oa2intel I think, sign.bin generation is OEM and M$ deal, and Intel is not involved in that. A little of clarification to my previous post today. We all know that oa2intel works fine in most cases if used correctly. This is not that interesting anymore. My interest is, how to generate/extract pksign.bin in order to complete collection of three files required. This is particularly important if one would like to activate with the OEM other than those available (HP, DELL, J, ASUS), such as SONY, Toshiba, etc.
pksign.bin is made by Intel. It is possible to get this correct bin from branded computer based on intel board. To do it you will need efivar.dll from the oa2intelwin (if possible to make reading this dll) you have to get something like this
i`m way out of my depth here but i been reading that the itk v3.2 can save bios capsules for flashing so i `m assuming it has continued in newer versions too, well my idea was if you open a bios file in itk it loads it in too memory somewhere is it not possible to patch that memory with a 2.1 slic then get the itk to resave the file now encompassing the slic. as i said it was just a thought as really its way outta my depth.
There's no any secret in pksign.bin - it is self-signed public key, one half of it is public key, the other half is signature, which is created exactly like signature in marker - by calculating SHA-256 hash of signed info (in case of pksign.bin signed info is public key itself) and signing DER-formatted hash by corresponding private key (the process of generation/validation was described by Crypto in Vista section about two years ago already). Thus to generate either marker or pksign.bin you'll "just" need to steal private key, which is not possible even theoretically cause private keys are stored inside OEM's special pci-card device and aren't exportable, and you can't break (factorize) public key (to re-generate private key out of it) because it's too long for known cracking tools.
oa2intel I am finding anmg's post to be very interesting. The table includes data of the encrypted pubkey: "GUID: 6D9BF711-A90D-42F9-A3FB-DD08B6E89037 Name: "SLP20EncryptedOEMPublicKey#!rtUY9o" Size: 284 bytes 00 00 00 00 9C 00 00 00 06 02 00 00 00 24 00 00 52 53 41 31 00 04 00 00 01 00 01 00 83 A4 C2 5B 5A 18 2A FE 79 59 DB D9 7E EA 3D 26 20 88 CE 6B D0 EA 79 D3 85 2B 95 00 9A C4 55 BF EA 39 A0 8F BE 23 61 59 60 73 C8 2C 5B E5 A8 8A 7F 74 F5 BF CB 00 2D 99 76 AB 94 8C E3 CF 9E 47 28 61 91 B2 B5 F8 C8 DB D9 87 04 8A 48 EB 9B 7F B3 38 0A FB 6F DD 86 75 A5 42 49 33 E2 2E 39 BE 64 8E 49 7D 78 DD 83 36 62 88 67 02 77 79 AF 3B 2F D4 04 53 F9 0E DA C5 38 F5 4B 7F 9C 69 63 B1 03 9B 39 7E BE 7F AD 0C 03 4A E2 DC 60 0C 95 48 13 48 3D 21 6D E6 3D 57 61 5C E2 FF 0E 81 30 DD 0A 18 80 B1 7B 5E 9C 2F 00 47 7F 27 74 2E F1 CE C0 77 C3 FE A3 9A 6F 60 55 A4 7D 6F 9C BB ED 14 BF CE 85 13 50 DF 1C CE 76 05 28 29 32 88 AD 55 DC 32 1C 28 7E 14 31 19 EF 30 89 B2 1A 2D 96 CD DF 19 DC CA 58 37 6C 99 57 1C 04 42 83 1D 34 A0 D5 A9 D9 C2 84 87 C4 5B 87 E6 65 24 EF 74 E1 D0 " However, I am not sure how did you get these data. Is that a "dump" of RAM? I think, it will be beneficial for us if you give more detales about the steps of your technique and the tools used.
efivar.dll from oa2intelwin should help, but I am not sure. Also using any bios dump utility may help to get this data. I have used another tool, which I promised do not to share.
Isn't it just a plain EFI module or a part of it? Globally-Unique Identifier, found at dump folder of e.g. andy's tool after opening the EFI capsule???
So with the new P67 chipset boards from MSI (and im guessing most other manufacturers) coming out very soon using the new UEFI BIOS means we are up s**t creek unless someone finds a workaround. After reading all 29 pages, chances dont look too good right?
From my understanding UEFI and EFI are not exactly the same, correct? from reading the last 30 pages, it gives me the idea that the new UEFI bios's will not be able to be modified because of a signature that intel has implemented (and we cannot crack), or have i missed something?
(Unified) Extensible Firmware Interface. It's basically the same. It's Intel that digitally signes their (U)EFI. I guess others will not make the effort to digitally sign. There is success at MSI EFI and Asus EFI already.
Still no tools to change options and settings in AMI Aptio (UEFI) bioses? I searched everywhere for AMIBCP for Aptio, MMTool, DMIEdit, Change Logo, Ami Flashers.. I have just found out my Slate BIOS has SLIC, etc, but it has other options disabled/hidden.. So, any way to enable them, would be great! (With official tools or any other way) Thanks! WeTab Meego Slate Bios Information: BIOS Vendor: American Megatrends Core Version: 4.6.4.0 Compliency: UEFI 2.0 BIOS Version: Lucid-MWE-0125 Build Date and Time: 09/03/2010 18.17 EC Version: 000915
Yen Hello. Tell me, changed the BIOS UFI is possible? If this is possible and you know how to do this, please try to add SLIC to the bios of my motherboard ASUS P8P67. -Motherboard Manufacturer and Model : ASUS P8P67 -Bios Revision : 0804 -Bios Type : EFI AMI BIOS -Bios SLIC: ASUS -Bios Link : dl.dropbox.com/u/4928793/P8P67-ASUS-0804.zip -Rw-everything ACPI report: dl.dropbox.com/u/4928793/AcpiTbls.rw