First this is an uefi restriction, to be specific the driver is 'locked' and applies to Phoneix and Insyde Bios'es. Code: // Bios Lock 48 8B 0D 6D 08 00 00 mov rcx,qword ptr [00000ED8h] ; LPC registers base is stored in memory B2 FE mov dl,0FEh ; 0xFE is (NOT 0x01), 0x01 is BIOSWE, i.e. disable BIOS write 48 81 C1 DC 00 00 00 add rcx,0DCh ; 0xDC is BIOS_CNTL register offset E9 5F010000 jmp 00000000000007D8;Jump to write function The SMI code sets BIOSWE bit to 0 and this needs to be changed, because the flash procedure tries to change this to 1. Changing 0xFE to 0xFF will disable it. Code: // SMI Lock 48 8B 0D 42 08 00 00 mov rcx,qword ptr [00000ED8h] ; LPC registers base is stored in memory 48 83 64 24 48 00 and qword ptr [rsp+48h],0 ; Some stack variable is now 0, not related B2 20 mov dl,20h ; 0x20 is SMI_BWP, i.e enable SMI generation after BIOSWE set to 1 48 81 C1 DC 00 00 00 add rcx,0DCh ; 0xDC is BIOS_CNTL register offset E8 02 01 00 00 call 00000000000007AC ; Call of write function Here we need changing 0x20 to 0x00 which will disable registration and handler itself within the SMI handler. After both modifications BIOSWE=1 and SMM_BWP=0 in BIOS_CNTL register, that allows flashrom to work normally. Why is this all important? E.g. in case you want to upgrade your MEI firmware and get an error like 368.