Does new engine support Cascade.

LongSoft / UEFITool

UEFI firmware image viewer and editor

BSD 2-Clause "Simplified" License

4.47k stars 632 forks source link

Does new engine support Cascade. #332

Closed crazyhulk closed 1 year ago

crazyhulk commented 1 year ago

The old engine not work for epc621d8a when I try to unlock 0xE2. And it breaks modified images.

Does the new engine had fix this?

some discussions

NikolajSchlej commented 1 year ago

Parsing is perfectly fine in new_engine, but builder is still not ready, so there's currently no way to perform modification with it.

Meanwhile, you can do the following:

Open you file in UEFITool NE and extract BIOS region from it
Use UEFIPatch to patch that BIOS region file
Open the original file in a hex editor and replace the whole BIOS region in the original file with the result of UEFIPatch modification.

In the file you've linked, BIOS region starts at exactly the middle (16Mb mark, offset 0x1000000).

crazyhulk commented 8 months ago

Yes, new_engine parsing perfectly fine and the patch method works, but the 0xE2 will rewrite to 1 when wake from sleep.

In short, the CFG Lock will be enable after wake from sleep.

How did I found this?

Open you file in UEFITool NE and extract BIOS region from it
Use UEFIPatch to patch the BIOS region file
Cut bios file to keep bios start to offset 0x1000000 by dd command (as file A)
Concat the file from step 3 and patched BIOS region file. (cat A B > C)
Flash the BIOS
Use RW Everything to check 0xE2, which be disabled as expected.
Sleep and wake
Use RW Everything to recheck 0xE2, which be enabled.

Is there something wrong?

@NikolajSchlej

NikolajSchlej commented 8 months ago

If it gets re-enabled, there's a second piece of code (most likely in PEI or in S3 bootscript) that does that, and it also needs to be patched away. I'm currently traveling and don't have access to the tools required to investigate where that code is, so please remind me in a week about that.

crazyhulk commented 8 months ago

Have a pleasant journey.

Have you finished your trip?

Please take a look at 0xE2 re-enable when you have some time.

@NikolajSchlej

NikolajSchlej commented 8 months ago

Checked that out, looks like the lock is getting set by CpuPei module during S3 wake. It is covered by BootGuard, so patching it out might make the board unbootable. Needs some testing, and likely can be patched a different way that doesn't trigger it. If you are willing to test (and have a SPI flasher to recover from broken BIOS), ping me here, I'll prepare a modded file.

crazyhulk commented 7 months ago

I am willing to test, but I need another windows machine use SPI flasher to force flash bios. The test may cost more time.

crazyhulk commented 1 month ago

Checked that out, looks like the lock is getting set by CpuPei module during S3 wake. It is covered by BootGuard, so patching it out might make the board unbootable. Needs some testing, and likely can be patched a different way that doesn't trigger it. If you are willing to test (and have a SPI flasher to recover from broken BIOS), ping me here, I'll prepare a modded file.

Ping @NikolajSchlej .

Sorry, this matter has been put on hold for a long time. I can make testing at any time now. Looking forward to your mod file!

NikolajSchlej commented 1 month ago

Put this on my todo list, will check on one of the next weekends.

crazyhulk commented 1 month ago

Thx, waiting for your good news.