# ASRock Z370/Z390 Taichi (and some others, actively modding!) Firmware with Intel Management Engine Disabled



## R-T-B (May 5, 2018)

*THIS PROJECT IS PRESENTLY ON HOLD.*

This is simply 1.80 "Instant Flash" firmware for the Z370 Taichi (and now with help from @Mork_vom_Ork, the Z270 SuperCarrier v2.40) straight from ASRock stock unmodifed (minus some sig checks disabled) other than the Intel Management Engine firmware being scrubbed/disabled/neutered with the available me_cleaner tools from github.

There are also experimental images for other boards.

It should be noted that me_cleaner does not completely remove the Intel ME anymore (that's impossible) however it does rather install "neutered" firmware that removes as much as it can and instructs the coprocessor to shutdown the management engine completely following POST.

The effect is the management engine and all it's features no longer function.  Don't install this if you depend on something the management engine provides (Intel's software TPM functionality or similar come to mind, SGX extensions maybe, not much else if anything really).

Everything else on the board works as far as I can tell, including overclocking (though I did not test BCLK OCing) and fan control.

You can revert to the old firmware at any time.

*INSTRUCTIONS:*

File is a zip.  Unzip single contained file to FAT32 USB.  Do not rename the file.  Instant Flash tool in their stock UEFI will now find it and allow you to flash it (unless you turned USB support off at boot time, of course).

If you get a sig check warning, try flashing from an older stock bios.

Also, you are downloading this from a PC that is actively crypto mining.  It shouldn't effect anything, and is being done to save energy over a separate server, but needless to say if your download breaks, it probably rebooted.  Try again.

Questions/comments go in this thread.  Technical discussion / bug reports only please.  I want to keep this thread clean of any politics besides my own. 

*Stable Board Downloads **here*:

*Experimental Board Firmware **here**: (be sure and read the **readme/warning* *for these images)*


*The two sections are optional reading, and apply (mostly) to when this thread only supported the Z370 Taichi.*

*Some tech notes*:  This was a bit more than just running "me_cleaner.py" on the bios image.  ASRock won't flash the ME region of the bios unless it thinks it's newer than the existing one.  So I had to splice in newer than ASRock's latest ME firmware (it exists) and then disable that particular ME image with me_cleaner.  ASRock Firmware then accepts it as newer and will flash it to the ME region, disabling the Intel ME entirely.  From there, you can revert back to ME-enabled firmware freely, because this special image identifies as "Intel ME version 0.0.0.0" so ASRock thinks literally ANY other image on earth is newer than this one.  It's harmless to try, though obviously you do so at your own risk, like any BIOS flash.  I will say I have had absolutely zero issues.

Note that I can support other boards but I'm familiar most with GIGABYTE and ASRock sig checks (with maybe a side of ASUS), and I won't be able to test preflash, so you would have to flash at your own risk with no testing done.

*Some political notes*:  I do not subscribe to the idea that the Intel Management Engine is a "NSA backdoor" or any of that tinfoil-hat garbage.  People who don't understand technology need to get a grip and listen to those who at least somewhat do:  There's really no way it can be, as it's web traffic and stack is wiresharkable so if that were the case we'd know by today.  Yes they could encrypt it but we'd still see an encrypted data stream at random times that'd be suspicious, and we don't.  To Intel's limited credit, it actually seems to try to do exactly what it says on the tin.  But what I object to (and what I hate equally about AMD's PSP) is that this is effectively a closed binary which has been found to have many holes, many times.  From a security perspective, you are much better off disabling it, regardless of what Intel intends.  As far as AMD vs Intel, there is no "psp_cleaner" and little research has been done into AMD's PSP, so for the security minded, I'd say an Intel platform is still far better given we understand far more about this ghost in our machine (and thus how to defeat it) than the other teams.  I am unaware of anyway to defeat the PSP, and if AMD's claims are to be believed, it's actually not possible as it sets up essential boot time memory.  Seriously bad practice if true, IMO.

EDIT:

The z390 Taichi is now supported.  It was a very diffilcult board but all z390 boards will likely be the same if not harder.

Why?  Intel changed the format of the management engine region of the bios in ME 12, which is used in z390 on up.  This means we can't mod it using open source tools like me_cleaner anymore.

Not content to just give up with that, I used an undocumented mode intended for government targets to instruct the ME to turn itself off (credit to people much more skilled than me for finding this).  Since the government trusts intel with this mdoe and it is pretty much certainly Intel's mode for computers they sell to government clients with data sensitive needs, I think we can assume that even though the management engine firmware is still present, it turns itself off just like it tells you.  The government would be all over them if they were lying about that.

How long that mode will remain now that the public has discovered it is anyones guess...  For now, here is bios 1.80 for the Z390 Taichi with ME disabled.  Find it in the usual spot.

Be aware, the procedure to activate this mod is slightly different.  You MUST first flash official 1.80.  This is not negotiable, it must happen.

After that, unzip the archive, open an *admin* command prompt, and cd to the directory you unzipped the archive too.

Type "flashme" and wait for it to finish.

Reboot and go straight to bios.

You should be presented for a few moments with a menu similar to the following, the full unlocked bios.  You don't want to horse around with 90% of this stuff, it's dangerous.  The only thing you want is under "PCH-FW Configuration."  Go there.

View attachment 113943

Under that menu you have a nice menu option that lets you turn the ME on and off at whim.  NOTE:  Despite the wording "ME Temporarily Disabled," it is permanent short of anything that resets your CMOS.  Not often that happens and if it does, you can just turn it off again.

View attachment 113944

So, test, enjoy, and let me know if any bugs appear.  Seems to work for me!


----------



## eidairaman1 (May 5, 2018)

R-T-B said:


> This is simply 1.80 "Instant Flash" firmware for the Z370 Taichi straight from ASRock stock unmodifed (minus some sig checks disabled) other than the Intel Management Engine firmware being scrubbed/disabled/neutered with the available me_cleaner tools from github.
> 
> It should be noted that me_cleaner does not completely remove the Intel ME anymore (that's impossible) however it does rather install "neutered" firmware that removes as much as it can and instructs the coprocessor to shutdown the management engine completely following POST.
> 
> ...



What about System Management bus?


----------



## R-T-B (May 5, 2018)

eidairaman1 said:


> What about System Management bus?



SMBus has little to do with the risks of the management engine.  AFAIK it only is a simple two wire bus for things like power management, has no real processing abilities, and is inapplicable here / we certainly wouldn't want to disable it.  Honestly, I'm not even sure if that's possible.

If your asking if power management and such function, yes, they do.  SMbus is not disabled.

Some reading.

https://en.wikipedia.org/wiki/System_Management_Bus


----------



## eidairaman1 (May 6, 2018)

R-T-B said:


> SMBus has little to do with the risks of the management engine.  AFAIK it only is a simple two wire bus for things like power management, has no real processing abilities, and is inapplicable here / we certainly wouldn't want to disable it.  Honestly, I'm not even sure if that's possible.
> 
> If your asking if power management and such function, yes, they do.  SMbus is not disabled.
> 
> ...




Okay so it's a self-contained bus then not able to be extremely modified other than a firmware update so it has no Communications Bridge with the internet.

Just the name itself, made my stomach tied in a knot.

Yeah I just never looked up the SM bus


----------



## biffzinker (May 6, 2018)

Shame the x86 Quark on the PCH couldn't be re-purposed after POST.


----------



## R-T-B (May 6, 2018)

biffzinker said:


> Shame the x86 Quark on the PCH couldn't be re-purposed after POST.



The firmware is signed, or I'd be doing all sorts of fun assembly code with it. 

Though it's actually in the CPU now.  Versions on the PCH weren't x86, I think they were actually ARC cores.

The only reason we are able to do this is because Intel was kind enough to not check certain firmware volumes signatures if they don't exist, at least at present.  Frankly, I'm surprised they've kept that policy this long.


----------



## Hotobu (May 15, 2018)

This is the first I have ever heard about IME. I only clicked the link because I have this motherboard. What is the benefit of going through this? Just to prevent potential security breeches?


----------



## R-T-B (May 16, 2018)

Yes, basically.  You trade some mostly insignificant functionality for better security.


----------



## tpupusr (May 30, 2018)

Hi, would you walk us through the process of doing this for an Asus Strix Z370-G Gaming bios? I really want to build a m-atx system and this looks like the best board. I'm comfortable doing external flashing of SPI chip if that's necessary or applicable.  Thanks a lot!


----------



## R-T-B (May 30, 2018)

tpupusr said:


> Hi, would you walk us through the process of doing this for an Asus Strix Z370-G Gaming bios? I really want to build a m-atx system and this looks like the best board. I'm comfortable doing external flashing of SPI chip if that's necessary or applicable.  Thanks a lot!



I tried a recent ASUS board (the somewhat similar Z270F in the "EXPERIMENTAL" folder, doesn't work BTW so was removed) and ASUS has made it harder since they went all "capsule" based images.  I'm actually surprised, because I can't find a work around for any of the more recent ASUS boards.

Your best "sure-fire" bet is to open your stock image in a tool like "UEFITool" and extracting as-is the "Intel Image" segment directly beneath the capsule.  Then mod that, and SPI flash that to your board.

If you want I can prepare an SPI flashable image for you, if you know how to SPI flash.

EDIT:

There are now two experimental images in the http://glacialsoftware.net/FIRMWARE/EXPERIMENTAL/ folder supporting the Strix Z370-G

The .CAP version MIGHT just work via q-flash in the bios, but it's a long shot (will most likely fail to flash the ME harmlessly, no real brick risk there, it will just skip the ME update part of the flash).  It's more likely this will work than that if you have to not use an external programmer, but there is a small brick risk:



> *Using the ASUS AI Suite*
> Our Forum member Wishbringer reported, that he was able to successfully flash modded *.CAP BIOSes into the BIOS chip of several Intel 7-, 8- and 9-Series Chipset ASUS mainboards by doing the following:
> 
> Download AI-Suite (when not for Win10 available use Version for 8.1)
> ...



Credit to win-raid.com forums.

There is also a .ROM version of the image.  An SPI programmer can use that.  I am not sure if it'll preserve your mac address or if that is saved in your old image though, so make a back up of your original image in case you need "AFS" (After Flashing Support) to patch that back in.


