>but there are things like ROM resizing after initialization (Since both ROMs are sort of stuck together, how would shrinking ROM1 affect ROM2, etc). Or also the total ROM size reported by the first ROM (does it have to include the second ROM's size, and thus, how does it deal with shrinking if it wants to) Oh boy, I didn’t know such thing exists… I thought correct ROM size + checksum will be enough… Might be after WinSLIC execution, we can “simply” correct Jmp WinSLICMain Back to Jmp Main And remove all traces? I guess, we cannot modify that "jmp" easily either... >Then, after initialization, there's the BCV/BEV call, which is a little complex, too. Further, I was looking at chaining various Int13h I hope, we can find simpler solution… >Well, for the EBDA, you'd just go to 40:0E I don’t have those computers physically - i.e. without any SLIC and with BIOS recovery – we still have to find an owner willing to experiment... >As for the xSDT tables, do you know how they get loaded into memory yet? You might be able to dump the SLIC on the end of that module and figure out the address from the known address of the xSDT table. Are those absolute addresses? How super static method works than? I.e. depending on which options ROM are loaded, RSDT/XSDT tables might move too. Do you have a link to concise document about them? I was about to post “my next post”, but saw yours and decided to reply first
Hopefully we won't need that capability. Gotcha. Well, the xSDT tables are in the F000 region (I'm assuming), which I'm guessing won't be moving around too much. The option roms all load into the C000-DFFF region, so they alone shouldn't bump the allocation of the ACPI tables. If modules are loaded as a unit, knowing the length of the module and the offset difference between the xSDT table and the SLIC should allow for appending the SLIC address onto the xSDT table, at least in theory. Not really. No more documentation than you at least. Really I'm just theorizing. -tij-
Mine are D032 & D09A, right? Code: Table NameOEMID&TableIDAddress LenthDescription Table (ACPI 2.0) RSD PTR DELL 000FEBF1 36Root System Desc.Pointer | |- RSDTDELL XXX 000FD032 68Root System Desc.Table | | | 00 |- FACP DELL XXX 000FD146 116 | 01 |- SSDT DELLst_ex FFF5DB88 172 | 02 |- BOOT DELL XXX 000FD340 40 | 03 |- MCFG DELL XXX 000FD368 62 | 04 |- HPET DELL XXX 000FD3A6 56 |* 05 |- SLIC DELL XXX 000FD3DE 374Software Licensing Desc.Table | 06 |- OSFR DELL XXX CFE55C00 124 | 07 |- APIC DELL XXX 000FD2AE 146 | |- XSDTDELL XXX 000FD09A 100Extended System Desc.Table | 00 |- FACP DELL XXX 000FD1BA 244 01 |- SSDT DELLst_ex FFF5DB88 172 02 |- APIC DELL XXX 000FD2AE 146 03 |- BOOT DELL XXX 000FD340 40 04 |- MCFG DELL XXX 000FD368 62 05 |- HPET DELL XXX 000FD3A6 56 06 |- OSFR DELL XXX CFE55C00 124 * 07 |- SLIC DELL XXX 000FD3DE 374Software Licensing Desc.Table I was looking at code in RSDT module I just posted and I think I found how one module call another - don't want to post right away - I might be mistaken about it. Will let you know soon.
