Open hanetzer opened 1 year ago
hanetzer
commented
1 year ago for reference's sake: said image has a 256-byte header on it. I've only personally observed one field in said header to be used, which is 'size' (unsure if compressed or decompressed), which is a 32-bit field (4 bytes) at address 0x14. after this header is the real meat and taters of data, which is a zlib-compressed stream of data.
Ragebone
commented
1 year ago I am unsure what exactly you mean, but up until rome, those entries have been pointing at an actual UEFI volume which can be looked at and extracted with Uefitool. Only with Threadripper Pro i have seen it be weirder.
hanetzer
commented
1 year ago Yes, but PSPTool does not even say 'hey, there's a type 0x62 entry here'.
In this case, on the Asrock X370 Killer Sli/AC bios image (X370KLA7.30 in my case),
the image is not 'just' a flat UEFI volume, but instead, a zlib-compressed one, with a
0x100 byte header affixed to it.
hanetzer
commented
1 year ago Ah, so I went thru all older versions of the X370KLAx.xx bios images, and it turns out they only started using
the compressed UEFI volumes as type 0x62 entries starting with the 7.x versions; 6.00 and prior all appear
to use uncompressed images and parse fine with psptool.
From what I can see, psptool completely ignores these type of images. For the longest I had no idea there was more x86 code inside of a ryzen UEFI image.
My use case is twofold: