314TeR Posted November 12, 2016 Share Posted November 12, 2016 On some Z97 ASUS motherboards, for example Z97-C write to NVRAM worked with BIOS to versions 2403. Later version not preserve NVRAM. Does that help, if I asked some from my friends who have this motherboard for making dumps from version which preserve and don't preserve NVRAM? Link to comment Share on other sites More sharing options...
mhaeuser Posted November 12, 2016 Author Share Posted November 12, 2016 On some Z97 ASUS motherboards, for example Z97-C write to NVRAM worked with BIOS to versions 2403. Later version not preserve NVRAM. Does that help, if I asked some from my friends who have this motherboard for making dumps from version which preserve and don't preserve NVRAM? Yes, please. But do not dump NVRAM with DarwinDumper, but dump "Firmware Memory Map". Please also attach the ROMs used. Link to comment Share on other sites More sharing options...
dgsga Posted November 13, 2016 Share Posted November 13, 2016 Yes, please. But do not dump NVRAM with DarwinDumper, but dump "Firmware Memory Map". Please also attach the ROMs used. @D-F Just thought I'd throw my research into the mix. I have found that you can enable NVRAM writes in Asus AptioV bioses my replacing the NvramSmi SMM module with the combined SMM/DXE NvramSmi module (same GUID) from older bioses that allow NVRAM writes. You also need to delete the NvramSmiDxe driver module when you do this replacement. Unfortunately this only seems to work for Asus boards. Have tried using the combined SMM/DXE module in ASRock bioses but no go. So it seems to be that NvramSmi implementation is where the issue lies, unfortunately I don't know how to proceed from here... 2 Link to comment Share on other sites More sharing options...
mhaeuser Posted November 13, 2016 Author Share Posted November 13, 2016 @D-F Just thought I'd throw my research into the mix. I have found that you can enable NVRAM writes in Asus AptioV bioses my replacing the NvramSmi SMM module with the combined SMM/DXE NvramSmi module (same GUID) from older bioses that allow NVRAM writes. You also need to delete the NvramSmiDxe driver module when you do this replacement. Unfortunately this only seems to work for Asus boards. Have tried using the combined SMM/DXE module in ASRock bioses but no go. So it seems to be that NvramSmi implementation is where the issue lies, unfortunately I don't know how to proceed from here... Pls up Memory Map dumps with the combined and the separate drivers, thx (from Shell and OS X pls) Link to comment Share on other sites More sharing options...
mhaeuser Posted November 13, 2016 Author Share Posted November 13, 2016 Sorry for double-posting, but I need to bump. Please someone try this: https://www.dropbox.com/s/zu5jixphkr4elk0/OsxAptioFix2Drv.efi?dl=0 I tell you... if this one should give you VarStore r/w access, storm the AMI headquarters and slaughter them all. This will give UEFI wrong addresses for virtually mapped RT_data regions, so the system might not boot, fail randomly during RT or not shutdown properly. EDIT1: nevermind, this will not work... hold on, will update the post with a new bin soon. EDIT2: This could work now... link updated. Link to comment Share on other sites More sharing options...
barijaona Posted November 13, 2016 Share Posted November 13, 2016 EDIT2: This could work now... link updated. Kernel panic :"pmap_map_bd: Invalid kernel address\n"@/Library/Caches/com.apple.xbs/Sources/xnu/xnu-3789.21.3/osfmk/i386/pmap_x86_common.c:2211 Link to comment Share on other sites More sharing options...
mhaeuser Posted November 13, 2016 Author Share Posted November 13, 2016 Kernel panic :"pmap_map_bd: Invalid kernel address\n"@/Library/Caches/com.apple.xbs/Sources/xnu/xnu-3789.21.3/osfmk/i386/pmap_x86_common.c:2211 IMG_4617.JPG Hmm, we can't test it then, but I have a horrible foreseeing for what could be the reason. Would you be ready to flashed a modded fw? GA has "DualBIOS" afterall... Link to comment Share on other sites More sharing options...
