Overclock.net - An Overclocking Community - Reply to Topic
Thread: AGESA FW stack patched bioses for 3rd gen Reply to Thread
Title:
Message:

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in


  Additional Options
Miscellaneous Options

  Topic Review (Newest First)
05-25-2020 12:40 PM
Sushank21x
Quote: Originally Posted by The Stilt View Post
It is available at MSI site: https://download.msi.com/bos_exe/mb/7A38vAJQ.zip

E7A38AMS.AJQ file inside the archive, is the ready to be used binary.
Thank you soo much for the reply i would try it.
05-25-2020 07:14 AM
The Stilt
Quote: Originally Posted by Sushank21x View Post
i was updating my bios and my pc turned off during the update my pc is not turning on.
I have a msi b350m pro vdh motherboard
It does not have a bios button i went to a local repair shop and he said that the bios can be flashed back to some "motherboard chip" but he doesn't have a bin file of the bios he said that he needed that file for the usb programmer. It would be greatly appreciated if someone can provide me with this bios bin file for the msi b350m pro vdh motherboard.
It is available at MSI site: https://download.msi.com/bos_exe/mb/7A38vAJQ.zip

E7A38AMS.AJQ file inside the archive, is the ready to be used binary.
05-25-2020 05:44 AM
Sushank21x i was updating my bios and my pc turned off during the update my pc is not turning on.
I have a msi b350m pro vdh motherboard
It does not have a bios button i went to a local repair shop and he said that the bios can be flashed back to some "motherboard chip" but he doesn't have a bin file of the bios he said that he needed that file for the usb programmer. It would be greatly appreciated if someone can provide me with this bios bin file for the msi b350m pro vdh motherboard.
05-24-2020 06:06 AM
Veii
Quote: Originally Posted by The Stilt View Post
I've never seen one without it, not even a PR (similar to QS) CPU.

I assume the stamping has no other significance besides being either the logo of the company who either assembles the CPUs or provides the blank heatspreaders to AMD.
Hmm, i wish i could share some better data except just words
But i've seen non stamped batches
Always was curious about UF and UG meaning (:
05-24-2020 06:02 AM
The Stilt
Quote: Originally Posted by Veii View Post
There where 3rd gen ryzens without the bottom UG & UF stamp
and new batches which all where stamped at the bottom left corner
I've never seen one without it, not even a PR (similar to QS) CPU.

I assume the stamping has no other significance besides being either the logo of the company who either assembles the CPUs or provides the blank heatspreaders to AMD.
05-24-2020 05:49 AM
Veii
Quote: Originally Posted by The Stilt View Post
Huh?
"New stamped", what is that supposed to mean?
There where 3rd gen ryzens without the bottom UG & UF stamp
and new batches which all where stamped at the bottom left corner
05-24-2020 05:48 AM
Veii
Quote: Originally Posted by Fernando 1 View Post
@Veii :
Thank you very much for your very interesting and helpful information.After having read your post, I followed your advice and searched for the code "8B A6 3C 4A 23 77 FB 48 80 3D 57 8C C1 FE C4 4D" within the latest original BIOSes (untouched by UBU) for the following ASRock mainboards by using HxD:
a) X570 Pro4 (my new main PC mainboard) and
b) Fatal1ty Z170 (my formerly used mainboard).
Result: The exactly same code was present 2x within the Intel Z170 MB BIOS, but 4x within the AMD X570 one.
After having removed the ASRock Instant Flash protection by the UBU tool I found the code only 1x within the Intel Z170 BIOS, but 3x within the X570 one.

This indicates for me, that it may be possible to flash a modded 32MB sized ASRock BIOS by using the Instant Flash tool, if both relevant codes (the upper one of each BIOS half) have been removed by an upcoming UBU version.
As soon as possible I will let the UBU maker SoniX know about your tip and the result of my hex code search.

Thanks again!
Dieter
The problem is, the 3 pictures show the locations of it, while it is present on 4 locations
It's a lookup and connection header and has to stay intact & existing
It should be 4 while the UBU patch does just wipe the main capsule - to skip the "unverified bios" on bootup message
It's a resolve for even being able to flash unverified bioses, but it's only a bypass to what i want to call it
The UBU patch was done some time ago - but if you look at the first picture, the signing code remains to be unique between bioses, and only little parts of it change

The key from my research was it to generate an always accepting whitelist or always accepting verification header by tricking the check feature always "accepting" the result and flashing on non modded boards
UBU does patch it out and clear it, but the indication headers remain active and are checked on the listed partitions = still won't allow a flash