----------



## tpupusr (Jun 1, 2018)

R-T-B, Thank you for the informative and helpful response. There is a lot for me to parse through here. I've been doing some additional reading and came across this link:
https://github.com/corna/me_cleaner/issues/98#issuecomment-345777663

Is this essentially what you did?   I'm interested in learning the actual process myself (though I very much appreciate your supplied files and may end up using them if I can't figure it out on my own).

Finally, as a general question, it seems like as long as I'm using an external SPI programmer, I have three least likelihood of bricking the system since I can always just rewrite the original bios backup.  Correct?  (Btw, I'm using a RPI with a chip clip and flashrom).

Thanks again!


----------



## R-T-B (Jun 2, 2018)

tpupusr said:


> Is this essentially what you did?   I'm interested in learning the actual process myself (though I very much appreciate your supplied files and may end up using them if I can't figure it out on my own).



Yes for the .ROM image, although my .ROM does not contain a MAC and it appears you WILL need to transfer that manually (unless you like your mac being "88:88:88:88:88", which can be an issue).  I can help you with advice on how to do that if you'd like. 



> Finally, as a general question, it seems like as long as I'm using an external SPI programmer, I have three least likelihood of bricking the system since I can always just rewrite the original bios backup.  Correct?  (Btw, I'm using a RPI with a chip clip and flashrom).



Yep, with an SPI and chip clip as long as you can read/flash succesfully and have a backup there is really no brick risk.  Actually, it can even be a profitable endeavor to rescue "bad bios flash" board from ebay this way if so inclined. 



> Thanks again!



No problem!  Good luck.


----------



## Mork_vom_Ork (Jun 2, 2018)

Hi there R-T-B,

ist possible to just do the "Intel ME version 0.0.0.0" stuff on latest ASRock Z270 Super Carrier bios 2.40 - so i can flash ME firmware with v11.6.xx.xx ?
Currently i have ME firmware 11.8.50.34, but i need to downgrade to 11.6.10.xx - which then might be possible w/o smi programming the whole BIOS chip with an earlier BIOS (like 2.20).
I could upload the desired BIOS somewhere if you could manage this.

Any help is appreciated,
regards... Mork vom Ork


----------



## R-T-B (Jun 2, 2018)

Mork_vom_Ork said:


> Hi there R-T-B,
> 
> ist possible to just do the "Intel ME version 0.0.0.0" stuff on latest ASRock Z270 Super Carrier bios 2.40 - so i can flash ME firmware with v11.6.xx.xx ?
> Currently i have ME firmware 11.8.50.34, but i need to downgrade to 11.6.10.xx - which then might be possible w/o smi programming the whole BIOS chip with an earlier BIOS (like 2.20).
> ...



I can certainly try, but out of curiousity, why downgrade?  Most of the time that's a pretty bad idea...


----------



## Mork_vom_Ork (Jun 2, 2018)

cause i want to try to get an i3-8350K CoffeeLake CPU running on that board - and therefor i need to downgrade to ME 11.6.xx.xx - cause Intel disabled this feature in all newer ME firmwares.
Of cause you need to modify some other values within the BIOS, too - like Coffeelake Microcode, lates VBIOS and GOP driver - but this all is already done.


----------



## Space Lynx (Jun 2, 2018)

Almost bought that mobo, but I got the MSI Z370 Tomahawk on sale for $105 shipped, and it apparently has better VRM cooling than most mobos according to tweaktown. My first choice was this Taichi though.


----------



## R-T-B (Jun 2, 2018)

Mork_vom_Ork said:


> cause i want to try to get an i3-8350K CoffeeLake CPU running on that board - and therefor i need to downgrade to ME 11.6.xx.xx - cause Intel disabled this feature in all newer ME firmwares.
> Of cause you need to modify some other values within the BIOS, too - like Coffeelake Microcode, lates VBIOS and GOP driver - but this all is already done.



AFAIK scrubbing the ME may acomplish the same thing, but I will produce a scrubbed image for you to try.  If it does not work, try downgrading, it should allow it if it behaves like the Taichi...

Expect an experimental image later today.  Obviously you try it at your own risk.

EDIT:  If you have an image you want me to try this on, please upload it somewhere and link.  I'll begin work on this probably around noon PST if it's available by then.  I'll also produce a "stock" image for my collection of course.


----------



## Mork_vom_Ork (Jun 2, 2018)

That would be great: take the BIOS from here: https://ufile.io/fkt7s


----------



## R-T-B (Jun 2, 2018)

Thanks.  That archive has both 2.40 (stock) and 2.50 (modded), with your changes aparently in 2.50.  Is there any reason for me to mod both, or is 2.50 enough?

Your board doesn't have any kind of antidowngrade other that the ME stuff, right?


----------



## Mork_vom_Ork (Jun 2, 2018)

2.50 is right of cause. didn't noticed, that 2.40 is also in that ZIP file.
And yes, you are right: no other way to downgrade firmware in any other way.

YOU ARE OUR LAST HOPE, Obi Wan Kenobi.


----------



## R-T-B (Jun 2, 2018)

Hello, all done.  As usual, this is completely untested so I suggest you are prepared to buy a programmer if something goes wrong:

This should work in the native UEFI flashing app:

http://glacialsoftware.net/FIRMWARE/EXPERIMENTAL/

First, download the one without the "CL" and flash it.  You should be at version 0.0.0.0 now.

Now, download the one marked "CL."  It should support Coffee Lake from including your mods.  

You may need to rename them their stock names for the flashing app to find them.  BTW there is no 2.50 version, there is only 2.40.  I assume you did a little version bump of your own.


----------



## Mork_vom_Ork (Jun 2, 2018)

Thanx in advance. I will try now, so stay tuned for my feedback.
And yes: i named the file 2.50 to recognize that this one was the modified bios when flashing through instant flash.

I'll be back.


----------



## dorsetknob (Jun 2, 2018)

Mork_vom_Ork said:


> YOU ARE OUR LAST HOPE, Obi Wan Kenfrogobi.



Just had to  "ribbit ribbit"


----------



## Mork_vom_Ork (Jun 2, 2018)

First thing: i'll be back with successfully flashed modded non "CL" bios. So this one works.
But: when i try to flash ME firmware to 11.6.10.xx, the flasher already asks: "do you really want to downgrade firmware?" and after that i got the message, that downgrading ME firmware is not supported: please contact your vendor.

But generally the modified bios worked. But System ist still on ME Firmware 11.8.50.34.
Anything else i could try?

maybe we could try with SuperCarrier bios v2.20 - cause that one contains the desired ME firmware within the original file provided by ASRock, while v2.40 has originally ME firmware 11.8.50.3460
i will be so gradefull if you could try it on originally ASRock Z270SC_2.20, which can be downloaded here: http://asrock.pc.cdn.bitgravity.com/BIOS/1151/Z270 SuperCarrier(2.20)ROM.zip


----------



## R-T-B (Jun 2, 2018)

I'm out now, but would like to give it another try with that image (it is likely rejecting my image due to it being based on generic 11.6).  Will attempt when I get back.  Be done likely by 3pm PST

EDIT:  Got back way earlier than anticipated, man!

New revision 2 for you to try @Mork_vom_Ork, please download and attempt.

http://glacialsoftware.net/FIRMWARE/EXPERIMENTAL/

If it does not work, don't dispair as long as it flashes at least part of it you are likely ok!  This image attempts to also unlock the flash descriptor, which means it may allow us some sneakier ways to flash a downgrade.  Get in touch with me by PM if you do not see your ME version drop after this.  I would be happy to set up a chat to personally assist you.  No fee, just want to expand my library of supported boards and your help is pay enough. 

I have a sneaking suspicion this dxe module is all that was blocking you though, removed now...


----------



## Mork_vom_Ork (Jun 2, 2018)

I'll give it a try.
Thanx so much for all your help. I appriciate.


----------



## R-T-B (Jun 2, 2018)

Mork_vom_Ork said:


> I'll give it a try.
> Thanx so much for all your help. I appriciate.



No problem man, I want to support more boards and I thank you for actually reporting what happens.  That is most helpful.

Maybe I can move this board from "EXPERIMENTAL" to the standard supported folder. 

PS:  If you have trouble/ a bad flash, above all else don't panic.    I can likely bail you out with a little time and energy.


----------



## Mork_vom_Ork (Jun 2, 2018)

Back with good and bad news:

*GOOD:* SuperCarrier accepted the modified bios for instant flash.
After that i did a reboot and left all settings untouched, booted into WINDOWS10 and

*BAD:* got this in CMD shell when trying to downgrade ME firmware:

"C:\temp\intel_me>fwupdlcl64.exe -F me.bin

Intel (R) Firmware Update Utility Version: 11.6.0.1136
Copyright (C) 2007 - 2016, Intel Corporation.  All rights reserved.
Communication Mode: MEI Checking firmware parameters...

_Warning:__ Do not exit the process or power off the machine before the firmware update process ends._

Are you sure you want to perform a Firmware Downgrade? (Y/N): Y

Sending the update image to FW for verification: (COMPLETE )

                           Do not Interrupt

Error 8805: FW downgrade is not allowed due to SVN restrication.
C:\temp\intel_me>"

Also interesting is the following (might be of interest for you, too):
when the instant flash is ready, machine makes a reboot (of cause)
Than when i enter the BIOS setup and check under CHIPSET settings, there is always be shown the current ME firmware version 11.8.50.3460
Also if i check currently installed ME firmware with an other tool, i always get this version as result.


----------



## R-T-B (Jun 2, 2018)

hmmm...

3460 is the version my "disabled" ME firmware is based on.

In other words, the management engine is already disabled.  It doesn't really matter what version you are on because it is nonfunctional.  As long as they are not blocking the management engine in the kernel (the only thing that loads, and it does very little due to space limitations), a Coffee Lake CPU SHOULD work.

Do you have one you can try?

If not, I have some other ideas.  PM me if CPU is not already working and I'll be glad to walk you through it in a private chat.

A final thing you can try is taking my image, and attempt to flash it using the tool FPTW64.  It is a windows land utility.  Download it here along with a mess of other tools, and then type the following with my image in FPTW64's folder:

FPTW64 -F Z270SC_NOME_CL_R2_2.40 -ME

That will attempt to forcibly downgrade the ME partition.  However, it may fail if my image did not unlock the flash descriptor (quite possible).  If it does, no harm done, but certainly not success either.  Hopefully you won't even need to try this and you already have a CL CPU running.