314TeR Posted November 13, 2016 Share Posted November 13, 2016 I can flash bios without any risk. I have Usb Flash Back on board, and a hardware SPI programmer. I have a copy of the contents of the flash. Link to comment Share on other sites More sharing options...
barijaona Posted November 14, 2016 Share Posted November 14, 2016 Hmm, we can't test it then, but I have a horrible foreseeing for what could be the reason. Would you be ready to flashed a modded fw? GA has "DualBIOS" afterall... I am ready to test. I currently use Gigabyte BIOS F4 (newer ones have problem recognizing my RAMs). Link to comment Share on other sites More sharing options...
314TeR Posted November 14, 2016 Share Posted November 14, 2016 Yes, please. But do not dump NVRAM with DarwinDumper, but dump "Firmware Memory Map". Please also attach the ROMs used. Dumps from two version of BIOS - 0217 preserve NVRAM, 0412 have broken NVRAM. If you need any more dumps, tell me what you want, I'll do it. https://dl.dropboxusercontent.com/u/19801500/tmp/NVRAM%20Maximus%20VII%20Impact%20Clover%203922.zip Link to comment Share on other sites More sharing options...
dgsga Posted November 14, 2016 Share Posted November 14, 2016 @D-F Unfortunately I no longer use my Asus rig, CPU and memory now in ASRock motherboard. I can, however, do modded firmware testing as have an SPI programmer so let me know if I can help in any way Link to comment Share on other sites More sharing options...
314TeR Posted November 15, 2016 Share Posted November 15, 2016 Next dumps from Asus Z97 Gryphon. 1304 - preserve nvram 2012 - broken nvram https://dl.dropboxusercontent.com/u/19801500/tmp/asus_gryphon_Z97.zip 1 Link to comment Share on other sites More sharing options...
mhaeuser Posted November 15, 2016 Author Share Posted November 15, 2016 The ASUS only has NvramSmi (dual DXE + SMM) as far as I can see, while the GA has DXE and SMM separate... ASUS AiO Smi driver is also far smaller than GA's Dxe. Furthermore, the ASUS one seems to work like Aptio IV while GA's works EDK2-style from what I saw till now. I'm not sure what could cause both methods to just fail. I suppose AMI made an update and both vendors copied the changesi into their codebases, while ASUS was likely using an older one. Expect not to hear any news for some time, this is not going to be 1-day-task. 4 Link to comment Share on other sites More sharing options...
dgsga Posted November 15, 2016 Share Posted November 15, 2016 @D-F, I can well believe it. I appreciate the work you've done so far... Link to comment Share on other sites More sharing options...
oswaldini Posted November 15, 2016 Share Posted November 15, 2016 Nvram works for Asus: Z170-Pro, Z170-Pro Gaming, Z170-Deluxe and Z170M-Plus (or H170M-Plus). Don't remember BIOS version (always last at the time I work with PC). If I get one of this PC back I will do dumps. 1 Link to comment Share on other sites More sharing options...
mhaeuser Posted November 16, 2016 Author Share Posted November 16, 2016 No more need for dumps. Thanks! Link to comment Share on other sites More sharing options...
goodwin_c Posted November 27, 2016 Share Posted November 27, 2016 No more need for dumps. Thanks! Did you found anything useful regarding NVRAM? Bcz we have problem with writing nvram on Dell XPS 9550. 1 Link to comment Share on other sites More sharing options...
mhaeuser Posted November 27, 2016 Author Share Posted November 27, 2016 Did you found anything useful regarding NVRAM? Bcz we have problem with writing nvram on Dell XPS 9550. I'm rather busy in the last few days and that won't change for a bit... didn't find anything yet. If anyone else wants to look into it, feel free to. Link to comment Share on other sites More sharing options...
