- Joined
- Jul 10, 2011
- Messages
- 68
- Motherboard
- Dell XPS 9360
- CPU
- Intel Core i7-7560U @ 2,4 GHz
- Graphics
- Intel Iris 640 FHD
- Mac
- Mobile Phone
Ok, so quite a few points here. TLDR;
FPT.exe is part of a series of DOS, EFI and Win-based tools that Intel uses to update the BIOS chip, usually a Winbond, and in our cases quite unique (32MB, WSON package). BIOS check is done by Dell Verified Boot and then Intel BootGuard, and not done on the EXE but of the BIOS payload inside. It is signed with an (as yet unknown) signature that you can actually override using IFR (search for 'dell personal' in the setup and you'll see I mean), but without knowing how it's generated the only way to flash a modded bios with FPT (or Dell's own flasher) is to disable bootguard and verified boot (which I've done) but the flash descriptor (the part of the BIOS IC that sets flash all IC to rw and verified boot to disable) is currently locked. I've unlocked previous laptops by shorting the audio IC pins (known as pinmod, theoretically possible using SW1 junction on the 9360) and SPI flashing the entire IC with an external test clip (but the IC has changed to a WSON package which is not (easily) flashed externally).
Many people have tried to manually force a Dell flash using EFI or recover to a modded BIOS (google around) but it results in a hard brick where the IC needs to be physically removed and reflashed. The only sure way is to (i) disable ME and/or BootGuard (which I've done) and (ii) remove the flash descriptor protection (which I haven't yet). I need help with the latter.
Yes and there are a few others too. However note that FormIDs can't be written to with IFR, only variables. Setting 0x67a above to 01 allows a full read of the 32MB chip and a write of most regions (so you can update ME, hence ME re-flash) but not the 4kb
descriptor, which is most important. In theory there should be a BIOS setting which should perform the equivalent of the SW1 pinmod, but I haven't found it yet...
Yep. There's a few other requests on more specialised forums as well. No one has successfully managed a WSON-package on-chip flash, which means we have to resort to pinmod or BIOS.
Be *very* careful when applying multiple settings at once. You could end up with a hard brick as the recovery methods dont cover all scenarios especially those involving IFR variable patching. Only use my recommended settings, which I've posted elsewhere in this topic, and when experimenting go one change at a time.
Best (stable) undervolt I've reached is -0.075 (0x4B). Any less and some weird manifestations start occurring, especially after S5-S3 event (ie: your sleep issues).
Memory voltage & DIMM settings sadly don't work and are hard coded to 1.2V. It's due to the LPDDR3 which means you need to flash the SPD settings on chip (there's a BIOS setting which allows for SPD write, which doesn't seem to work). I'm in discussion with the manufacturer of a very popular windows software that allows such a thing, and is planning to add LPDDR3 support soon.
I suspect your hard(ish) brick is the issue I had a few months ago where I forced an XMP profile to work via XTU and had the orange/white flashing combo. Despair not; follow the steps I outlined and you should be good.
Active trip point should be easier to achieve though we don't have the EC registry settings for fan speed. You should be able to do this with some experimenting using RWEverything.
The one interesting point you raised is about ME disabled. Could you check what IC you have, perhaps it's the SOIC-based variety? If so you'll be able to lift a full IC dump off it with the trusty CH341A, send it to me and I'll patch it for you. Alternatively if you manage to boot the laptop, the first thing you should do is pop into a pure dos shell (rufus) and dump the full rom, this time with FPT. It's likely that the descriptor has been patched with something called reserve_hap, which is very useful for us (but I suspect has been patched from v2.4+ onwards)
Try buying a new SPI chip and flash it with the modified dump. Can be something OTP-flash related, like it was on old sonyericsson phones, where a region of flash chip was allowed to be writeable only once.