Option ROM truthinjection, Could you tell, what kind of ROM below: Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00000000 AA 55 21 00 00 00 19 0D B0 0C 00 00 4E 00 00 00 ªU!.....°...N... 00000010 FF FF CF 00 48 03 00 00 00 00 00 00 00 00 00 00 ÿÿÏ.H........... 00000020 00 0F 6E FB 0F 73 F7 20 8B EF 8B 7C 24 04 33 DB ..nû.s÷ ‹ï‹|$.3Û 00000030 8A 5C 24 08 FC 80 FB 01 74 0C 80 FB 02 74 14 80 Š\$.ü€û.t.€û.t.€ 00000040 FB 03 74 16 EB 1F 0F 6E E0 E9 68 00 00 00 0F 7E û.t.ë..nàéh....~ 00000050 E0 EB 14 E9 F4 02 00 00 EB 0D E9 59 02 00 00 EB àë.éô...ë.éY...ë 00000060 06 B2 03 EB 02 B2 16 0F 73 D7 20 0F 7E FB 8B FD .².ë.²..s× .~û‹ý 00000070 8B 1C 24 FF E3 42 52 43 4D 54 50 4D 44 52 56 2D ‹.$ÿãBRCMTPMDRV- 00000080 4D 41 2D 53 45 47 33 32 20 76 33 2E 30 2E 39 20 MA-SEG32 v3.0.9 00000090 43 6F 70 79 72 69 67 68 74 20 32 30 30 36 2C 20 Copyright 2006, 000000A0 42 72 6F 61 64 63 6F 6D 20 43 6F 72 70 6F 72 61 Broadcom Corpora 000000B0 74 69 6F 6E 00 00 0F 6E EA EB 17 66 83 F8 00 75 tion...nêë.fƒø.u 000000C0 0A 0F 7E EA E9 85 01 00 00 EB 00 8A D0 E9 7C FF ..~êé…...ë.ŠÐé|ÿ 000000D0 FF FF BB 00 0F 00 00 8D 15 E4 00 00 00 03 D7 E9 ÿÿ».....ä....×é 000000E0 16 04 00 00 3D E4 14 01 10 75 06 66 B8 00 00 EB ....=ä...u.f¸..ë 000000F0 12 3D E4 14 02 10 75 07 B8 00 00 00 00 EB 04 66 .=ä...u.¸....ë.f 00000100 B8 08 00 EB B6 00 81 E1 FF FF 00 00 75 03 83 C9 ¸..ë¶.áÿÿ..u.ƒÉ 00000110 01 C1 E0 10 0B C8 66 33 C0 B4 0B E4 70 24 80 0A .Áà..Èf3À´.äp$€. 00000120 C4 E6 70 E4 71 C1 E1 08 8A C8 66 0F BA E8 06 C1 ÄæpäqÁá.ŠÈf.ºè.Á 00000130 C9 08 66 C1 C0 08 B0 0B C1 C0 08 E4 70 24 80 0A É.fÁÀ.°.ÁÀ.äp$€. 00000140 C4 E6 70 C1 C8 10 E6 71 B4 0C E4 70 24 80 0A C4 ÄæpÁÈ.æq´.äp$€.Ä 00000150 E6 70 E4 71 2E 8B 87 08 00 00 00 66 83 C0 02 66 æpäq.‹‡....fƒÀ.f 00000160 92 C1 C0 10 C1 C9 10 66 33 C0 EC 86 C1 66 0F A3 ’ÁÀ.ÁÉ.f3Àì†Áf.£ 00000170 C1 86 C1 72 1F C1 C1 10 B4 0C E4 70 24 80 0A C4 Á†Ár.ÁÁ.´.äp$€.Ä 00000180 E6 70 E4 71 66 0F BA E0 06 73 D9 66 49 75 D5 32 æpäqf.ºà.sÙfIuÕ2 00000190 C0 C1 C9 10 8A C8 C1 C1 18 C1 C0 10 66 92 8A E1 ÀÁÉ.ŠÈÁÁ.ÁÀ.f’Šá 000001A0 B0 0B C1 C0 08 E4 70 24 80 0A C4 E6 70 C1 C8 10 °.ÁÀ.äp$€.ÄæpÁÈ. 000001B0 E6 71 B4 0C E4 70 24 80 0A C4 E6 70 E4 71 66 33 æq´.äp$€.Äæpäqf3 000001C0 C0 C1 C9 18 8A C1 FF E2 66 33 C0 B4 0B E4 70 24 ÀÁÉ.ŠÁÿâf3À´.äp$ 000001D0 80 0A C4 E6 70 E4 71 8A D8 66 0F BA E8 06 66 C1 €.ÄæpäqŠØf.ºè.fÁ 000001E0 C0 08 B0 0B C1 C0 08 E4 70 24 80 0A C4 E6 70 C1 À.°.ÁÀ.äp$€.ÄæpÁ 000001F0 C8 10 E6 71 B4 0C E4 70 24 80 0A C4 E6 70 E4 71 È.æq´.äp$€.Äæpäq 00000200 66 0F BA E0 06 73 ED 8A E3 B0 0B C1 C0 08 E4 70 f.ºà.síŠã°.ÁÀ.äp 00000210 24 80 0A C4 E6 70 C1 C8 10 E6 71 B4 0C E4 70 24 $€.ÄæpÁÈ.æq´.äp$ 00000220 80 0A C4 E6 70 E4 71 FF E2 00 00 C1 00 00 00 0C €.Äæpäqÿâ..Á.... 00000230 00 00 00 99 00 01 00 C1 00 00 00 0C 00 00 00 99 ...™...Á.......™ 00000240 00 02 00 C1 00 00 00 0C 00 00 00 99 00 03 66 33 ...Á.......™..f3 00000250 C0 80 FA 00 74 31 80 FA 01 74 0C 80 FA 02 74 11 À€ú.t1€ú.t.€ú.t.