----------



## Mork_vom_Ork (Jun 2, 2018)

Yes, got the i3-8350K here (4 Core CoffeeLake).
I'll give it a try. Could take some time, cause i have to change SKYLAKE CPU for this one.
I'll be back when finished the test with CL-CPU. Stay tuned


----------



## R-T-B (Jun 2, 2018)

For added luck, you could try the FPTW command above.  IF it works you are good for sure, if not you still have a probably 50/50 shot.

If all that fails, well, this may be one for a hardware programmer, but I'll poke around one last time just for fun.


----------



## Mork_vom_Ork (Jun 2, 2018)

wrinting this right now from my MacBook:
CL-CPU does NOT work: computer turns on for just a second, than immediatly shuts down.
So there seems to be relevant part of ME still active. Also tried CMOS-Reset with NO luck.

One more last chance: i will remove CMOS-battery for a few minutes to see what happens


----------



## R-T-B (Jun 2, 2018)

Ah.  Darn.  They protect it in the kernel.  Intel is clever like that, should've expected it.  We do need a full downgrade then.

You aren't done yet though, I found some hidden bios options that may remove the protections from downgrading if turned on.  If you are willing to go back to the old CPU and humor me, I think I can get it to flash despite the version mismatch.


----------



## Mork_vom_Ork (Jun 2, 2018)

I knew these settings, cause i use AMIBMP, too for getting some settings for Thunderbolt, which normally are hidden.
Also i set my preffered settings with it - so i am familar with this App.

Tried the setting set to ENABLED already. After switching to ENABLED, the bios files is no longer a valid BIOS for Instant flash  :-(

Hold a second, i mod back to SKYLAKE-CPU


----------



## R-T-B (Jun 2, 2018)

Mork_vom_Ork said:


> I knew these settings, cause i use AMIBMP, too for getting some settings for Thunderbolt, which normally are hidden.
> Also i set my preffered settings with it - so i am familar with this App.



AH, good job then. 

Please try the FPT command if you have not already, listed in post #29.  If it goes through you will almost certainly have downgraded.  Try it both with the ME FW ReFlash option set, and not set.

Of course it is seldom that easy, but I can hope. 

If that fails, run this command and PM me the result DUMP.ROM file.  It will contain some semi-personal info (MAC Address, etc) so do not post it publically, only in PM.

FPTW64 -D DUMP.ROM

It will certainly succeed, and tell me a lot about our options from here (it just is a bios dump, but I can tell what actually happened and learn a lot from that).


----------



## Mork_vom_Ork (Jun 2, 2018)

FPTW64 -D DUMP.ROM gives me this error:

"Error 367: [FPTw64.exe] cannot be run on the current platform.
Please contact your vendor."

WTF! i dont know, whats going on here. Also for me it seems, after rebuild the SKYLAKE CPU (remember i did a CMOS-RESET and removed CMOS-battery)
ALL BIOS-Settings where the prefered one, which i saved in a fresh 2.40 flashrom and which WAS copied by the machine to the BIOS B Chip automatically.

I knew about this, because that was the first thing i tried: thought "Well, no problem, lets make a secure-backup from BIOS B chip with the labled 2.10 ROM to the BIOS A chip"
But there wasn't any 2.10 ROM on that Chip anymore - it was upgraded with my latest (with UBU modified) 2.40 ROM - which have the latest GOP, VBIOS, RAID-EFI, Network-EFI, desired Microcodes etc.


----------



## R-T-B (Jun 2, 2018)

That is odd...  It is a 64-bit OS correct?  Running it as admin?  Huh.  ASRock seems to have stepped down the protections from the z270 -> z370, which is not what I'd expect.  Your board is setup way more strict that my Taichi...

You tried that with both ME FW Reflash setting on and off?

Well then.

You can try this, if nothing else.  Sounds like you have a dual bios board, maybe you are in luck:

We need to convince the board the main bios is completely corrupt, or it will keep the more up to date components instead of rewriting them from secondary (Like the ME, and other working stuff).

We can do that by shorting some pins, but maybe there is an easier way.  Do you have a jumper labeled "BIOS_TEST1" on the board next to the DR DEBUG LED?  If so, short during boot (don't let it unshort until done flashing!) that and it should force the backup bios to overwrite the main one.

If that even fails to replace the ME, we will have to do a manual short, which isn't that hard, but any time you short something in your computer there is SOME danger.  Let me know if you want to proceed.

EDIT:  If you are really desperate to do this without hardware programmer, there are also ways you could defeat the dual bios mechanism and force it to use the backup bios every boot.  That would be a loss of some function, though, and quite bad if you ever had a bad flash.  I would suggest first booting into the backup bios itself just once and seeing if you can determine it's actual version.  I can advise on that as well.

If you don't have the jumper, let me know and I will set up a chat room so we can deal with this more directly and quickly.  Thanks for your continued testing and patience, feel free to call quits anytime. 

EDIT EDIT:  I am moving this to a PM now, will report to TPU when I finish or my new test subject gives up.


----------



## Mork_vom_Ork (Jun 2, 2018)

Thats what i told in my last post: i closed that jumper, which results  on next reboot, that machine thinks, main BIOS is corrupt and starts the SECURE_BACKUP routine, which copied flashrom B to flashrom A. But there lies the problem: when i received the borad as new, both BIOS chips contained  BIOS ROM 2.10. Working chip is chip A - but if the machine detects a newer ROM on chip A , which booted for sometime without any problems, it gets automatically copied to chip B.

So now i have the same BIOS ROM on both chips. I don't know, if there is any way to get these chips set to factory default.
Well, on tuesday i will receive my chipprogrammer, than i can flash chip back to a BIOS prior v2.20.

No early quit here, cause i am happy, that u are willing to help.


----------



## R-T-B (Jun 2, 2018)

Sent you a PM with a place we can chat, so not to spam the forum, if you are willing. 

Glad you just closed that jumper and did not execute the uefi function, that would've lost your old image in the backup bios for certain.  As it is, it might still be there.


----------



## Mork_vom_Ork (Jun 2, 2018)

Attached you will find a picture of the two BIOS chips and the PINS, which needs to be closed to SECURE_BACKUP content CHIP B ---> CHIP A



CHIP A is Main BIOS - Chip B is Backup BIOS


----------



## R-T-B (Jun 2, 2018)

Yep, the problem as we both have learned, is that jumper won't reflash your bios because it does not think it's corrupt.

I don't understand why ASRock does that: makes a "force flash" jumper that does a heath check, it seems like "force flash" should mean "no matter what," but I am not a board designer. 

Walking him through the scary process of shorting some bios legs to make his main bios appear corrupt so it will downgrade from backup right now.  Will update.

EDIT:  This guy deserves a gold star, he did it!

Unfortunately it did nothing.  I think his backup bios is just too new for some reason.  Or he failed to short it right.

Fortunately, I found a bios key that forces the ME version to 0.0.0.0, which should allow us to downgrade (or upgrade in Intel's eyes) to whatever we want.  Which is great because I hate putting metal implements anywhere near a nice computer. 

EDIT:  A long, multistepped process later and we got him downgraded.  I will do my best to document and reproduce it soon (though at least one step has me genuinely confused how it worked at all...)

He's testing a coffee lake CPU as we speak.

As the standard 11.8.3460 based ME "cleaned" image was tested and works fine as long as you don't want Coffee Lake with your Z270, I am moving it to the stable directory.  Coffee lake support is still experimental, and undocumented as of now.


----------



## VasDrakken (Jun 3, 2018)

Intel's machine firmware update should do some of that as the point of the ime is so that if someone is stealing assets at a company the ime can be used to monitor the computer at the cpu level without the end user knowing, but even as an aderno developer I agree with the original poster that usually all it ends up doing is fubar the system. Good idea but if you have physical access to the machine you can get around the IME by pulling the drives and cloning them, and there is nothing the ime end can tell, since it is basically a network boot that tries to dial home to the motherboard mkg, on xcore and xeon and higher cpu chipsets. Technically you can not install the ime driver when you install windows but the uefi bios is still going to try and dial home.

As long as you are not using remote desktop to troubleshoot the machine or have it head less enviroment, in theory you can code a halt state to the parts of the processer that run the intel management engine as if you were disabling a core that was partially functional but I am not sure the syntax you would need to use to issue a halt command at post, it would most likely have to be at compile time and it might not be documented externally even in the adreno so people do not accidentally brick their cpus. the old riva tunner code might have a way to do since you can enable and disable gpu parts but intel has been writing code longer than most companies so they may not even use the assembler halt code.


----------



## Mork_vom_Ork (Jun 3, 2018)

first of all i would like to thank R-T-B for his great HELP/SUPPORT.
He has done a great job by supporting me to get my currently installed ME firmware 11.8.50.3470 downgraded to 11.0.6.xx, which i need for my "i3-8350K Coffeelake CPU running on Intel Z270 Board" project. He did a lot of modifications for me on provided BIOS files and after about 4 or 5 hours we (more HE than me) finally succeed:

Got the latest BIOS file for my ASRock Z270 Super Carrier with the above mentioned ME firmware. Now i just have to switch SKYLAKE i7 6700K against that i3-8350K Coffeelake CPU on the Super Carrier.
I would like to take this thread to once again give him a big *T H A N K  Y O U* for his support.

Currently i am looking for the solution on what BIOS Error 18 exactly means - seems to be related to some memory glitches. Once i fixed them and get the Super Carrier successfully bottet into WINDOWS and macOS i will let you all know.

Regards...


----------



## R-T-B (Jun 3, 2018)

sounds like you are making headway at least!  Is the Error 18 on the  on-mobo POST code led display or somewhere else?  Could be the Coffee Lake CPU is setting up memory timings wrong and you may need to find a way to set them by hand.

Do keep us informed.  I unfortunately know very little beyond just getting the management engine where it needs to be.


