Bit, Value: 0x0 {5B 0D 01 00 00 00 00 00 00 00 00 00 00}
0x3BBE4 Option: Max Performance, Value: 0x0 {09 0E 9D 00 00 00 00 00 00 00 00 00 00 00}
0x3BBF2 Option: Max Battery, Value: 0x1 {09 0E 9E 00 00 00 01 00 00 00 00 00 00 00}
0x3BC00 Option: Auto, Value: 0x2 {09 0E 9F 00 00 00 02 00 00 00 00 00 00 00}
0x3BC0E End of Options {29 02}

#################

0x3BC88 Setting: Turbo Mode, Variable: 0xA {05 A6 A0 00 A1 00 36 00 0A 00 0A 00 00 10 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x3BCAE Default: 8 Bit, Value: 0x1 {5B 0D 00 00 00 01 00 00 00 00 00 00 00}
0x3BCBB Default: 8 Bit, Value: 0x1 {5B 0D 01 00 00 01 00 00 00 00 00 00 00}
0x3BCC8 Option: Disabled, Value: 0x0 {09 0E 03 00 00 00 00 00 00 00 00 00 00 00}
0x3BCD6 Option: Enabled, Value: 0x1 {09 0E 02 00 00 00 01 00 00 00 00 00 00 00}
0x3BCE4 End of Options {29 02}

#################

In a case of  VarOffset & VarStore i know where to find and patch a corresponding register in a uefi variable.

0xC6E8E One Of: BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x17, VarStore: 0x5, QuestionId: 0xA36, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 F5 06 F6 06 36 0A 05 00 17 00 10 10 00 01 00}
0xC6E9F One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 00 00 00}
0xC6EA6 One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 30 00 01}
0xC6EAD End One Of {29 02}
0xC6EAF End If {29 02}

But how to treat the case with Variable: 0x4C as above. How to find which Var Store and the connected uefi variable is needed. The full var stores list is in the attach. Specifically i need the placement of Variable: 0x4C and Variable: 0xA from above.

0x3A435 Var Store: 0x1[261] (Setup) {24 1C AB BA FB 4D 92 13 DE 4F AB B8 C4 1C C5 AD 7D 5D 01 00 05 01 53 65 74 75 70 00}
0x3A451 Var Store: 0x2[69] (System) {24 1D F9 FC 47 E9 01 DD 65 49 B8 08 32 A7 B6 81 56 57 02 00 45 00 53 79 73 74 65 6D 00}
0x3A46E Var Store: 0x3[620] (IccString) {24 20 4B 77 E2 C1 D4 9E 03 41 AE FA 33 B8 14 9E CC F6 03 00 6C 02 49 63 63 53 74 72 69 6E 67 00}
0x3A48E Var Store: 0x4[17] (MeSetup) {24 1E E3 1D 7B FB 5B 29 3C 43 95 A2 09 1F E3 21 8B F9 04 00 11 00 4D 65 53 65 74 75 70 00}
0x3A4AC Var Store: 0x5[39] (AmtSetup) {24 1F BE 56 9F 4B 8E F6 BC 4B 9B AB CD F6 00 F5 2D 30 05 00 27 00 41 6D 74 53 65 74 75 70 00}
0x3A4CB Var Store: 0x6[51] (CpuProtocolSetupVar) {24 2A E1 DC 4A 7D 0D 93 C7 40 9C D2 6D 21 48 41 3D C7 06 00 33 00 43 70 75 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A4F5 Var Store: 0x7[35] (CpuPpiSetupVar) {24 25 1A 9F B9 D1 4B 08 C3 49 B8 8E 37 8A BE FA 11 8B 07 00 23 00 43 70 75 50 70 69 53 65 74 75 70 56 61 72 00}
0x3A51A Var Store: 0x8[6] (DtsProtocolSetupVar) {24 2A DB AB AE 10 CC BD 1E 44 88 9B A8 DF 33 A9 C1 6A 08 00 06 00 44 74 73 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A544 Var Store: 0x9[11] (DptfProtocolSetupVar) {24 2B 4B 35 54 10 43 B5 FE 4D 55 8B A7 AD 63 51 C9 D8 09 00 0B 00 44 70 74 66 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A56F Var Store: 0xA[166] (PpmProtocolSetupVar) {24 2A C4 E5 D1 E2 D0 68 78 40 BE 7B 90 35 EA 7F 9B E3 0A 00 A6 00 50 70 6D 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A599 Var Store: 0xB[103] (SaProtocolSetupVar) {24 29 4D 3D F7 34 3E 96 65 4C B3 B3 51 5E 72 01 75 D6 0B 00 67 00 53 61 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A5C2 Var Store: 0xC[183] (SaPpiSetupVar) {24 24 37 14 A8 7D 6B 86 43 41 8E 08 A2 5C 6E F0 FA 5B 0C 00 B7 00 53 61 50 70 69 53 65 74 75 70 56 61 72 00}
0x3A5E6 Var Store: 0xD[548] (PchProtocolSetupVar) {24 2A 13 84 BD 04 F9 15 F3 43 96 75 46 18 E0 32 40 E3 0D 00 24 02 50 63 68 50 72 6F 74 6F 63 6F 6C 53 65 74 75 70 56 61 72 00}
0x3A610 Var Store: 0xE[75] (PchPpiSetupVar) {24 25 8E D0 74 E2 B6 69 97 44 A4 EB D3 9C 4B 2F 9F CB 0E 00 4B 00 50 63 68 50 70 69 53 65 74 75 70 56 61 72 00}

After all i will patch using RU.efi or a modded grub.

