GK3 Secure boot bios update

Quick Fix.
jlavi
Posts: 5
Joined: Sat Aug 21, 2021 4:50 pm
Has thanked: 2 times

Re: GK3 Secure boot bios update

Post by jlavi »

simonelombardo wrote: Wed Oct 13, 2021 12:03 pm
Hi, the firmware chipset is a GigaDevice 25Q and it uses a Aptio V UEFI platform. You can dump the content of the 8Mb uefi flash memory with the official AMI tool: https://www.ami.com/products/firmware-t ... utilities/ (the first one).

Launch the AFUWINGUIx64.exe executable and press Save to dump it to a file.
The ROM file contains : "Secure Boot Error - bad image path"
I my opinion, when the BIOS was build, they neither did prepare their environment correctly, nor check error messages.

I don't understand what is blocking them to rebuild a correct Bios. Maybe licence fees to AMI ?
simonelombardo
Posts: 52
Joined: Sun Oct 10, 2021 10:02 am
Has thanked: 17 times
Been thanked: 31 times

Re: GK3 Secure boot bios update

Post by simonelombardo »

.
Last edited by simonelombardo on Thu Nov 18, 2021 4:29 pm, edited 2 times in total.
Servo128
Posts: 47
Joined: Sat Oct 02, 2021 5:43 pm
Has thanked: 5 times
Been thanked: 19 times

Re: GK3 Secure boot bios update

Post by Servo128 »

Wow!!! an update not from Acepc, but a keen user.

A big thankyou Simone for trying to sort this out.

Still no sign of admin :lol: :lol: :lol: :lol:
Armadamm_NA
Posts: 1
Joined: Thu Oct 14, 2021 5:47 pm

Re: GK3 Secure boot bios update

Post by Armadamm_NA »

simonelombardo wrote: Thu Oct 14, 2021 4:39 pm
jlavi wrote: Thu Oct 14, 2021 4:20 pm
simonelombardo wrote: Wed Oct 13, 2021 12:03 pm
Hi, the firmware chipset is a GigaDevice 25Q and it uses a Aptio V UEFI platform. You can dump the content of the 8Mb uefi flash memory with the official AMI tool: https://www.ami.com/products/firmware-t ... utilities/ (the first one).

Launch the AFUWINGUIx64.exe executable and press Save to dump it to a file.
The ROM file contains : "Secure Boot Error - bad image path"
I my opinion, when the BIOS was build, they neither did prepare their environment correctly, nor check error messages.

I don't understand what is blocking them to rebuild a correct Bios. Maybe licence fees to AMI ?
Hi,

Midly (or madly, depending from the point of view) fact: my GK3V bios dump has full implementation of SecureBoot on Platform, Initialization, TPM checking and Key management. It has all the components needed for being UEFI compliant and supports natively Windows 11. The DXE driver inside the EFI firmware volume is called AmiHsti (while the earlier version installed on T11 bioses were SecureBootDXE). You can check with MMTools / UEFITool to extract the module and a reverse engineering tool like Ghidra / IDA /Radare2.

I don't think it was just a mere dead code or being forgotten but it was intentional.
I have compared the implementation of SecureBoot DXE module between the bios dumps I have found (the only ones I find in the forum were the AcePC T11 ones): they have removed the entry criteria to check the BCP (the bios menu settings) for enabling SecureBoot and implemented a custom logic to check if Secure Boot DXE module needs to be engaged.
The logic seems to check a memory mapped address (a I2C interface?) for a specific code.
Basically it seems to me the AcePC team have implented a control code as if it's common used in the mobile world realm and they would tend to sell or give the lock / unlock code to OEM distributors;. the generic serial number seems to confirm they were just trying to sell oversupplied units, not sold to the OEM distributors, to the consumers.

T11 implementation is too different to just replace the module (it's an earlier version of UEFI), so I need to figure out the current one. Maybe the AK3 is similar but I don't have any dump of it.

I am a bit lost though because I'm not versed to cracking this kind of protections. I'll try to analyze this in free time but someone more competent than me (like the ones of Win-Raid or Bios-Mods)'s help should be beneficial ahah

Simone
Hi Simone, how we can update Bios/Uefi?
Ciao Simone (credo tu sia italiano) come va aggiornato questo GK3V che anche io ho e vorrei provare ad installare Windows11?
simonelombardo
Posts: 52
Joined: Sun Oct 10, 2021 10:02 am
Has thanked: 17 times
Been thanked: 31 times

Re: GK3 Secure boot bios update

Post by simonelombardo »

.
Last edited by simonelombardo on Thu Nov 18, 2021 4:29 pm, edited 1 time in total.
greudeucis
Posts: 5
Joined: Sun Oct 10, 2021 10:00 am
Has thanked: 2 times

Re: GK3 Secure boot bios update

Post by greudeucis »