----------



## Mork_vom_Ork (Jun 3, 2018)

yes, seems to memory-timing. currently i am stilling looking for a way to fix it.
i will check all my BIOS settings right now (still on SKYLAKE). if find the solution, i'll keep you informed on what it was


----------



## R-T-B (Jun 3, 2018)

Mork_vom_Ork said:


> yes, seems to memory-timing. currently i am stilling looking for a way to fix it.
> i will check all my BIOS settings right now (still on SKYLAKE). if find the solution, i'll keep you informed on what it was



Probably setting the ram voltage slightly higher may help the CL post.

May have an idea relating to microcode that would be causing your error, sent you a pm if you want to run some test roms.


----------



## Mork_vom_Ork (Jun 3, 2018)

@R-T-B - just to let you know: *WE DID IT*, finally. Running my i3-8350K Coffee Lake CPU on the ASRock Z270 Super Carrier:





Guess, what the final problem was? I just forget to implement microcode for CPUID 906EB (i3-8350K Coffee Lake)  ;-)
After fixing that with the latest UBU tool, i was able to boot into WINDOWS 7, WINDOWS 10 and macOS High Sierra 10.13.5

I could not often enough say, how grateful i am about finding YOU and THIS thread here on techpowerup.com - *W O N D E R F U L L*.
Thanx again and again and again <---- sorry for spamming, but i am so happy about it. Your next drink is on me, defenitly.


----------



## R-T-B (Jun 3, 2018)

Wow, I thought something was up with the microcode (sent you a PM about it) but then falsely concluded I was just seeing things and started looking at the GOP driver...  Good eye!

I will be producing a kit for people to do this with instuctions, based on our chat log.  It will be very beta, and require no less than three seperate flashes to ensure everything works (I can't narrow it down to less unfortunately)... but maybe some brave soul can try it and we'll get it ready for anyone to use with mostly "for dummies" style instructions (not for idiots, none of this is for idiots lol).

Good work and glad I could help!  Your board has been good for science today.


----------



## Mork_vom_Ork (Jun 3, 2018)

i could sent you the latest BIOS, cause i have to patch it two more times:
a) including the forgotten microcode for CPUID 906EB and
b) have to patch another one for missing PCIe slot#1 on first boot. This is a known error and needs extra patching. Tools and discussion thread for that error could be found here: 
Fernandos WIN-RAID Forum


----------



## R-T-B (Jun 3, 2018)

Mork_vom_Ork said:


> i could sent you the latest BIOS, cause i have to patch it two more times:
> a) including the forgotten microcode for CPUID 906EB and
> b) have to patch another one for missing PCIe slot#1 on first boot. This is a known error and needs extra patching. Tools and discussion thread for that error could be found here:
> Fernandos WIN-RAID Forum



If you could send your final bios when you get it all "tuned" that would be excellent.   Wait until it is working properly for a bit, because I will need a day or two to write good instructions anyways.

Of course for my collection I will have to setup the AMIBCP tables to defaults rather than your custom settings, but no issue that's easy to do.

For now, I am taking the coffee lake firmware down because without instructions, they are just asking for people to do weird things to their board.  The Managment Engine cleaning firmware worked fine though, and is safe at least for that use, so it stays up.


----------



## rugabunda (Jun 25, 2018)

Just a FYI, the firmwares website appears to be down; its asking for login credentials. Really great work BTW! Thank you so much for all you do! I'm actually considering buying one of the boards you've fixed up, to avoid all the bs involved with hard modding everything.


----------



## R-T-B (Jun 25, 2018)

rugabunda said:


> Just a FYI, the firmwares website appears to be down; its asking for login credentials. Really great work BTW! Thank you so much for all you do! I'm actually considering buying one of the boards you've fixed up, to avoid all the bs involved with hard modding everything.



It was my router going batshit and swapping one of the wan and lan ports.  It should be back up now.


----------



## Caring1 (Jun 28, 2018)

Unless Asrock have changed things, post code 18 is pre memory, northbridge initialisation.
Obviously fixed by the microcode.


----------



## d1ngBaT (Aug 18, 2018)

Hello! I have an 8700k and a z370 Taichi, I was able to flash 1.80 ME disabled, however I am unable to update to the 3.10 ME disabled. 

I was wondering if you knew a way to confirm whether or not ME has been "neutered". As well as this, do you think it would be possible to get a neutered version for 1.30? 

Thanks for the great work!


----------



## R-T-B (Aug 18, 2018)

newfaxwhodis said:


> Hello! I have an 8700k and a z370 Taichi, I was able to flash 1.80 ME disabled, however I am unable to update to the 3.10 ME disabled.
> 
> I was wondering if you knew a way to confirm whether or not ME has been "neutered". As well as this, do you think it would be possible to get a neutered version for 1.30?
> 
> Thanks for the great work!



I had some issues with 3.10 myself (new integrity checks they added somewhere), but I was able to flash it as follows:

1.)  Flash official 1.80 (not modded one).

From there, you can flash the ME disabled 3.10 image.  I don't entirely understand why that works myself, but the process worked for me.  Still toying with it a bit.


----------



## d1ngBaT (Aug 19, 2018)

Would you be able to come up with a quick guide? I think bios 1.30 modded would be perfect for me as they disabled the option to disable hpet in the bios


----------



## R-T-B (Sep 2, 2018)

newfaxwhodis said:


> Would you be able to come up with a quick guide? I think bios 1.30 modded would be perfect for me as they disabled the option to disable hpet in the bios



Sorry it took so long for me to reply to this, I've been swamped with things in real life.

I'll see if I can't get a guide together or (more realistically) a modern bios with that option added back in the near future.


----------



## MrGenius (Sep 2, 2018)

Disabling HPET in the BIOS doesn't really do anything anyway. Since it's disabled by default. Unless you enabled it to begin with. In which case you already know exactly how to disable it with BCDedit. All disabling it in the BIOS does is make it so you can't enable it with BCDedit. Which is pretty stupid. You want to be able to turn it on and off without having to go into the BIOS. Thus, having a kill switch in the BIOS for it is pointless. There's never been a good reason for it.


----------



## R-T-B (Sep 2, 2018)

It's disabled as the default timer.  It can still be explicitly referenced if it's on, but I don't think anything does that.

So yeah, basically what he said.


----------



## Mork_vom_Ork (Sep 15, 2018)

R-T-B said:


> I had some issues with 3.10 myself (new integrity checks they added somewhere), but I was able to flash it as follows:
> 
> 1.)  Flash official 1.80 (not modded one).
> 
> From there, you can flash the ME disabled 3.10 image.  I don't entirely understand why that works myself, but the process worked for me.  Still toying with it a bit.



Thats the same i was imagine with ASRock Professional Gaming i7 with BIOS v3.10: you can NO longer flash the same BIOS again - otherwise you will get a message, that same version of BIOS is already flashed to the board. NEVER had this on my Z270 Super Carrier.

Also ASRock seems to have changed the "security flash check fail" routine again. I am no longer able to flash an "UBU"-modded BIOS to the the board via "instant flash". The old patch builin into the UBU-Tool (UEFI BIOS Updater) is no longer valid. Also i wasn't able to flash my modded BIOS v3.10 with Intels FPT-Tool, even when in the descriptor region all settings for READ/WRITE are set to YES.

Once again R-T-B: any help is appreciated, cause we both had a great time on my SuperCarrier project. You remember?
Regards...
Mork vom Ork


----------



## R-T-B (Sep 15, 2018)

Oh yes I remember...  unfortunately my hobby time had been limited lately. 

I will see if I cannot take a look soon.  It seems exceptionally odd that even FPTW with the descriptors in rw mode would fail, but I'll have to look into that to see whats up.

My only advice for the moment is to downgrade prior to 3.10 with official firmware, and then attempt a mod flash version.


----------



## Mork_vom_Ork (Sep 16, 2018)

What i also noted: you can't re-flash a BIOS, which is already the current one flashed. If you try, you will get a message like:
"That version is already flahed and current. Please select a newer BIOS to flash."

I NEVER had this on my ASRock Z270 Super Carrier, nor on my ASRock Z170 Extreme7+. So if you want to re-flash for exaple v3.10 while v3.10 is currently the active BIOS, than you first have to "downgrade" with older BIOS file or "upgrade" with newer BIOS file. Otherwise you won't be able to re-flash the current version. So not only that they changed their "security flash check failed!" routine, it seems, they also implemented a "That BIOS is already flashed and current. Please select a newer file to flash." routine.


----------



## R-T-B (Sep 16, 2018)

Are you saying you can't prepare a modded image, downgrade to something official pre 3.10, and then flash the newer modded 3.10 one?

Slightly confused there.  I know they changed a lot.  Unfortunately that is the only work around I have discovered for now.  I hope they do not close it.


----------



## Mork_vom_Ork (Sep 16, 2018)

what i say is the following:
with my ASRock Z270 Super Carrier i was able to get one original BIOS from ASRock website, modified this one with some patches like new VBIOS, new SATA.efi, new LAN.efi and new microcodes.
Using UBU also applied a patch to the BIOS in a "capsuled" region, so that flashing modded BIOS files with ASRocks instant flash method would be possible.
With my new Z370 i am no longer able to flash those UBU-modded BIOS files: always getting "secure flash check fail" error. Now i have to flash those modded BIOS with "FPTW64 -F -BIOS modded_bios.rom".

Also i tried the following: flashed latest BIOS v3.10 for board. Then i patched the descriptor region of that same BIOS file with "HxD" to set all to READ/WRITE = YES.
Tried to flash again the so patched BIOS, but getting message "Same version already flashed. Please select newer file to flash" (or something like that). So i downgraded with instant flash to BIOS v1.70 and re-flashed that modified v3.10 file. This time it works! To verify this scenario i flashed back to unmodified v1.70 BIOS and than tried to reflash that same unmodified v1.70 BIOS - but: same message of instant flash: "Same version already flashed. Please select newer file to flash" - so i selected once again the modified v3.10 BIOS - et voila, it worked again.

This should clarify my last post.


----------



## Immotek (Sep 16, 2018)

Hi RTB, just wanted to ask a quick question which you may or may not have the answer to! 

Given that the intel ME prevents BCLK overclocks higher than around 102.9Mhz on non-K CPU's, will your modified BIOS potentially overcome this limitation. 

I'm not into the technical side of things by any means but I understand the ME checks at boot what the BCLK is and prevents very high values. I assume that in your BIOS, once POST has been completed, you could theoretically increase the BCLK (e.g. in Windows) above the 102.9 limit? 