I think (sadly) that might be the case. All new Dell/HP/Compaq notebooks (that I saw recently) come with this module. But they all also are Win7 machines, so that is not a problem sebus
How it supposed to work? If boot sector is encrypted, BIOS need to load it, call TPMDRV to decrypt, than pass control there, right? I.e. BIOS knows about TPMDRV already. And WinSLIC won't work as TMPDRV - it has to have a device it can be bound to, right? BTW: That TPMDRV is from Latitude D410 BIOS, it doesn't even have SLIC in it!
All I said that new laptops come with this module, but they are already Win7, so no need for any mod (hence not worth worrying about it) Can you turn OFF the TPM in BIOS? sebus
I think the TPM is only (usually) used for BitLocker drive encryption in Windows 7, so maybe it won't be an issue until Windows 8 -tij-
In this case once you move HD to another PC you will loose all access to it, even if you know all keys, right? IMO the only reason for "hardware" encryption if there is a "hardware chip" able to do it faster than CPU. It's main purpose to be tracking device, all other are just disguises... I hope I'm wrong... The image from Wiki link above: "Trusted Platform Module on Asus motherboard P5Q PREMIUM" Does it looks like you can transfer the module from one mobo to another, doesn't it? Edit: I've read a little more about TPM... Does PC go same way as most gaming consoles went already? Everything is secured, from very boot... no unsigned code, nothing... unless there is a key leak or some sort of bug...
ACPI tables Code: Laptops have dynamically build ACPI tables. In BIOS module the RSTD length is 0: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000054F0 52 53 44 RSD 00005500 54 00 00 00 00 01 00 44 45 4C 4C 20 20 4D 30 37 T......DELL M07 00005510 20 20 20 20 00 0B 0A D7 27 41 53 4C 20 61 00 00 ...×'ASL a.. 00005520 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00005530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00005540 00 46 41 43 50 74 00 00 00 01 00 44 45 4C 4C 20 .FACPt.....DELL 00005550 20 4D 30 37 20 20 20 20 00 0B 0A D7 27 41 53 4C M07 ...×'ASL 00005560 20 61 00 00 00 00 00 00 00 00 00 00 00 01 02 09 a.............. 00005570 00 B2 00 00 00 70 71 97 80 00 10 00 00 00 00 00 .²...pq—€....... 00005580 00 04 10 00 00 00 00 00 00 20 10 00 00 08 10 00 ......... ...... 00005590 00 28 10 00 00 00 00 00 00 04 02 01 04 08 00 00 .(.............. 000055A0 00 96 00 FA 00 00 00 00 00 01 03 0D 00 32 03 00 .–.ú.........2.. 000055B0 00 BD 82 00 00 41 50 49 43 68 00 00 00 01 00 44 .½‚..APICh.....D Code: Desktops have statically linked already populated ACPI tables: GX620 / A11 for example, RSDT length 40 & XSDT length 5C * Obviously, RSDT module is loaded to very same address every time. Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00005200 52 53 44 54 40 00 00 00 01 00 44 45 4C [email protected] 00005210 4C 20 20 47 58 36 32 30 20 20 00 07 00 00 00 41 L GX620 .....A 00005220 53 4C 20 61 00 00 00 DB D2 0F 00 00 00 00 00 43 SL a...