Thanks a lot. I thought the 'issue' is only related at encryption of the EFI that is provided by HP. When decrypted I basically have all done. I didn't know that there are still digital signatures at the decrypted image.... This is getting odd. Soon we cannot mod anything anymore. I suggest to avoid to buy HP products in the future. There is nothing else we could do..... So can it be modded since I alter the sum when modifying?
Yeah, you can generate your own public&private key pair and replace one of HP's public key in the PEI [e.g.: external flasher]. Then you can easily replace everything since you can generate valid signatures. There's also a possible software-only way [theoretically, it could work, but I never tried it]. It's a difficult two stage process and if something goes wrong you definitly need a external flasher as well. It would work like this: - stage 1 - needs to be done once - 1. patch HP's UEFI utilities [CryptRSA.efi] to accept even invalid signatures 2. hide the HP_TOOL partition 3. generate the sha1 sum of the new cryptrsa.efi and replace it with the one which is already in the DXE image. Flash the modded bios with the windows utility and reboot. - If it boots, then you can commence with stage 2 which has to be performed for every new bios update - 1. Generate your own private/public 2048bit rsa key and place the public key into the PEI image. Generate a rsa-sha1 signature [with your own private key of course] of the modded PEI image and place it into the bios image. 2. Patch the whitelist module. Generate a sha1-rsa of the modded DXE image and place it into the bios image. 3. generate a signature of the modded bios and put the public key into the insydeflash.dll. 4. unhide the HP_TOOL partition and run insydeflash.exe 5. let it reboot and watch the HP UEFI bios flasher utility flashing the new bios. 6. hope it works after the final reboot. Note: There are short-cuts but HP can kill them easily with a new update.
Ok..... Only for that to test I would like to have a HP notebook and an external programmer, lol. I don't know much about the notebooks itself when I try to mod a BIOS / EFI. So forgive me when I ask common questions. HP's notebooks have a hidden partition with tools on it? Does it hold the image for recovery as well? The HP UEFI tools you are talking about are they found at the hidden partition? Or can I download them somewhere? What actually happens if I try to flash a mod without to care about anything? Brick? I wonder why netwaves attempt to flash a mod went well then.....it even had a broken sig. which had been ignored by the patched flasher dll... Could I inject a patched PEI (with my own pub key) via recovery?
My HP has no hidden partition, I removed it when I bought the laptop & installed my own customized version of win7 The last thing I wanted to keep was that factory built recovery image. post #42 link to that EFI program wanted to re-create a partition so aborted the install.
Had you tested the mod of bios-mods intensively? I mean have you booted to windows? Or have you stopped when the 105 error occurred? It seemed it didn't complain about an invalid signature. I guess he has modded one of the DXE module, so there is probably no DXE check. I still haven't got the complete IDs...for a mod...but will research some more...this is getting interesting.
I could not access windows, that 105 error pops up almost instantly on power up! I had to remove the card & restart before I could access the O.S I've put a request in for the IDs of that WWAN card, Hopefully Ile have them soon.
Yeah, hence I asked via recovery (trigger a recovery by pressing the key combination and provide the image via USB) I know that there is another tool flas**t. Used with the /all switch it flashes all parts. An unwanted side effect is that you might lose the UUID of your particular notebook. The EFI then annoys at every reboot that the UUID is missing, zero or 0xFFFFFFFF....you need to press a key then to pass that message at every reboot. The platform.ini of the windowsflasher controls the update. Why not simply alter some flags? Code: [ForceFlash] ALL=0 BB_PEI=0 CPU_Microcode=0 Variable=0 DXE=0 EC=0 Password=0 OEM_NVS=0 Logo=0 Type#09=0 Type#08=0 ;ALL default : 0. ; 0 : Reserve all protected areas. ; 1 : Flash all ROM parts. ;BB_PEI, CPU_Microcode, Variable, DXE, EC, Password, OEM_NVS, Logo, Type#09, Type#08 ; default : 0. ; 0 : Protect these areas if BIOS report them are protected areas. ; 1 : Force flash these areas if BIOS report them are protected areas. @netwave Have you a compatible driver package for your WWAN you want to run? It should contain the IDs.....maybe we can locate the right ones since they usually are made for more than one device....
I think that won't work with preparation. The reason is that the UEFI flasher reads the xyz.bin and the xyz.sig [which is of course the rsa-sha1 signature] file. Does flas**t know how to deal with the ec? Also what about the MEI controller, since this intel mei controller firmware also resides in the image. I tried that once... but it didn't had any effect. Still only the DXE was flashed and on reboot I got a red-letter message saying that the flash could not be finished due to a authentication error. [maybe netwave has a insydeflash log handy.]
I guess nobody has ever checked if flas**t /all flashes really the entire image. HP has manipulated the insyde flasher for their own interests. All we'd need is a native flasher which doesn't care about anything. When we want to update a chip then the flasher simply should write those 2048 KByte in RAW binary mode, no matter what it is. My idea is to grab different tools from different OEMs (such as ASUS and MSI) which are known not to be that restrictive, that are able to flash their EFI. If the chip isn't different it should work here as well. Anyway the more I read the less I would ever buy a HP notebook. They are restricted and their end of life span seem to be short. I know 3 ex HP notebook users (friends). All their notebooks have died in between 3 years. It's been either the panel or the GPU..... They make decent S-IPS monitors, though (ZR24w). I feel a kind of retarded, lol, I don't have a EFI PC and I don't have an external flasher. So I can't test anything....I only can write posts. Regarding flas**t /all I can say that it is able to update parts of the EFI which insydeflash cannot (RAW data parts of the image, ROM 'holes'), no matter what some have tried...... I'll have a look later at the drivers and the new mod he has made........
Yen, I dont think the low end HP Laptops like mine are that bad apart from there restricted BIOS's LOL I've owned top end Toshiba & Dell XPS laptops with dual core processors etc in the past, but they struggle to keep cool, those powerful embedded GPUs end up too hot & need re-balling after a certain temperature threshold usually caused by dust or general fan obstruction I have a cheapo HP DM3 laptop for these very reasons only upgrading to an SSD hdd & more memory. BTW I just tried Camiloml's second revision I meationed , but im getting same 105 error.
Thanks I'll check that, you are brave when flashing his mods since he alters code I guess. Well I have made a mod. I have added /replaced the IDs which have been confirmed at MDL and the source I have posted assuming it has no subsys IDs Anyway zuvieltext has mentioned that there are probable some signature checks that take effect if you change VT settings at the EFI. Since I am very careful it would be good to know if recovery works. Maybe he can write a how to. Andy's tool gives the following path for a recovery of the sp50780 version: HEWLETT-PACKARD\BIOS\Current\0147F.bin Which means the original bin needs to be renamed to 0147F.bin and placed into the subdir Current created on a FAT32 USB thumb drive. Also I don't know if the fact that you haven't got the tools partition anymore is a problem. I don't know if it's essential for a successful recovery...
He has patched at the second one a jnz short loc_180001A44 (a conditional jump at module 91472655-50E0-4D81-9AF6-239E6F431B8C_2_595.ROM at offset 1A4Bh) to jnz short $+2 Hmmm IMHO this module provides drivers for supported devices and has nothing to do with the error message, you can see there devices which are supported, but I guess it are drivers for them....but I could be wrong. I know that TTAV134 who is an expert in this has always patched the module that triggers the error message itself and no other at HP EFI.