barijaona Posted November 27, 2016 Share Posted November 27, 2016 I'm rather busy in the last few days and that won't change for a bit... didn't find anything yet. If anyone else wants to look into it, feel free to. A few days ago, you had suspicions on what might be the reasons. Would you mind sharing them ? Link to comment Share on other sites More sharing options...
goodwin_c Posted November 27, 2016 Share Posted November 27, 2016 I'm rather busy in the last few days and that won't change for a bit... didn't find anything yet. If anyone else wants to look into it, feel free to. Yeah, i can understand you. Same for me. Still trying to make owners of my laptop happy - making a lot of hacking around in every free moment that i can catch. But if you can guide me into at least some exact places where to look - maybe i will find a minute to look. Who knows, maybe i will find something useful. Can be very useful list of places in clover to investigate (at least approximately, i'm good on gathering code ) Also if you have any info how storing user data into NvRam is working overall - can be very good. This is part of UEFI that i don't know at all (but have experience hacking and repairing internal nvram storage in my bios ) Also, is there any way to check from Linux or Win if NvRam is write-accessible at all? Link to comment Share on other sites More sharing options...
mhaeuser Posted November 27, 2016 Author Share Posted November 27, 2016 A few days ago, you had suspicions on what might be the reasons. Would you mind sharing them ? My best guess was that the SMM portion of the driver would be calling ConvertPointer() on the CommBuffer - as SMM runs in physical mode though, that would break things if physical != virtual. As far as I know, physical = virtual on Windows and Linux, at least also (one physical address can have multiple virtual ones), which would have explained why it worked there (does it even?). But I didn't find anything the the driver that hints at that yet. Can be very useful list of places in clover to investigate (at least approximately, i'm good on gathering code ) Nothing in Clover can help you and the code you would be looking for is not open. 1 Link to comment Share on other sites More sharing options...
goodwin_c Posted November 27, 2016 Share Posted November 27, 2016 My best guess was that the SMM portion of the driver would be calling ConvertPointer() on the CommBuffer - as SMM runs in physical mode though, that would break things if physical != virtual. As far as I know, physical = virtual on Windows and Linux, at least also (one physical address can have multiple virtual ones), which would have explained why it worked there (does it even?). But I didn't find anything the the driver that hints at that yet. Nothing in Clover can help you and the code you would be looking for is not open. You mean problem is inside of kernel? Yeah, don't like using Hopper too much... Link to comment Share on other sites More sharing options...
mhaeuser Posted November 27, 2016 Author Share Posted November 27, 2016 You mean problem is inside of kernel? Yeah, don't like using Hopper too much... Why would it be a problem in OS X? It's an UEFI problem ofc... Link to comment Share on other sites More sharing options...
goodwin_c Posted November 30, 2016 Share Posted November 30, 2016 My best guess was that the SMM portion of the driver would be calling ConvertPointer() on the CommBuffer - as SMM runs in physical mode though, that would break things if physical != virtual. As far as I know, physical = virtual on Windows and Linux, at least also (one physical address can have multiple virtual ones), which would have explained why it worked there (does it even?). But I didn't find anything the the driver that hints at that yet. Nothing in Clover can help you and the code you would be looking for is not open. How are you detecting which portion of memory in memmap is used for SMM? I'm trying to understand how things are working, maybe there can be some help from me Bcz my nvram is also not working Link to comment Share on other sites More sharing options...
mhaeuser Posted November 30, 2016 Author Share Posted November 30, 2016 How are you detecting which portion of memory in memmap is used for SMM? I'm trying to understand how things are working, maybe there can be some help from me Bcz my nvram is also not working You can't, but it is known that it's RT_data. I was basically just verifying that AptioFix applied its fixed properly (i.e. RT_code -> MMIO). DXE and SMM share a buffer to communicate with, while DXE needs to access it virtually (called by macOS) and SMM physically (triggered via an SMI by the DXE drv). Link to comment Share on other sites More sharing options...
Recommended Posts