Would appreciate your thoughts!  Thanks!


----------



## R-T-B (Sep 16, 2018)

Immotek said:


> Given that the intel ME prevents BCLK overclocks higher than around 102.9Mhz on non-K CPU's, will your modified BIOS potentially overcome this limitation.



Potentially?  Honestly, not certain.  It's hard to say because although the ME is disabled as much as possible, some parts are left to their own devices to allow boot to work normally.  These parts don't really have privacy implications, but they may affect BCLK.  You are welcome to give it a try though.


----------



## Immotek (Sep 17, 2018)

Thanks RTB. I just tried to use your 3.10 modified BIOS however I kept getting the secure flash error. 

I tried it via official 1.20, 1.60 and 1.80 BIOSes with the same issue.

Any advice would be appreciated, thanks!



Mork_vom_Ork said:


> .
> With my new Z370 i am no longer able to flash those UBU-modded BIOS files: always getting "secure flash check fail" error. Now i have to flash those modded BIOS with "FPTW64 -F -BIOS modded_bios.rom".



Hi Mork, I've got the same issue that I can't flash the modded 3.10 BIOS using instant flash from any official BIOS, I've tried 1.20/1.60 and 1.80. I keep getting "secure flash check fail" error.

Could you let me know how you overcame this and what programs you used please?


----------



## Mork_vom_Ork (Sep 19, 2018)

Now i have to flash those modded BIOS with "FPTW64 -BIOS -F modded_bios.rom". 
I have attached the files you need just to this post. All you need to do is put your modded BIOS file into this folder, open a command prompt within WINDOWS and type the following command:

FPTW64 - BIOS -F modded_bios.rom

where "modded_bios.rom" is the filename of your modded BIOS file.


----------



## Immotek (Sep 19, 2018)

Mork_vom_Ork said:


> Now i have to flash those modded BIOS with "FPTW64 -BIOS -F modded_bios.rom".
> I have attached the files you need just to this post. All you need to do is put your modded BIOS file into this folder, open a command prompt within WINDOWS and type the following command:
> 
> FPTW64 - BIOS -F modded_bios.rom
> ...



Amazing, thank you!


----------



## R-T-B (Sep 19, 2018)

Mork_vom_Ork said:


> Now i have to flash those modded BIOS with "FPTW64 -BIOS -F modded_bios.rom".
> I have attached the files you need just to this post. All you need to do is put your modded BIOS file into this folder, open a command prompt within WINDOWS and type the following command:
> 
> FPTW64 - BIOS -F modded_bios.rom
> ...



Indeed, but that won't flash the Management Engine, so if you want to scrub it that part kinda sucks.

This latest thing ASRock is throwing at us is pretty tough to solve, unfortunately.  I have no immediate answers if the tricks I mentioned don't work, but I am looking into it when and where I can.

Sorry I do not have an easier answer.


----------



## puma99dk| (Sep 29, 2018)

@R-T-B Will u do the P3.20 for the Taichi?

I the option under chipset for disabling red led for bios indication.


----------



## R-T-B (Sep 29, 2018)

puma99dk| said:


> @R-T-B Will u do the P3.20 for the Taichi?
> 
> I the option under chipset for disabling red led for bios indication.



Yes, since I own that board I will make time for it soon.  Didn't realize they made a release.


----------



## puma99dk| (Sep 29, 2018)

R-T-B said:


> Yes, since I own that board I will make time for it soon.  Didn't realize they made a release.



Someone in ASRock's forum asked if it was possible to disable the red bios led so ASRock made a beta bios P3.11 and I tried it and my setup wouldn't boot something with memory1_intiaialzation_error but P3.20 works like a claim and contains cpu microcode update.

*EDIT* My iphone and me ain't good friends 

Also other motherboards like Extreme4, Fatal1ty and so got this feature now.


----------



## R-T-B (Sep 29, 2018)

puma99dk| said:


> Someone in ASRock's forum asked if it was possible to disable the red bios led so ASRock made a beta bios P3.11 and I tried it and my setup wouldn't boot something with memory1_intiaialzation_error but P3.20 works like a claim and contains cpu microcode update.
> 
> *EDIT* My iphone and me ain't good friends
> 
> Also other motherboards like Extreme4, Fatal1ty and so got this feature now.



Unfortunately at least for this month I will probably only get around to the Taichi.  Expect it today or tomorrow, time allowing.


----------



## Mork_vom_Ork (Sep 29, 2018)

puma99dk| said:


> ...but P3.20 works like a claim and contains cpu microcode update.


The Z370 Professional Gaming i7 is now also on BIOS 3.20 - and, after my last post about the instant flash behaviour, there is now another feature, that didn't work anymore:
i am no longer able to edit "hidden" menu entries within the BIOS with AMBCP! As soon as i try to save my modifications, i got an error and the BIOSfile has 0kb in size. Didn't find a workaround yet.


----------



## R-T-B (Sep 29, 2018)

Mork_vom_Ork said:


> The Z370 Professional Gaming i7 is now also on BIOS 3.20 - and, after my last post about the instant flash behaviour, there is now another feature, that didn't work anymore:
> i am no longer able to edit "hidden" menu entries within the BIOS with AMBCP! As soon as i try to save my modifications, i got an error and the BIOSfile has 0kb in size. Didn't find a workaround yet.



Weird.  There are a few versions of AMIBCP available.  I'll try opening an entry with all of them just to see if one of them works, and let you know

Update for 3.20.  Worked for me straight from 3.10...  which was unexpected.  Lmk how it works for you.


----------



## Mork_vom_Ork (Sep 30, 2018)

i tried it with AMIBCP 5.2 and 5.01
but getting the same error when trying to save the changes and BIOS file will be 0kb size after that.
Haven't installed v3.20 yet. Still on 3.10 - but extracted Microcodes from 3.20 into v3.10 with UEFItool.

EDIT#1:
just tried to modify Z370TAICHI Bios v3.20 with AMIBCP: no errors, modifications could be successfully saved. So it must be something with the ProGaming_i7 BIOS v3.20

EDIT#2:
tried with v3.20 BIOS downloaded from japanese FTP Server - and this time AMIBCP is able to modify the file w/o any error. YES


----------



## R-T-B (Oct 1, 2018)

Just in case anyone missed the automerge above, I updated my ME scrubbed Taichi Firmware for 3.20.  For me at least, my mod flashed with no tricks.  YMMV, report if you can please.  Available at http://glacialsoftware.net/FIRMWARE/


----------



## puma99dk| (Oct 19, 2018)

R-T-B said:


> Just in case anyone missed the automerge above, I updated my ME scrubbed Taichi Firmware for 3.20.  For me at least, my mod flashed with no tricks.  YMMV, report if you can please.  Available at http://glacialsoftware.net/FIRMWARE/



Nice I am gonna try this out in the weekend I think 

*EDIT* Nice bios works so far my 8086k is back up running at 5ghz on all cores I just had to downgrade to P3.10 from my current P3.20 bios and then install your No ME bios 

Thanks a lot R-T-B you are the Frog


----------



## R-T-B (Oct 20, 2018)

puma99dk| said:


> Nice I am gonna try this out in the weekend I think
> 
> *EDIT* Nice bios works so far my 8086k is back up running at 5ghz on all cores I just had to downgrade to P3.10 from my current P3.20 bios and then install your No ME bios
> 
> Thanks a lot R-T-B you are the Frog



Thanks.  You are actually the first user to report success, other than myself.  Kudos.


----------



## puma99dk| (Oct 20, 2018)

R-T-B said:


> Thanks.  You are actually the first user to report success, other than myself.  Kudos.



Nice


----------



## rugabunda (Oct 23, 2018)

Is it safe to assume this mod will work on the Z390 Taichi? Given it is future compatible with the i9 series, I will consider buying this board only if I can get rid of Intel ME with a simple flash.


----------



## R-T-B (Oct 23, 2018)

rugabunda said:


> Is it safe to assume this mod will work on the Z390 Taichi? Given it is future compatible with the i9 series, I will consider buying this board only if I can get rid of Intel ME with a simple flash.



I'd need to mod the z390 seperately.  Different bios needs a different mod.  That said it should not be impossible.  I will look into it this week.


----------



## Anomander43 (Oct 23, 2018)

@R-T-B , I'm on 1.80 currently with my taichi z370. How do I proceed now? Upgrade to 3.10 using the official bios and then use yours Z37TC320_NOME?
Also is there an easy way to save my current bios settings or do I have to remember/write them down and then re-enter them?
And lastly, how likely is this bios upgrade to affect my current overclock (it's @5ghz though I guess that shouldn't matter)?
Thanks in advance!


----------



## puma99dk| (Oct 23, 2018)

Anomander43 said:


> @R-T-B , I'm on 1.80 currently with my taichi z370. How do I proceed now? Upgrade to 3.10 using the official bios and then use yours Z37TC320_NOME?
> Also is there an easy way to save my current bios settings or do I have to remember/write them down and then re-enter them?
> And lastly, how likely is this bios upgrade to affect my current overclock (it's @5ghz though I guess that shouldn't matter)?
> Thanks in advance!



You should be able to upgrade directly to @R-T-B's modded bios since you are on a older one, just put it on a USB stick and flash that's how I did it with previous bios updates from ASRock.

But to get @R-T-B's modded bios I had to flash back to bios P3.10 and then flash bios P3.20 but I was already running bios P3.20.

A question @Anomander43 why not flash bios P3.20? it contains cpu microcode updates and the ability to turn off red led for which bios is active when the system is running like the post LED does automatically which can also be changed in the bios.


----------



## Anomander43 (Oct 23, 2018)

@puma99dk| , so you mean to directly use R-T-B's 3.20 bios and don't go to 3.10?

Sorry, I didn't get that part, can you please clarify? Do you mean just upse the original Asrock 3.20?


puma99dk| said:


> A question @Anomander43 why not flash bios P3.20? it contains cpu microcode updates and the ability to turn off red led for which bios is active when the system is running like the post LED does automatically which can also be changed in the bios.


----------



## puma99dk| (Oct 23, 2018)

Anomander43 said:


> @puma99dk| , so you mean to directly use R-T-B's 3.20 bios and don't go to 3.10?
> 
> Sorry, I didn't get that part, can you please clarify? Do you mean just upse the original Asrock 3.20?



