- Joined
- Jan 30, 2011
- Messages
- 458
- Motherboard
- ASUS ROG RAMPAGE VI EXTREME
- CPU
- i9-10980XE
- Graphics
- RX 5700 XT
@interferenc
If I understand the patch correctly, we are nopping the regions where bit-15 (0x8000) of msr(0xE2) is being checked with the first entry of the patch.
In addition to that, your new entry to the patch BE0080000023CE0B -> BE0000000023CE0B sets ecx to 0x0, so that this part of the code always thinks msr 0xE2 is unlocked.**
I'm looking at PpmInitialize now. ***
Now my question is, how do we know that's all the efi modules that need to be patched? Are you grepping all efi modules to look for places where msr 0xE2 bit-15 is being read*?
EDIT1: * written, not read! xD
EDIT2: ** In fact, using this hack allows to always unlock bit-15. If you look at the opcodes, the hack changes the value of esi which is also used later by wrmsr to set bit-15. So this part of the code always enter the condition where write to 0xE2 is performed but always writes to unlock. While before, without the patch, the write was being performed to lock 0xE2 when it was unlocked.
EDIT3: *** The patch for PpmInitialize is a simple change from JE opcode to JNE, not sure if we're trying to avoid jumping to the next section or if we are jumping to the next section. And dunno what the next section means.
If I understand the patch correctly, we are nopping the regions where bit-15 (0x8000) of msr(0xE2) is being checked with the first entry of the patch.
In addition to that, your new entry to the patch BE0080000023CE0B -> BE0000000023CE0B sets ecx to 0x0, so that this part of the code always thinks msr 0xE2 is unlocked.**
I'm looking at PpmInitialize now. ***
Now my question is, how do we know that's all the efi modules that need to be patched? Are you grepping all efi modules to look for places where msr 0xE2 bit-15 is being read*?
EDIT1: * written, not read! xD
EDIT2: ** In fact, using this hack allows to always unlock bit-15. If you look at the opcodes, the hack changes the value of esi which is also used later by wrmsr to set bit-15. So this part of the code always enter the condition where write to 0xE2 is performed but always writes to unlock. While before, without the patch, the write was being performed to lock 0xE2 when it was unlocked.
EDIT3: *** The patch for PpmInitialize is a simple change from JE opcode to JNE, not sure if we're trying to avoid jumping to the next section or if we are jumping to the next section. And dunno what the next section means.
Last edited: