[coreboot] [TOOLS] G505S owners - Extract all Option ROMs now! InsydeH20 BIOS dev tools release

Mike Banon mikebdp2 at gmail.com
Fri Jun 23 15:39:02 CEST 2017 

Insyde Software Japan has released some of their outdated BIOS dev tools:

GitHub repository - https://github.com/s-sosnitskiy80/Insider_BIOS_Tools

https://www.bios-mods.com/forum/Thread-Insider-BIOS-Tools-First-Release

Already downloaded them and tested! Perhaps the only one of InsydeH20 tools
that can be (very!) useful to us,the glorious coreboot people, - is H20EZE :

"H20EZE: Easy BIOS Editor that helps edit binaries in the BIOS,
including Option ROMs, driver binaries, logos, and Setup values"

I have G505S coreboot-supported AMD laptop which originally had InsydeH20
proprietary BIOS. Until this day it has been possible to extract only a few
option ROMs from this BIOS; e.g. to extract VGABIOS of A10-5750M integrated
graphics by the "Retrieval via Linux kernel" method - which gives you a ROM
that has been significantly altered during the proprietary BIOS boot time.
Other ROMs, such as discrete graphics ROM, were impossible to extract at all
(some modifications of G505S laptop - have HD 8570M or R5 M230 discrete GPU)

Using this H20EZE tool I have successfully extracted all 15 Option ROMs in
their pristine state! Not modified by the proprietary BIOS while booting :)

* 8 VGABIOS ROMs (3 of which could be suitable for various G505S versions:
ROMs for HD 8650G integrated graphics and for HD 8570M and R5 M230 discrete)
* 6 Intel Boot Agent PXE ROMs(aka backdoors;) - 4 for Atheros, 2 for Realtek
* 1 AHCI ROM for AMD SATA controller of SB7x0/SB8x0/SB9x0 southbridge

Currently I am extracting all 284 proprietary UEFI/BIOS modules, because
some of them could be very useful for reverse engineering the software-only
internal method/protocol of flashing the KB9012 EC controller 128KB firmware

G505S firmware inside KB9012 EC keyboard controller - is closed source and
must be reverse engineered. Its much faster to develop a free-as-in-freedom
firmware replacement if you could reflash a firmware internally: it takes
less than a minute, while the currently-available-to-us hardware flashing
method (via flashrom with a keyboard flex cable) takes at least 15 minutes!
Also it will be easier to internally flash a reverse engineered firmware

Sadly it is impossible to extract multiple modules or OpROMs in one single
action; you have to extract them one-by-one, so it is going to take me a few
hours to correctly extract all 284 modules without any mistakes and repeats

Currently this H20EZE tool is closed source and Windows only (it seems that
Linux version has not been released yet), and for these reasons, despite
these tools have been re-licensed to a permissive freeware CC-ND license,
they should not be included to our bios_extract repository available here:

https://review.coreboot.org/cgit/bios_extract.git/tree/

By the way this coreboot's repository has some unofficial "insyde-tools",
but frankly they are total garbage: cannot extract anything from my BIOS!
The official H20EZE tool is performing much much better - and although it is
3 years old, the latest proprietary BIOS for G505S is even older, so its OK

Best regards,
Mike Banon

More information about the coreboot mailing list