I own a Z370 Taichi myself and for that reason I signed up at ASRock's own forum because I had some questions and things regarding a few issues I had when I got the board.

I am asking you @Anomander43 is there a specific reason you are asking about bios P3.10 and not going with newest bios P3.20?

Because in the beta bios P3.11 requested by Chingus on ASRock's forum they introduced "Add Dual Bios LED option" under Chipset configuration page in bios so you can turn the red led light off. Link: http://forum.asrock.com/forum_posts.asp?TID=9430&PID=54960&title=z370-taichi#54960

This is still available in bios P3.20 which I found is awesome and useful plus this version got updated cpu microcodes from Intel for newer cpus.
Link: https://www.asrock.com/mb/Intel/Z370 Taichi/index.asp#BIOS


----------



## Anomander43 (Oct 23, 2018)

puma99dk| said:


> I own a Z370 Taichi myself and for that reason I signed up at ASRock's own forum because I had some questions and things regarding a few issues I had when I got the board.
> 
> I am asking you @Anomander43 is there a specific reason you are asking about bios P3.10 and not going with newest bios P3.20?
> 
> ...



Ah, no. I was asking about 3.10, because I wasn't sure if I can go from my 1.80 directly to R-T-B's 3.20. And after reading you did it successfully from 3.10, although you downgraded, it just sounded like something that's tested and working 
I wasn't aiming for any specific features of 3.10, although doesn't every new version including all of the features of the previous ones, so I was just thinking of using 3.10 as a stepping stone for 3.20.
Thank you very much for the answers!


----------



## puma99dk| (Oct 23, 2018)

Anomander43 said:


> Ah, no. I was asking about 3.10, because I wasn't sure if I can go from my 1.80 directly to R-T-B's 3.20. And after reading you did it successfully from 3.10, although you downgraded, it just sounded like something that's tested and working
> I wasn't aiming for any specific features of 3.10, although doesn't every new version including all of the features of the previous ones, so I was just thinking of using 3.10 as a stepping stone for 3.20.
> Thank you very much for the answers!



Your welcome, I just try to help and there shouldn't be a issue upgrade from 1.80 to P3.20 the company where I purchased my Z370 Taichi upgraded the bios on my board from P1.20 directly to P3.10 without any issues so u should be fine with P3.20.

Only thing you can't do is reflash the same bios it just doesn't flash it.


----------



## Anomander43 (Oct 23, 2018)

any advice on keeping bios settings or is there no easy way? or if it can affect the overclock potential?


----------



## R-T-B (Oct 23, 2018)

Anomander43 said:


> any advice on keeping bios settings or is there no easy way? or if it can affect the overclock potential?



It will not affect OCing potential...  it may even improve it since the coprocessor on the die is doing less.

In my experience settings just get reset unfortunately.


----------



## Anomander43 (Oct 26, 2018)

Okay, finally found time to do it. I'm on R-T-B's 3.20 now. Everything seems normal and stable. I re-entered my previous bios settings and saved the config to hard drive since it's a new option available in the UEFI. Might test changing previous bios settings to see if I can optimize and get any performance improvement from the new version. 
Thanks @R-T-B for the work and for sharing it with us!

Has anyone uninstalled the KB4100347 now that the bios is patched? Some people say it improved performance if you uninstall it and that it's not needed with latest bios.

On a side note which is not that much related, but still - when my PC has to restart because for example when updating the bios or when I "save and exit" from the bios and has changed the settings, it just shuts down and I have to plug out my power supply cable, wait for 15-20sec and the plug it back and hit the power button. Any idea what could be causing this. This is ever since I build the setup, so about a year ago. Power supply is the Seasonic Prime Titanium 750w, board is as you know z370 taichi and CPU is 8700k @ 5ghz, although it acts the same regardless if it's clocked or not. RAM if it matters is g.skill trident z @4ghz.
So this behavior is a bit annoying when I want to test clock and stability which is one of the reasons I haven't exactly tested absolute best values, but have satisfied with something working and okish.


----------



## R-T-B (Oct 27, 2018)

Anomander43 said:


> Power supply is the Seasonic Prime Titanium 750w,



Same PSU as me.  That is odd indeed and I do not get that behavior.  I know Seasonic warranty is good though if push comes to shove.


----------



## Anomander43 (Oct 27, 2018)

Yep, my setup is very similar to yours. Do you think you can share me your bios settings? I'm not that familiar with what option does what and looks like you know what your doing so may be I can optimize something when compare it to mine.

Btw, I spoke too soon. A game I am playing (Furi), I had capped at 150fps before and it was staying at that number for most of it and rarely dropping to 140ish. Now it can't get above 133-135 and usually stays in the 115-130 range. So seems like the bios update did impact my performance after all.


----------



## puma99dk| (Oct 27, 2018)

Anomander43 said:


> Yep, my setup is very similar to yours. Do you think you can share me your bios settings? I'm not that familiar with what option does what and looks like you know what your doing so may be I can optimize something when compare it to mine.
> 
> Btw, I spoke too soon. A game I am playing (Furi), I had capped at 150fps before and it was staying at that number for most of it and rarely dropping to 140ish. Now it can't get above 133-135 and usually stays in the 115-130 range. So seems like the bios update did impact my performance after all.



I flashed this when I was playing Shadow of the Tomb Raider and I didn't experience any fps drops or anything maybe you got a update for the game or drivers update?

Uninstalling KB4100347 you can try but it will be integrated in next build or season update so you can't remove it.


----------



## Anomander43 (Oct 27, 2018)

Nah, all drivers and games are up to date. I've removed KB4100347, but it didn't make any difference so I installed it back.


----------



## R-T-B (Oct 29, 2018)

Anomander43 said:


> Btw, I spoke too soon. A game I am playing (Furi), I had capped at 150fps before and it was staying at that number for most of it and rarely dropping to 140ish. Now it can't get above 133-135 and usually stays in the 115-130 range. So seems like the bios update did impact my performance after all.



Really?  Interesting.  First report I've had of it.

Should be completely revertable if need be, BTW.

My settings are a rather agressive voltage, but I'd be happy to exchange some key points.  Basically I use the highest vdroop correction (forget what they call that) is what I find most helpful.  ASrock's lower ones are way too conservative.


----------



## R-T-B (Nov 1, 2018)

After investigating, you may find the bios update is more to blame than my changes.

You should be able to flash plain 3.20 to validate.  The 3.20 update's microcode is known to favor security over perfotmance for Spectre bugs.

You should be able to flash between modded/normal 3.20 freely.  1.80 is the latest with no spectre changes...


----------



## Anomander43 (Nov 1, 2018)

Yes, I saw some people who have tested that 3.10 (example) and above are decreasing performance and that's why I asked before I took the upgrade, but I had in mind this could happen so I'm fine with it. I tested some more and it looks like the impact differs in different games, which is expected because there are so many factors nowadays which could affect performance. In some it's just barely noticable and in others it's more in the 17-20%, which isn't small. I think I'll go back to 1.80. Do you know if I can directly use yours "Z37TC180_NOME.zip 05-Sep-2018 01:04 11417930" ?
I'm thinking since everyone (Windows, Intel, AMD, Nvidia) released patches on one level or another for specter and meltdown, I might be fine with staying at bios 1.80. Not sure who'd like to attack me anyway.
I'll write an update when I go back to 1.80 just to confirm if performance is back to the previous state.

Still I would be very thankful if you find the time to check my bios settings which I sent you on personal. Of course no pressure here, whenever you have the time.
Thanks for taking the time to look into my problem and answering them!


----------



## R-T-B (Nov 3, 2018)

Anomander43 said:


> Do you know if I can directly use yours "Z37TC180_NOME.zip 05-


Yes.  You'll still need to avoid spectre related Windows updates though for full performance long term.

Sorry about taking so long with the PM.  Been really crazy this week...


----------



## Anomander43 (Nov 3, 2018)

@R-T-B , no worries man, even if you don't manage to reply at all, it's still cool!

However I have some more findings to report. So I've tried going from R-T-B's 3.20 to again his 1.80, but it said "Instant Flash - Secure Flash check failed". So I downloaded the official 1.60 and managed to downgrade to it and then managed to successfully install R-T-B's 1.80. However my game fps performance didn't change since 3.20. I have a recording of the game when I was on the original 1.80 and the fps at that time so it's not something I've imagined.
Just for the sake of testing I also installed the unmodded 1.80 and still no change. So I'm guessing it's either another factor that affected the game fps or a combination of factors in which the bios might or might not be included, but it looks like it's not the sole purpose on it's own.
Another thing that I can confirm from my tests is that 3.20 is more stable at least in RAM overclocking potential. I managed to up the clock a bit more and when I reverted to 1.80, the same setup did crash. So I guess I'm staying with R-T-B's 3.20 for now.
I'll let you know if I find anything else, but I don't plan on uninstalling windows updates just to try and figure out what caused it. More like, if I find it by chance


----------



## R-T-B (Nov 3, 2018)

Thanks for the report.  I'll get around to looking at your settings someday...  honest, heh.


----------



## SomeRandomPerson (Nov 18, 2018)

R-T-B, thank you very much for the trailblazing work you're doing here!
Any chance you could make the ME-less version for the Asrock Z370 K6? If you're short on time please just explain what I need to do to the BIOS besides running me_cleaner -S.

Can you tell me what the part number of your BIOS chip is? I'd like to do external flashing and I'd prefer to do my research before buying the board if possible.

Thanks!


----------



## Anomander43 (Nov 23, 2018)

@R-T-B , no pressure, just checking if you plan to do the 3.30 version as well? Not that I know if we need the changes:
1.Update vBIOS and GOP
2.Update Intel RAID driver


----------



## R-T-B (Nov 23, 2018)

Anomander43 said:


> @R-T-B , no pressure, just checking if you plan to do the 3.30 version as well? Not that I know if we need the changes:
> 1.Update vBIOS and GOP
> 2.Update Intel RAID driver



Unfortunately my current job requires a TPM for some odd-duck thing so I stopped making these for myself as the Management Engine provides one.

I can still produce a build but it will be 100% untested.  Coming right up if willing to play guinea pig.  SHOULD be safe but no guarantees you know?



