flat assembler
Message board for the users of flat assembler.
Index
> OS Construction > Need access to UEFI setup variables |
Author |
|
I 23 Aug 2023, 01:44
Well I know next to nothing and only a little experience with HW that is 10 years old or more but as there haven't been any answers I will try to help.
How early? Usually 'GetVariable' call is used to read info but this info is a little like reading a data section in a program, one needs to know what is being referenced for it to make sense. If you are looking for stuff that can be seen in the BIOS Setup screen then parsing the relevant UEFI form(s) would help. Without source code the rest would probably need some serious BIOS debugging. Can you link firmware of a UEFI/BIOS you are using and example of what you want to do? might make explaining easier. |
|||
23 Aug 2023, 01:44 |
|
Overclick 23 Aug 2023, 04:47
I need to read Voltage settings to use it in my RAW (SMM) driver as my mobo ignoring that settings for locked Xeon. So first of all I need to read it somehow by own DXE driver then modify RAW driver in SMRAM by that values.
Another solution is to modify UEFI to let it use mechanics provided to change voltage for unlocked processors. But there is another problem -- checksum, security check etc. Any modifications in PEI drivers even one byte completelly breacks loading. I tried to focus on Security using IDA but it seems protected from be clearly analysed. https://download.asrock.com/BIOS/2011/X99%20Extreme4(3.81)ROM.zip Last edited by Overclick on 23 Aug 2023, 11:47; edited 1 time in total |
|||
23 Aug 2023, 04:47 |
|
I 23 Aug 2023, 09:38
Will take a look. Which xeon? I take it's for increasing all core turbo?
|
|||
23 Aug 2023, 09:38 |
|
Overclick 23 Aug 2023, 11:53
I just don't want to reflash my firmware each time I want to change settings little bit.
Have a look at my RAW driver https://board.flatassembler.net/topic.php?t=22733 |
|||
23 Aug 2023, 11:53 |
|
I 23 Aug 2023, 13:19
by Payne lol, what he did was change some of the text output, adding 'by payne' and compile by changing the master voltage setting while taking credit for someone else's work.
Yes, that's okay for checking for function but not a good way to do it IMO. Your BIOS has voltage settings suppressed in Setup, can bypass those to give voltage adjustment in BIOS setup. Maybe can use Intel FPT 9.1 for backup/flashing? IIRC the early BIOS read variable is readonly and 32-bit when first loading. |
|||
23 Aug 2023, 13:19 |
|
Overclick 23 Aug 2023, 14:15
I wrote: by Payne lol You look at wrong place. I don't care who was the first to use MSR registers, I think it was Intel. That principle have used in everyone TurboBoost or Undervolt solution (RAW,DXE,PEI,boot loader) Anyway my question is not about payne or flash tool. I'm looking for variables to read. I see some parameters for that variables in NVRAM section but need some example to calculate the address from provided offsets. No matter its Asrock offset or Default Intel as I was opened that hided default menu.
|
||||||||||
23 Aug 2023, 14:15 |
|
I 24 Aug 2023, 05:22
DXE
Code: format pe64 dll efi entry start struc GUID def { match d1-d2-d3-d4-d5, def \{ .Data1 dd 0x\#d1 .Data2 dw 0x\#d2 .Data3 dw 0x\#d3 .Data4 db 0x\#d4 shr 8,0x\#d4 and 0FFh .Data5 db 0x\#d5 shr 40,0x\#d5 shr 32 and 0FFh,0x\#d5 shr 24 and 0FFh,0x\#d5 shr 16 and 0FFh,0x\#d5 shr 8 and 0FFh,0x\#d5 and 0FFh \} } macro struct name { virtual at 0 name name end virtual } struc int32 { align 4 . dd ? } struc int64 { align 8 . dq ? } struc intn { align 8 . dq ? } struc dptr { align 8 . dq ? } struc EFI_TABLE_HEADER { .Signature int64 .Revision int32 .HeaderSize int32 .CRC32 int32 .Reserved int32 } struct EFI_TABLE_HEADER struc EFI_SYSTEM_TABLE { .Hdr EFI_TABLE_HEADER .FirmwareVendor dptr .FirmwareRevision int32 .ConsoleInHandle dptr .ConIn dptr .ConsoleOutHandle dptr .ConOut dptr .StandardErrorHandle dptr .StdErr dptr .RuntimeServices dptr .BootServices dptr .NumberOfTableEntries intn .ConfigurationTable dptr } struct EFI_SYSTEM_TABLE struc EFI_RUNTIME_SERVICES_TABLE { .Hdr EFI_TABLE_HEADER .GetTime dptr .SetTime dptr .GetWakeUpTime dptr .SetWakeUpTime dptr .SetVirtualAddressMap dptr .ConvertPointer dptr .GetVariable dptr .GetNextVariableName dptr .SetVariable dptr .GetNextHighMonoCount