On Wed, 20 Mar 2013 19:09:07 +0400 Vasiliy Vylegzhanin coder@npo-echelon.ru wrote:
Warning: Setting Bios Control at 0xdc from 0x0a to 0x0b on QM77 failed.
I did miss that line in the first mail. Your BIOS traps the access to that register and reverts it in SMM so that the general write protection of the flash chip remains enabled. See also the mail titled "success hacking DELL Dimension 4100" with the same underlying problem. Sadly the exact hack was not posted (yet), you may wanna ping Bertho to send his solution.
0x74: 0x8fff0f70 PR0: Warning: 0x00f70000-0x00ffffff is read-only.
While that's not the problem, you need to take that range into account to. It is probably the boot sector.
On 20/03/13 15:42, Stefan Tauner wrote:
On Wed, 20 Mar 2013 19:09:07 +0400 Vasiliy Vylegzhanin coder@npo-echelon.ru wrote:
Warning: Setting Bios Control at 0xdc from 0x0a to 0x0b on QM77 failed.
I did miss that line in the first mail. Your BIOS traps the access to that register and reverts it in SMM so that the general write protection of the flash chip remains enabled. See also the mail titled "success hacking DELL Dimension 4100" with the same underlying problem. Sadly the exact hack was not posted (yet), you may wanna ping Bertho to send his solution.
I'll bet that the SMRAM will be locked and so the above hack will not be possible. Bertho was able to do it on an old board whereas this one in question is much newer. You might be lucky, but I doubt it. The hack is simple enough in essence. Enable non-SMM access to the SMRAM via the chipset (this is the bit I expect not to work as it should be locked down via a write once mechanism) and then poke the RSM instruction into the SMI vector ie SMRAM + 0x8000. The location of the SMRAM should be visible from chipset settings iirc. Finally disable non-SMM access to the SMRAM. This will prevent all SMM activity which may include thermal control, hotplug assistance etc. so you probably don't want to leave it in this state for longer than necessary.
Andrew