ÛÒ......C 00005230 D4 0F 00 B5 D4 0F 00 DD D4 0F 00 44 D5 0F 00 82 Ô..µÔ..ÝÔ..DÕ..‚ 00005240 D5 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Õ............... 00005250 00 00 00 00 00 00 00 58 53 44 54 5C 00 00 00 01 .......XSDT\.... 00005260 00 44 45 4C 4C 20 20 47 58 36 32 30 20 20 00 07 .DELL GX620 .. 00005270 00 00 00 41 53 4C 20 61 00 00 00 4F D3 0F 00 00 ...ASL a...OÓ... 00005280 00 00 00 00 00 00 00 00 00 00 00 43 D4 0F 00 00 ...........CÔ... 00005290 00 00 00 B5 D4 0F 00 00 00 00 00 DD D4 0F 00 00 ...µÔ......ÝÔ... 000052A0 00 00 00 44 D5 0F 00 00 00 00 00 82 D5 0F 00 00 ...DÕ......‚Õ... 000052B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000052C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000052D0 00 00 00 00 00 00 00 00 00 00 00 46 41 43 50 74 ...........FACPt 000052E0 00 00 00 01 00 44 45 4C 4C 20 20 47 58 36 32 30 .....DELL GX620 000052F0 20 20 00 07 00 00 00 41 53 4C 20 61 00 00 00 00 .....ASL a.... 00005300 00 00 00 00 00 00 00 01 00 09 00 B2 00 00 00 70 ...........²...p 00005310 71 00 00 00 08 00 00 00 00 00 00 04 08 00 00 00 q............... 00005320 00 00 00 00 00 00 00 08 08 00 00 28 08 00 00 00 ...........(.... 00005330 00 00 00 04 02 00 04 08 00 00 00 F4 01 88 13 00 ...........ô.ˆ.. 00005340 00 00 00 00 00 00 00 00 00 00 00 A5 00 00 00 46 ...........¥...F 00005350 41 43 50 F4 00 00 00 03 00 44 45 4C 4C 20 20 47 ACPô.....DELL G 00005360 58 36 32 30 20 20 00 07 00 00 00 41 53 4C 20 61 X620 .....ASL a I.e. add SLIC is really piece of cake! The real pity is – laptops have recovery module while desktops don’t. From another hand – to laptop mod will require some code injection - i.e. quite more complex, error prone, and might be different for different families / BIOS revisions) Another observation – desktop RSDT modules are quite sparse – lot’s unused space to insert anything - good for future development. And notebook RSDT modules are very dense – no empty space at all. Even small code injection will extend module size. I use to have whole bunch of old Dell desktops… Not anymore – they were all thrown out right before new year BTW: Sebus - could you compare my dump with SLIC_ToolKit_V3.0 report and post its ACPI page here, please?
Different situation with DELL 8400 RSDT length 3C, but there is no any free slots - FACP table follows immediately. In this case: RSDT table need to be relocated – only 3C bytes (need to fine 40 bytes - one more slot for SLIC PTR) Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00004C90 52 53 44 54 3C 00 00 00 01 00 RSDT<..... 00004CA0 44 45 4C 4C 20 20 38 34 30 30 20 20 20 00 07 00 DELL 8400 ... 00004CB0 00 00 41 53 4C 20 61 00 00 00 D2 CC 0F 00 00 00 ..ASL a...ÒÌ.... 00004CC0 00 00 46 CD 0F 00 D8 CD 0F 00 00 CE 0F 00 3E CE ..FÍ..ØÍ...Î..>Î 00004CD0 0F 00 46 41 43 50 74 00 00 00 01 00 44 45 4C 4C ..FACPt.....DELL RSD PTR need to be corrected – it’s static too AND in the same module! Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00006BF0 52 53 44 20 50 54 52 20 00 44 45 4C 4C 20 20 00 RSD PTR .DELL . 00006C00 96 CC 0F 00 –Ì..