Thanks in advance!


Attached Files
.txt   CFEF94C4-4167-466A-8893-8779459DFA86_1994 IFR.txt (Size: 558.75 KB / Downloads: 3)
find
quote
#2
Var Store: 0xA (PpmProtocolSetupVar)
find
quote
#3
(05-25-2023, 02:39 PM)Maxinator500 Wrote: Var Store: 0xA (PpmProtocolSetupVar)

Both Variable: 0x4C and Variable: 0xA ?
find
quote
#4
Yes. Both of them.
find
quote
#5
I put the comprehensive guide on the topic. First of all, i've tested 3 ifr extractors:

  1. https://github.com/donovan6000/Universal-IFR-Extractor
  2. https://github.com/LongSoft/Universal-IFR-Extractor
  3. https://github.com/LongSoft/IFRExtractor-RS

Below are results:

/*
* https://github.com/LongSoft/IFRExtractor-RS
*/
Code:
OneOf Prompt: "Turbo Mode", Help: "Enable processor Turbo Mode. EMTTM must also be enabled.", QuestionFlags: 0x0, QuestionId: 0x36,
VarStoreId: 0xA, VarOffset: 0xA, Flags: 0x10, Size: 8, Min: 0x0, Max: 0x1, Step: 0x0
Default DefaultId: 0x0 Value: 1
Default DefaultId: 0x1 Value: 1
OneOfOption Option: "Disabled" Value: 0
OneOfOption Option: "Enabled" Value: 1
End

/*
* https://github.com/LongSoft/Universal-IFR-Extractor
*/
Code:
C88 One Of: Turbo Mode, VarStoreInfo (VarOffset/VarName): 0xA, VarStore: 0xA, QuestionId: 0x36, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 A6 A0 00 A1 00 36 00 0A 00 0A 00 00 10 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x3BCAE Default: DefaultId: 0x0, Value (8 bit): 0x1 {5B 0D 00 00 00 01 00 00 00 00 00 00 00}
0x3BCBB Default: DefaultId: 0x1, Value (8 bit): 0x1 {5B 0D 01 00 00 01 00 00 00 00 00 00 00}
0x3BCC8 One Of Option: Disabled, Value (8 bit): 0x0 {09 0E 03 00 00 00 00 00 00 00 00 00 00 00}
0x3BCD6 One Of Option: Enabled, Value (8 bit): 0x1 {09 0E 02 00 00 00 01 00 00 00 00 00 00 00}
0x3BCE4 End One Of {29 02}


/*
* https://github.com/donovan6000/Universal-IFR-Extractor
*/

Code:
0x3BC88 Setting: Turbo Mode, Variable: 0xA {05 A6 A0 00 A1 00 36 00 0A 00 0A 00 00 10 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}
0x3BCAE Default: 8 Bit, Value: 0x1 {5B 0D 00 00 00 01 00 00 00 00 00 00 00}
0x3BCBB Default: 8 Bit, Value: 0x1 {5B 0D 01 00 00 01 00 00 00 00 00 00 00}
0x3BCC8 Option: Disabled, Value: 0x0 {09 0E 03 00 00 00 00 00 00 00 00 00 00 00}
0x3BCD6 Option: Enabled, Value: 0x1 {09 0E 02 00 00 00 01 00 00 00 00 00 00 00}
0x3BCE4 End of Options {29 02}

Only donovan6000's extractor shows non-obvious Variable: 0xA, others show habitual VarStoreId: 0xA, VarOffset: 0xA, good.

/* ###########################
 * by hand
 * ###########################/

Now a little bit freaky approach if want to know how to address "Variable + Var store" connection.

See the line from donovan6000's extractor->

Setting: Turbo Mode, Variable: 0xA {05 A6 A0 00   A1 00 36 00   0A 00   0A 00  00 10 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00}

Now see that we must pass 2 DWORDs from the start and get the 9th and 10th hex opcodes (= WORD, 2 bytes) and treat this WORD in big endian.
So  -> 0A 00 -> Var Store: 0xA[166] (PpmProtocolSetupVar)

Another example:
Var Store: 0x1233[8] (AdvanceConfig) {24 24 F4 27 4A A0 00 DF 42 4D B5 52 39 51 13 02 11 3D 33 12 08 00 41 64 76 61 6E 63 65 43 6F 6E 66 69 67 00} ->

search for "33 12" (it's big endian 0x1233 ) after 8th position-> you will see

Numeric: en-US (2056-2056) , Variable: 0x7 {07 91 00 00 00 00 B5 0B 33 12 07 00 00 10 00 FF 00}

There are really only 0x8 bytes/registers in the array named AdvanceConfig, it's small.

/* ###########################
 * last words
 * ###########################/

So it's all i wanted to describe about IFR extractors, the original binary with the IFR included is in the attach.

With best regards!


Attached Files
.rom   CFEF94C4-4167-466A-8893-8779459DFA86_1994.ROM (Size: 347.38 KB / Downloads: 0)
find
quote


Forum Jump:


Users browsing this thread: 1 Guest(s)