[REQUEST] Dell G3 3579 BIOS Password & AMI Protected Range/BIOS Guard Unlock
Hello, I have an old Dell G3 3579 (ST: 2WQ7LP2-8FC8) with a newer 8FC8 BIOS password. I have successfully attached to the flash chip (W25Q128JVSQ) on the motherboard with a CH341A programmer and made several modifications using Intel FIT (e.g., allow software SPI write) without bricking. I was also able to boot to a modified GRUB shell where I attempted to edit many BIOS security related options like BIOS Guard/Lock, Flash Signature Override, ME FW Image Re-Flash, etc.
Unfortunately, some of these modifications like to Intel BIOS Guard failed because it is fused into the PCH. Also, I am not sure any of the setup_var* changes actually worked- they stay persistent after reboot, but I changed a few options that did not seem to take effect.
Two key requests:
1. Remove the BIOS password and reset my device to the manufacturing state where I can re-enter my details.
2. If possible, help me remove/bypass "AMI v2 protected ranges" which guard all SMM modules in my BIOS to allow for modifications. This is NOT Intel boot/bios guard, which afaik is fused.
For #1, I took a look at some old threads, including using HxD to diff BIOS password unlock images from other user requests. I also tried an automatic 8FC8 BIOS unlock patcher recently posted on this forum [1]. Both approaches failed (former could not find equivalent data in my BIOS dump to modify, latter the patterns were not found in my BIOS). I also tried some SMM driver modifications, but ran into #2.
For #2, I am able to flash all addresses, but touching any SMM region in yellow under UEFITool (not red/boot guard) leads to Dell BIOS recovery prompt. I am fairly confident that my image with a modified SMM driver was well-formed. What is quite frustrating is that many of these SMM drivers are not protected on other similar Dell device BIOS'. I looked at a Dell XPS 13 9350 image and Latitude 3440 image in UEFITool, both still had AMI protection, but not on most SMM drivers. I would greatly appreciate it if you could take a look at this issue beyond just the BIOS password.
Please let me know if I can provide anything else. Thank you.
[1] https://www.badcaps.net/forum/troubl...l-8fc8-patcher
Unfortunately, some of these modifications like to Intel BIOS Guard failed because it is fused into the PCH. Also, I am not sure any of the setup_var* changes actually worked- they stay persistent after reboot, but I changed a few options that did not seem to take effect.
Two key requests:
1. Remove the BIOS password and reset my device to the manufacturing state where I can re-enter my details.
2. If possible, help me remove/bypass "AMI v2 protected ranges" which guard all SMM modules in my BIOS to allow for modifications. This is NOT Intel boot/bios guard, which afaik is fused.
For #1, I took a look at some old threads, including using HxD to diff BIOS password unlock images from other user requests. I also tried an automatic 8FC8 BIOS unlock patcher recently posted on this forum [1]. Both approaches failed (former could not find equivalent data in my BIOS dump to modify, latter the patterns were not found in my BIOS). I also tried some SMM driver modifications, but ran into #2.
For #2, I am able to flash all addresses, but touching any SMM region in yellow under UEFITool (not red/boot guard) leads to Dell BIOS recovery prompt. I am fairly confident that my image with a modified SMM driver was well-formed. What is quite frustrating is that many of these SMM drivers are not protected on other similar Dell device BIOS'. I looked at a Dell XPS 13 9350 image and Latitude 3440 image in UEFITool, both still had AMI protection, but not on most SMM drivers. I would greatly appreciate it if you could take a look at this issue beyond just the BIOS password.
Please let me know if I can provide anything else. Thank you.
[1] https://www.badcaps.net/forum/troubl...l-8fc8-patcher
Comment