Here it is: PHP: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0001D200 52 53 44 54 40 00 00 00 01 E1 44 45 4C RSDT@....áDEL 0001D210 4C 20 20 47 58 36 32 30 20 20 00 07 00 00 00 41 L GX620 .....A 0001D220 53 4C 20 61 00 00 00 DB D2 0F 00 15 88 FD FF 43 SL a...ÛÒ...ˆýÿC 0001D230 D4 0F 00 B5 D4 0F 00 DD D4 0F 00 44 D5 0F 00 82 Ô..µÔ..ÝÔ..DÕ..‚ 0001D240 D5 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Õ............... 0001D250 00 00 00 00 00 00 00 58 53 44 54 5C 00 00 00 01 .......XSDT\.... 0001D260 4A 44 45 4C 4C 20 20 47 58 36 32 30 20 20 00 07 JDELL GX620 .. 0001D270 00 00 00 41 53 4C 20 61 00 00 00 4F D3 0F 00 00 ...ASL a...OÓ... 0001D280 00 00 00 15 88 FD FF 00 00 00 00 43 D4 0F 00 00 ....ˆýÿ....CÔ... 0001D290 00 00 00 B5 D4 0F 00 00 00 00 00 DD D4 0F 00 00 ...µÔ......ÝÔ... 0001D2A0 00 00 00 44 D5 0F 00 00 00 00 00 82 D5 0F 00 00 ...DÕ......‚Õ... 0001D2B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0001D2C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0001D2D0 00 00 00 00 00 00 00 00 00 00 00 46 41 43 50 74 ...........FACPt 0001D2E0 00 00 00 01 2F 44 45 4C 4C 20 20 47 58 36 32 30 ..../DELL GX620 0001D2F0 20 20 00 07 00 00 00 41 53 4C 20 61 00 00 00 00 .....ASL a.... 0001D300 6C 68 5F 52 49 FD FF 01 00 09 00 B2 00 00 00 70 lh_RIýÿ....²...p 0001D310 71 00 00 00 08 00 00 00 00 00 00 04 08 00 00 00 q............... 0001D320 00 00 00 00 00 00 00 08 08 00 00 28 08 00 00 00 ...........(.... 0001D330 00 00 00 04 02 00 04 08 00 00 00 F4 01 88 13 00 ...........ô.ˆ.. 0001D340 00 00 00 00 00 00 00 00 00 00 00 A5 00 00 00 46 ...........¥...F 0001D350 41 43 50 F4 00 00 00 03 DF 44 45 4C 4C 20 20 47 ACPô....ßDELL G 0001D360 58 36 32 30 20 20 00 07 00 00 00 41 53 4C 20 61 X620 .....ASL a
It matches, but address 0001D200 looks strange... Can you post this table too, please? It's SLIC_ToolKit_V3.0 report ACPI page - the last one. Code: Table NameOEMID&TableIDAddress LenthDescription Table (ACPI 2.0) RSD PTR DELL 000FEBF1 36Root System Desc.Pointer | |- RSDTDELL B9K 000FD032 68Root System Desc.Table | | | 00 |- FACP DELL B9K 000FD146 116 | 01 |- SSDT DELLst_ex FFF5DB88 172 | 02 |- BOOT DELL B9K 000FD340 40 | 03 |- MCFG DELL B9K 000FD368 62 | 04 |- HPET DELL B9K 000FD3A6 56 |* 05 |- SLIC DELL B9K 000FD3DE 374Software Licensing Desc.Table | 06 |- OSFR DELL B9K CFE55C00 124 | 07 |- APIC DELL B9K 000FD2AE 146 | |- XSDTDELL B9K 000FD09A 100Extended System Desc.Table | 00 |- FACP DELL B9K 000FD1BA 244 01 |- SSDT DELLst_ex FFF5DB88 172 02 |- APIC DELL B9K 000FD2AE 146 03 |- BOOT DELL B9K 000FD340 40 04 |- MCFG DELL B9K 000FD368 62 05 |- HPET DELL B9K 000FD3A6 56 06 |- OSFR DELL B9K CFE55C00 124 * 07 |- SLIC DELL B9K 000FD3DE 374Software Licensing Desc.Table