There looks to be more to this code, the yellow and green'ish marked fields
But i couldn't find direct relation to them back then
Soo this whole thing is in an experimental state, although i think it should work by now
It would just need some testing to figure out if their verification code needs to be a specific length, or just the parts locations of the code have to have some kind of data = can be empty too & just need the spacing hex afterwards (first picture)
UBU again does wipe the connection and i can see how the old way of bypassing - can cause big issues once it doesn't accept "empty data" anymore
Although UBU patch does only clean one sector, but doesn't resolve the issue at all

At best we do want a whitelist method, soo every bios that is pushed through UBU is signed with an "always accepted" signing
It would already be helpful if once flashed, it does allow every asrock bios to be flashed normally with the same signing header
compared to the old method, which does boot up but then again triggers verification error on for example afuefi flashing

Yes, the only thing that needs to be figured out, is how long the signing field has to be in length
And if my method works
The signing capsule seems to be at the same place, and the modules seem to be one only (they are 3+1 capsule)
The lookup header has to stay intact tho, else people can brick flash their boards without any check (UBU does wipe it)
Just removing the main capsule GUID from the 4 locations that are responsible for signing check
or making an always accepted signed capsule (master-key) - should resolve any flashing issues we had with asrock boards

EDIT:
Quote:
Result: The exactly same code was present 2x within the Intel Z170 MB BIOS, but 4x within the AMD X570 one.
After having removed the ASRock Instant Flash protection by the UBU tool I found the code only 1x within the Intel Z170 BIOS, but 3x within the X570 one.
Soo on intels side it should be easy to resolve it
First one is always the main capsule header, 2nd one is just needs removale of the pointing to the capsule in order to bypass verification check
OR - we'll get the master-key method to work
But technically removing any link to the capsule should already be a fix
The question remains only - what we need to do, for ASRocks EZ Flash to accept new bioses
What's the capsules "always accepted" signature
05-24-2020 05:34 AM
The Stilt
Quote: Originally Posted by Veii View Post
Like it was done after AGESA 1003AB(B), and the new stamped 3rd gen batches
Huh?
"New stamped", what is that supposed to mean?
05-24-2020 05:10 AM
Fernando 1 @The Stilt : @aGeoM :
Meanwhile I have successfullly flashed myself a modded 32MB sized X570 BIOS by using the Flashrom tool on a FREEDOS image and without diskcopy.dll file.
Attached is the related picture about the procedure.

@Veii :
Thank you very much for your very interesting and helpful information.
Quote: Originally Posted by Veii View Post
Can you try to check if the security capsules on current X570 ASRock boards, still align with my findings and attempt
https://twitter.com/VeiiTM/status/1248852503132884992 <- tiny guide
After having read your post, I followed your advice and searched for the code "8B A6 3C 4A 23 77 FB 48 80 3D 57 8C C1 FE C4 4D" within the latest original BIOSes (untouched by UBU) for the following ASRock mainboards by using HxD:
a) X570 Pro4 (my new main PC mainboard) and
b) Fatal1ty Z170 (my formerly used mainboard).
Result: The exactly same code was present 2x within the Intel Z170 MB BIOS, but 4x within the AMD X570 one.

This indicates for me, that it may be possible to flash a modded 32MB sized ASRock BIOS by using the Instant Flash tool, if both relevant codes (the upper one of each BIOS half) have been removed by an upcoming UBU version.
As soon as possible I will let the UBU maker SoniX know about your tip and the result of my hex code search.

Thanks again!
Dieter

Update: After having done a deeper look into the ASRock X570 BIOS, which had been opened by the UBU tool v1.78.0 and saved by choosing the option 2 ("Remove Instant Flash Protection"), I have realized, that it only contains 2x the above mentioned security code (and not 3x).
This verifies, that SoniX already has implemented the removal of the upper security code from the second half of the BIOS. Obviously it doesn't prevent the "Secure Flash check fail" message, when the user tries to flash it by using the Instant Flash tool.
05-23-2020 03:36 AM
Veii
Quote: Originally Posted by oile View Post
On the topic, i have a Crosshair VI with flashback and willing to flash anything on it in order to achieve ryzen 4000 boot (I don't care at all of all the boost technologies and PSP securities) or Pciex 4.0.
So far we don't know how much or if they will be locked within the CPU
No board would make a difference when it's locked inside the PSP firmware
We do have write access on some parts - but let's hope they won't be locked down

At this state and date, everything is possible
Stay up to date and we'll see what is possible when they release
No one here except people with engineering samples can predict their lockdowns
Well even they can't, as retail batches can at any time be hardware locked out ~ if AMD decides so
Like it was done after AGESA 1003AB(B), and the new stamped 3rd gen batches
This thread has more than 10 replies. Click here to review the whole thread.

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off