SomeRandomPerson said:


> R-T-B, thank you very much for the trailblazing work you're doing here!
> Any chance you could make the ME-less version for the Asrock Z370 K6? If you're short on time please just explain what I need to do to the BIOS besides running me_cleaner -S.


 The only other step is tricking the sig check...  which won't apply to a hardware flash.

Some advice though, you will likely lose your mac if you don't transfer the ethernet firmware beforehand or patch your real image dump.

What I'd personally do is update to the target firmware...  Then hardware dump that image and patch/flash that via hardware.


> Can you tell me what the part number of your BIOS chip is? I'd like to do external flashing and I'd prefer to do my research before buying the board if possible.
> 
> Thanks!



I don't have time to extend support at the moment (employment does that) but it is really just me_cleaner -S plus disabled sig checks.  The second part is harder but not needed for a hardware flash...

Don't know about the chip.  Next time I dissect my rig I will try and check.  I do remember it being supported by flashrom and a ch341a though.  That is a great cheap flash board...

EDIT:  Just posted an experimental build...  try it please (if willing to accept the risks!).

EDIT EDIT:  Tested myself, because I had to...    Unfortunately does not work if you already updated to official 3.30.  Will work from a 1.80 flash I think if you have NOT updated to 3.30 yet.  There are technical reasons for this that are too boring to explain, but the bottom line is there is no work around yet.  If you have 3.30 on your machine ever, you will need to hardware flash it.  By the way, the chip is a winbond W25Q128.V

EDIT EDIT EDIT:  Just did a hardware flash and it turns out ASRock does not store the mac in the bios.  So hardware flash freely with no concerns, it works fine.


----------



## SomeRandomPerson (Nov 30, 2018)

Thanks for testing!

Did you do the hardware flash with the ch341a board?
Any issues with insufficient power/did you need to apply another power source to the motherboard?


----------



## Anomander43 (Nov 30, 2018)

Will it work from  your v3.20?


----------



## R-T-B (Nov 30, 2018)

Anomander43 said:


> Will it work from  your v3.20?



Yes, sorta.

You'll likely need to downgrade briefly to some old version to actually flash due to new restrictions( I reccomend the 1.80 official release) but as long as you've never ran 3.30 official you'll be fine.



SomeRandomPerson said:


> Thanks for testing!
> 
> Did you do the hardware flash with the ch341a board?
> Any issues with insufficient power/did you need to apply another power source to the motherboard?



Re power:  yes there are power issues on the bios chip if it's set to active.  Just use the backup bios jumper to disable the chip you want to flash though, then it works fine.


----------



## SomeRandomPerson (Nov 30, 2018)

Unfortunately my board doesn't seem to have that jumper, it seems to be only on the Taichi.


----------



## R-T-B (Nov 30, 2018)

SomeRandomPerson said:


> Unfortunately my board doesn't seem to have that jumper, it seems to be only on the Taichi.



It may work anyways, not certain though.  Sorry I can't be more help.


----------



## SomeRandomPerson (Dec 1, 2018)

I really appreciate all the help you've been giving us.

I received the board and it does have the bios jumper, even though it's undocumented on the manual. Unfortunately it uses a Macronix 25L12873F chip, which isn't supported by flashrom.

I'm almost giving up on external flashing. 

Any chance you could edit the Asrock Z370 K6 v3.20 bios for me? Did some googling but couldn't find out how to disable the signature checks. If you don't have time a link that explains how to do it is enough (I can use UEFITool and AMIBCP if needed).


----------



## R-T-B (Dec 7, 2018)

SomeRandomPerson said:


> Any chance you could edit the Asrock Z370 K6 v3.20 bios for me? Did some googling but couldn't find out how to disable the signature checks. If you don't have time a link that explains how to do it is enough (I can use UEFITool and AMIBCP if needed).



The easiest way to remove the sig checks is still pretty invovled.  It's also beyond my ability to fully explain, as even I don't understand parts (hence me having issues with their latest attempts to update the sig protection, and requiring most to just flash from a version like 1.80).

I will patch a bios for you though.  No issue with doing that, as long as you understand it has a smallish brick risk since I can't test.  Weird it's an oddball Macronix like that.  It seems they are trying to make everything hard lately.  Flashrom will probably add it soon but that doesn't help us now. 

PS:  Sorry for the late reply, my monitor died and that makes a lot harder for bios work.  I need at least 1440p to be productive now. 

EDIT:  There is a version in the main http://glacialsoftware.net/FIRMWARE/ directory that should flash from a stock 1.80 bios just fine and apply 3.20 as well as remove the management engine.  Let me know your results if you can.  Unzip and use the built in flash utility from a full stock 1.80 bios.

It should be here.


----------



## puma99dk| (Dec 7, 2018)

@R-T-B I am still happy to see you keep updating the bios for the Z370 Taichi


----------



## R-T-B (Dec 7, 2018)

puma99dk| said:


> @R-T-B I am still happy to see you keep updating the bios for the Z370 Taichi



I try...  unfortunately ASRock seems to have taken an objection and are making things harder every update!


----------



## SomeRandomPerson (Dec 8, 2018)

Thanks but before you posted I'd already flashed my BIOS.

What I did was run me_cleaner -S on the K6 bios and swap the ME region for the one on your Taichi 3.2 modded bios using a hex editor.

It flashed fine and seems to have worked. ME doesn't show up in any of the usual Linux commands.

I see that you also FF'd section 5A88641B-BBB9-4AA6-80F7-498AE407C31F of the BIOS region (addresses 534D1C to 535D1B). Should I worry that I didn't do that? What does that do?

Thanks again!


----------



## R-T-B (Dec 8, 2018)

SomeRandomPerson said:


> I see that you also FF'd section 5A88641B-BBB9-4AA6-80F7-498AE407C31F of the BIOS region (addresses 534D1C to 535D1B). Should I worry that I didn't do that? What does that do?



That's usually sigchecking code.  If it works without it, no worries then! Intriguing.


----------



## SomeRandomPerson (Dec 9, 2018)

Did you or anyone else here test if NVMe drives work properly with these mods?


----------



## puma99dk| (Dec 9, 2018)

SomeRandomPerson said:


> Did you or anyone else here test if NVMe drives work properly with these mods?



I have tried 2 Samsung nvme's one 960 evo 250gb the other 970 evo 500gb both works flawless


----------



## R-T-B (Dec 20, 2018)

Working on adding support for the Z370 Gigabyte Aorus Gaming 7.  it's being suprisingly tough.  It appears to have DXE's that implement Intel Boot Guard, which is unusual for a gigabyte board.  I have already bricked it once (yes, both dual bioses) and am waiting on my hardware programmer to recover it.  This may take a while...  will update with my interesting findings...


----------



## R-T-B (Dec 21, 2018)

Chip we are seeing for reference.  Ch341a and AsProgrammer on github can read/write it.


----------



## R-T-B (Dec 25, 2018)

z370 gaming 7 Board is bootlooping again.  I've almost worn out my programers clip.  Man, Gigabyte really went all out on protection of the ME region for some reason...

EDIT: Gigabyte somehow killed itself.  As best I can figure the 9900k depends on the Intel ME in some way, at least on the gaming 7.  Will investigate further...  on my taichi.  Will need to do some explaining to the donor and hope that's enough...  I mean there are no promises here.


----------



## R-T-B (Dec 26, 2018)

Client is ok with me failing to support the gigabyte g7.  Very nice guy just hoping for the best...  sorry I could not do more there!
For the Taichi:  3.40 is up at the usual place now.  Should flash normally from official 1.80 (aware 9th gen users cannot run that, working on a fix, in the meantime try official 3.20)

EDIT:  3.40 temporarily pulled.  Bootloops.  Working on it.  Thank goodness for dual bios.


----------



## R-T-B (Dec 27, 2018)

This is a PSA that ASRock has made some significant undocumented bios changes in 3.40.  At this time, I do not expect if you update to the latest official, you will be able to switch back to my mod without a hardware programmer.  Please avoid for the time being.

EDIT:  Tested & working 3.40 is up at the usual place now. Should flash normally from official 1.80 or earlier (aware 9th gen users cannot run that, working on a fix, in the meantime using hardware flasher is my advice).

If you have ever ran official 3.40 it may not work.


----------



## R-T-B (Jan 2, 2019)

As my Z370 Taichi died mysteriously (no, not related to my modbios, I am sure) I have purchased a new z390 taichi to replace it.  Will see if support for that board is possible.  I will support the z370 taichi as usual but won't be able to test before release anymore.


----------



## R-T-B (Jan 4, 2019)

The z390 Taichi is now supported.  It was a very diffilcult board but all z390 boards will likely be the same if not harder.

Why?  Intel changed the format of the management engine region of the bios in ME 12, which is used in z390 on up.  This means we can't mod it using open source tools like me_cleaner anymore.

Not content to just give up with that, I used an undocumented mode intended for government targets to instruct the ME to turn itself off (credit to people much more skilled than me for finding this).  Since the government trusts intel with this mode and it is pretty much certainly Intel's mode for computers they sell to government clients with data sensitive needs, I think we can assume that even though the management engine firmware is still present, it turns itself off just like it tells you.  The government would be all over them if they were lying about that.

How long that mode will remain now that the public has discovered it is anyones guess...  For now, here is bios 1.80 for the Z390 Taichi with ME disabled.  Find it in the usual spot.

Be aware, the procedure to activate this mod is slightly different.  You MUST first flash official 1.80.  This is not negotiable, it must happen.

After that, unzip the archive, open an *admin* command prompt, and cd to the directory you unzipped the archive too.

Type "flashme" and wait for it to finish.

Reboot and go straight to bios.

You should be presented for a few moments with a menu similar to the following, the full unlocked bios.  You don't want to horse around with 90% of this stuff, it's dangerous.  The only thing you want is under "PCH-FW Configuration."  Go there.





Under that menu you have a nice menu option that lets you turn the ME on and off at whim.  NOTE:  Despite the wording "ME Temporarily Disabled," it is permanent short of anything that resets your CMOS.  Not often that happens and if it does, you can just turn it off again.





So, test, enjoy, and let me know if any bugs appear.  Seems to work for me!


----------



## puma99dk| (Jun 10, 2019)

@R-T-B  are you gonna release v4.00 for the AsRock Z370 Taichi?