dptr .ResetSystem dptr } struct EFI_RUNTIME_SERVICES_TABLE struc SIMPLE_TEXT_OUTPUT_INTERFACE { .Reset dptr .OutputString dptr .TestString dptr .QueryMode dptr .SetMode dptr .SetAttribute dptr .ClearScreen dptr .SetCursorPosition dptr .EnableCursor dptr .Mode dptr } struct SIMPLE_TEXT_OUTPUT_INTERFACE ;==================================================================== section '.text' code executable readable start: push r15 sub rsp,20*8 mov r15,rdx ; pointer to SystemTable lea rcx,[pVariableName] ; Setup lea rdx,[pGuid] ; GUID EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9 lea r8,[Attributes] lea r9,[StoreSize] ; 0x1a9 (will return size if wrong + error) lea rax,[VarBuff] ; Place to save values mov qword[rsp+20h],rax mov rax,[r15 + EFI_SYSTEM_TABLE.RuntimeServices] call [rax + EFI_RUNTIME_SERVICES_TABLE.GetVariable] mov [Result],rax movzx rdx,word[VarBuff+0xf3] ; Vcore Voltage Additional Offset at 0xf3 (16bit) test rax,rax jz @f lea rdx,[_Error] call TextOut mov rdx,[Result] @@: lea rdi,[HexBuff+22h] ; Print result routine std mov ecx,16 NextHex: mov al,dl and al,0xf cmp al,9 jbe @f add al,7 @@: add al,'0' stosw shr rdx,4 ; dec ecx ; comment out for no leading zero's jnz NextHex lea rdx,[rdi-2] mov dword[rdx],0x780030 ; du '0x' cld call TextOut add rsp,20*8 xor rax,rax pop r15 ret TextOut: sub rsp,5*8 mov rcx, [r15 + EFI_SYSTEM_TABLE.ConOut] call [rcx + SIMPLE_TEXT_OUTPUT_INTERFACE.OutputString] add rsp,5*8 ret align 16 pGuid GUID EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9 ;dq 4BB5EBA4EC87D643h, 0A90DB2363E3FE5A1h; pVariableName du 'Setup',0 _Error du 'Error ',0 ;==================================================================== section '.data' data readable writeable SystemTable dq 0 StoreSize dq 0x1a9 Result dq 0 Attributes dd 0 HexBuff rw 18 dd 0xa00 ; line feed VarBuff rb 0x1a9 ;==================================================================== section '.reloc' fixups data readable discardable if ~ $-$$ dd 0,8 end if PEI Code: ;============================================================================ ; Read Setup (PEI) ;---------------------------------------------------------------------------- mov eax,[ebp+0ch] ; PeiServices mov ecx, dword [eax] push ebx lea edx, [ebp-4H] ; push edx ; pGetVariable xor ebx, ebx push ebx ; Null push ebx ; 0 push EfiPeiReadOnlyVariable2PpiGuid ; EfiPeiReadOnlyVariable2PpiGuid push eax ; PeiServices mov dword [ebp-4H], ebx ; mov [pGetVariable],0 mov dword [ebp-8H], 0x1A9 ; Store size call near [ecx+20H] ; PeiServicesLocatePpi ? add esp, 20 ; test eax, eax ; jl StoreFail ; Jump if negative (failed) lea eax, [ebp-200H] ; push eax ; Place to save values lea eax, [ebp-8H] ; push eax ; Store Size (1A9) mov eax, dword [ebp-4H] ; push ebx ; Null push EfiSetupVariableGuid ; EfiSetupVariableGuid push Setup ; Store name (Setup) push eax ; pGetVariable call near [eax] ; GetVariable add esp, 24 pop ebx ; test eax, eax ; jnz StoreFail ; jump not success ;---------------------------------------------------------------------------- EfiSetupVariableGuid GUID EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9 EfiPeiReadOnlyVariable2PpiGuid GUID 2ab86ef5-ecb5-4134-b556-3854ca1fe1b4 Setup du 'Setup',0 |
|||
24 Aug 2023, 05:22 |
|
Overclick 25 Aug 2023, 00:54
DXE works just fine thanks. My next step will be SMM modification from that DXE for Sleep Mode
Do you know how to compile directly to <file>.ffs ? I using converter for now. I don't touch PEI until security issues passed. |
|||
25 Aug 2023, 00:54 |
|
Overclick 13 Sep 2023, 23:12
I do not deal with SMM, my mistake. Do you know how to read variables from much earlier SEC phase? If it's impossible without huge bunch of initialisations then can I modify RAM copy of firmware somehow by DXE? As I see it checking itself for S-states it loads from, that means some modifying is possible and I think it's located in RAM copy or not?
|
|||||||||||||||||||
13 Sep 2023, 23:12 |
|
Overclick 13 Oct 2023, 16:28
As I did not find any possibility to get settings at SEC (early boot) stage I did little patcher for boot sector of BIOS from 0xFF0000 to the end that works fast.
To accept new settings it needs only to Sleep/Wakeup after patch.
|
|||||||||||
13 Oct 2023, 16:28 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.