Link: https://www.asrock.com/mb/Intel/Z370 Taichi/index.asp#BIOS

I hope you haven't abandon it alreally


----------



## R-T-B (Jun 10, 2019)

puma99dk| said:


> @R-T-B  are you gonna release v4.00 for the AsRock Z370 Taichi?
> 
> Link: https://www.asrock.com/mb/Intel/Z370 Taichi/index.asp#BIOS
> 
> I hope you haven't abandon it alreally



Heh, I kinda did frankly.  I withdrew public support for this project because well...  a few things.

1.)  For z370 in particular, I no longer have a board for testing.

2.)  I discovered a much more effective way to disable the ME that Intel doesn't know about and am debating making a security claim (for money), or keeping it private.  Either way, I'm not providing builds using the old method (using me_cleaner) because it's become too hard to maintain.  (It's no longer just running the tool and it has a bunch of board specific quirks I have to remember.)

I was debating making a binary build of the new exploit for you and others to continue to get the benefits, but...  I mean as a security researcher first I need to make up my mind if I'm giving this to Intel or keeping it private.  I'm on the fence and if I start handing it out, I can't make a claim on it with Intel anymore.  If I go public, Intel will just patch it and I will get no money and no one wins.  If I give it to Intel, they patch it but at least pay me.  If I keep it private, that's best for making builds like this...  but they'll still probably eventually figure it out.  So I want to keep a low profile regardless if going that route.

tl;dr:  On the fence about whether to continue, builds are on hold for the moment though.  If I decide to continue it will be much easier.  If I don't , well, Intel will patch our arse and I'll get a nice check.  Hopefully big.

Sorry for being a sellout.  My advice for the time being would be to go official or stay on your present build...  if I decide to stay with the "dark side" it doesn't matter which version you are on, heh.


----------



## biffzinker (Jun 10, 2019)

R-T-B said:


> If I decide to continue it will be much easier. If I don't , well, Intel will patch our arse and I'll get a nice check. Hopefully big.


Quite the dilemma, on one hand your helping those that care turn off ME but if you don't disclose what you've found you're shit out of luck on the bounty.

I know what I'd pick, something about money up for grabs.



R-T-B said:


> Sorry for being a sellout.


So your in contact with Intel I presume? Sorry for picking apart your whole reply.


----------



## R-T-B (Jun 11, 2019)

biffzinker said:


> So your in contact with Intel I presume? Sorry for picking apart your whole reply



Not yet but really thinking about it.  Taking a "mental week" at the moment to avoid rash decisions.


----------



## puma99dk| (Jun 11, 2019)

Thanks @R-T-B for an explanation.
I will just use the latest 3.80 you released I got that one just never flashed it.


----------



## weareanomalous (Jun 11, 2019)

R-T-B said:


> 2.)  I discovered a much more effective way to disable the ME that Intel doesn't know about and am debating making a security claim (for money), or keeping it private.  Either way, I'm not providing builds using the old method (using me_cleaner) because it's become too hard to maintain.  (It's no longer just running the tool and it has a bunch of board specific quirks I have to remember.)



Does your method require an inactive Intel ME Watchdog Timer to function? Recently, a Github user has found ways to disable Intel ME completely on his Intel X79 system.


----------



## R-T-B (Jun 11, 2019)

weareanomalous said:


> Does your method require an inactive Intel ME Watchdog Timer to function? Recently, a Github user has found ways to disable Intel ME completely on his Intel X79 system.



My method is more akin to an alternative firmware mode, ala the HAP bit.  It's just much easier to apply though (minimal firmware modifications).  Can't go into much more details.


----------



## R-T-B (Jun 14, 2019)

After communication with Intel, my bug is not a bug, but more "operation as intended."

It's weird, because I sure don't see it that way, but given there is no money, I may be making builds again soon.  First, a weekend with my brother whom has come to visit from far away!



puma99dk| said:


> Thanks @R-T-B for an explanation.
> I will just use the latest 3.80 you released I got that one just never flashed it.



You willing to beta test a reasonably safe beta build when I get around to this again?  I can still support the x370 Taichi but obviously I can't promise anything like before.  Would be nice to have a tester.  Pretty sure I know it well enough to not brick things, anyways... heh.


----------



## puma99dk| (Jun 14, 2019)

R-T-B said:


> After communication with Intel, my bug is not a bug, but more "operation as intended."
> 
> It's weird, because I sure don't see it that way, but given there is no money, I may be making builds again soon.  First, a weekend with my brother whom has come to visit from far away!
> 
> ...



Yeah I will be willing to test, the risk ain't really big because it got a dual bios and I don't overclock these days.


----------



## R-T-B (Aug 1, 2019)

Sorry for the delay, work is keeping me very busy.  This coming week I should have updates.


----------



## puma99dk| (Aug 1, 2019)

R-T-B said:


> Sorry for the delay, work is keeping me very busy.  This coming week I should have updates.



That's fine, I am in Berlin these days so I came touch my computer


----------



## puma99dk| (Aug 5, 2019)

Hmm okay, I read your tech notes in #1 so this means if I have to update from the modded bios 3.20 to 3.40 I have to flash like the original 3.20 and then yours 3.40?

Because instant flash fails with message "Secure Flash check fail!":



Then I tried AsRock's own windows flash utility it tells me that bios is modded and then fails when I hit the y key:


*Edit* I tried flash the offical bios 3.20 from AsRock that went fine, but flashing to 3.40 NOME no dice it just fails with "Security Flash check fail!" so I hope that @R-T-B have something I can try  Because you rock man


----------



## R-T-B (Aug 13, 2019)

I'm still working on the flashing issues.  On the verge of cracking out something that'll work I think.  ASRock and several manufacturers have really stepped up their security measures for sigchecking after that "screwed drivers" thing (reports to them happened way earlier than the news) so it's obviously been more interesting.


----------



## R-T-B (Aug 17, 2019)

Experimental build for the z370 Taichi up on http://glacialsoftware.net/FIRMWARE/EXPERIMENTAL/

Please read the readme in the zip to apply.  Has one succesful test courtesy @puma99dk|

I will probably make a new thread for the new supported boards and the new install method soon.


----------



## krusty (Aug 29, 2019)

R-T-B said:


> Experimental build for the z370 Taichi up on http://glacialsoftware.net/FIRMWARE/EXPERIMENTAL/
> 
> Please read the readme in the zip to apply.  Has one succesful test courtesy @puma99dk|
> 
> I will probably make a new thread for the new supported boards and the new install method soon.


Can you build a release for the Z390 Phantom Gaming X mobo?


----------



## R-T-B (Aug 29, 2019)

krusty said:


> Can you build a release for the Z390 Phantom Gaming X mobo?



Most likely, yes.  Does it have dual bios?  If not, are you willing to test a build at a slight risk of bricking the board?  The risk is low, but always there.


----------



## krusty (Aug 29, 2019)

R-T-B said:


> Most likely, yes.  Does it have dual bios?  If not, are you willing to test a build at a slight risk of bricking the board?  The risk is low, but always there.


Yes and yes!


----------



## R-T-B (Aug 29, 2019)

Ok, I will need a few days but I should be able to make one then.


----------



## Beul (Sep 1, 2019)

Hi,
I tried to use the experimental Z37TC400.zip for my Z370 Taichi but when i run the flashme.cmd with admin rights the cmd is just flashing for half a second and than closes itselfe but nothing has changed in the bios.
Maybe i'm missing some stepps?
I renamed the mod_bios and tried flashing via Instantflash but it shuts off and reboots immediately with no changes to the bios.
A 8600k and the original 4.00 bios is running and i'm using Win10 1903. IME 11.8.55.3510 is installed.
Any tipps and tricks how to get the ModBios flashed?

Thank you


----------



## puma99dk| (Sep 1, 2019)

What I had to do was to flash the original P4.00 from AsRock and then after a reboot into Windows 10 1903, I read the readme I got provided by @R-T-B and then ran the flashme.cmd.

Are you running anti-virus or something that might stop this @Beul ?


----------



## Beul (Sep 1, 2019)

First thanks for the quick response!

P4.00 is running. Windows defener is disabled and no other antivirus is installed. The readme says "Instructions in short" so maybe you got the long version?
Should i try to execute the flashme.cmd on a freshly installed windows cause i used win10privacy?


----------



## puma99dk| (Sep 1, 2019)

Hmm depending on what the win10privacy does it could be the issue.

I am running a normal Windows 10 1903 with some things disabled by myself. I am also running Windows Defender.

The info I got was this:
Instructions in short, 

First flash matching official bios standard way, then in windows:

Run "flashme.cmd" as adminstrator.  Allow it to finish flashing.  Reboot.  Enter BIOS.  A new menu may be unlocked (your settings may also be reset).  Don't touch most of the stuff, it's largely locked for a reason.  Open "PCH-FW Configuration" and disable or enable the ME as you please.

If you see no menu at all, it may have just worked with no user intervention required.  Boot to windows and check.

The cmd is like a check that the bios file is correct and then reboot your board should boot into flash on start-up.


----------



## Beul (Sep 1, 2019)

I will try a clean install and report back when done.

Sadly the behaviour did not change with a windows clean install and clear cmos. After clicking the flashme nothing happens nothing changed.
Any suggestion what i can try next?


----------



## R-T-B (Sep 1, 2019)

Beul said:


> I will try a clean install and report back when done.
> 
> Sadly the behaviour did not change with a windows clean install and clear cmos. After clicking the flashme nothing happens nothing changed.
> Any suggestion what i can try next?



Try launching an admin cmd, switching to the directory via cd, and running "flashme" in there.  May be a home directory issue depending on where it's extracted...  will add some additional checks later to avoid errors like this.


----------



## Beul (Sep 2, 2019)

It worked that way. 

BIG Thank you and keep up the good work!


----------



## R-T-B (Sep 5, 2019)

Thanks for the report.  When I make these releases official, I will update the script to detect home directory.


----------



## R-T-B (Sep 11, 2019)

krusty said:


> Yes and yes!



Just a reminder I have not forgotten your support request.

I will be making a new thread and a experimental build soonish.  I'm dealing with my cellphone being broken right now and it's really slowing me down with regards to my work so probably next week sometime.


----------