Gabe wrote: Wed Oct 13, 2021 10:02 pm
greudeucis wrote: Wed Oct 13, 2021 6:41 pm One thing I also noted is that after reboot when I press F7 to have boot options, it does not work. It boots into windows.
Check in the BIOS to see if 'Fast Boot' is an option and if it is enabled. If it is, just as a test, disable it and then see if you can then enter the F7 boot menu after you perform a reboot.
Thank you for the reply. This is how my bios looks on my AK3V. It is verry rudimentary. I don't have fast Boot.
Attachments
IMG_20211014_215624.jpg
IMG_20211014_215624.jpg (1.12 MiB) Viewed 33085 times
IMG_20211014_215631.jpg
IMG_20211014_215631.jpg (1.12 MiB) Viewed 33085 times
IMG_20211014_215635.jpg
IMG_20211014_215635.jpg (1.17 MiB) Viewed 33085 times
User avatar
Gabe
Senior Moderator
Senior Moderator
Posts: 2032
Joined: Fri Apr 17, 2020 1:19 am
Has thanked: 42 times
Been thanked: 116 times

Re: GK3 Secure boot bios update

Post by Gabe »

greudeucis,

It's interesting that it will boot into BIOS, showing that the keyboard is being recognized at the beginning of the boot sequence, but not into the Boot Menu with F7. I too have an AK3V, but it's not currently connected and I couldn't remember if it had fast boot as an option.

Hopefully someone with more knowledge on this type of thing will be able to help.
W8 Pro • GK1 • AK3 • AM02 • T6 Pro • AMR5 • GK3 Pro • AD03 • AM06 Pro • T8 Pro • S1 • T8 Plus • CK10 • AK2 Pro
I have no connection to ACEMAGIC other than being a customer and long time forum member
greudeucis
Posts: 5
Joined: Sun Oct 10, 2021 10:00 am
Has thanked: 2 times

Re: GK3 Secure boot bios update

Post by greudeucis »

Gabe wrote: Thu Oct 14, 2021 8:27 pm greudeucis,

It's interesting that it will boot into BIOS, showing that the keyboard is being recognized at the beginning of the boot sequence, but not into the Boot Menu with F7. I too have an AK3V, but it's not currently connected and I couldn't remember if it had fast boot as an option.

Hopefully someone with more knowledge on this type of thing will be able to help.
Gabe

The thing is that there are 3 more things that are bugging me.
1. After power on or restart it takes a lot for the unit to boot up. At first windows was booting verry fast. Now it takes up to 1 min.
2. In Bios i don't have a system serial no. It only says $(default_string). That to me seems like an error.
3. After restart in cannot go into Bios. Not even with Del. Key press. I can only enter bios via Widows. From Update>Recovery... Etc

Everithing is up to date. Windows is clean considering that I only have intalled Plex, Team Viewer, Office suite and Adbe Pdf.

The keyboard conected is wireless with touchpad included. Also a 1TB External hdd and a small mmc card are conected. But these should not affect Windos boot time or the fact that I cannot acess Bios via F7 or DEL.
User avatar
Gabe
Senior Moderator
Senior Moderator
Posts: 2032
Joined: Fri Apr 17, 2020 1:19 am
Has thanked: 42 times
Been thanked: 116 times

Re: GK3 Secure boot bios update

Post by Gabe »

greudeucis,

First, regarding the Default String showing for the system serial number, that's normal, or at least for ACEPC machines. All of mine say the same thing.

I'm not really sure why it would be booting slowly. Though mine hasn't been updated in a few months, and it's currently running on the original eMMC storage it came with, it took around 13 to 15 seconds or so (that's a guess) from the time I pressed the power button to the Windows desktop showing.

Regarding the problem of getting into the BIOS or Boot Menu using the keyboard, is the keyboard connected via Bluetooth, by chance? You mentioned that it was wireless, but I didn't know if that might mean Bluetooth. If it is, that's likely the problem, as Bluetooth doesn't engage until Windows itself starts opening, which by then is past the point of being able to open the BIOS or Boot Menu. If that's NOT the case and it's connected via a wireless USB dongle, perhaps try a different USB port. I use a Logitech wireless keyboard with a wireless USB dongle, and I was able to open both the BIOS and Boot Menu with the keyboard on startup.

If it is a wireless USB dongle type, but trying a different USB port doesn't help, I'm stumped. I don't know what could be causing the problem. If that is the case, and you do, by chance, have an old fashioned wired USB keyboard you could try, I would try it to see if that works for opening the BIOS and/or Boot Menu. If you do and it works, then we've at least narrowed it down to the wireless keyboard itself, though I still don't know why it wouldn't work.

Edit: Just for the heck of it, if the keyboard is NOT Bluetooth, I would try disconnecting the external HDD and the MMC card, just to see if it makes any difference. It may not, but at this point it's worth a try. It may also help with the speed of the startup.
W8 Pro • GK1 • AK3 • AM02 • T6 Pro • AMR5 • GK3 Pro • AD03 • AM06 Pro • T8 Pro • S1 • T8 Plus • CK10 • AK2 Pro
I have no connection to ACEMAGIC other than being a customer and long time forum member
greudeucis
Posts: 5
Joined: Sun Oct 10, 2021 10:00 am
Has thanked: 2 times

Re: GK3 Secure boot bios update

Post by greudeucis »

Gabe wrote: Thu Oct 14, 2021 9:25 pm greudeucis,

First, regarding the Default String showing for the system serial number, that's normal, or at least for ACEPC machines. All of mine say the same thing.

I'm not really sure why it would be booting slowly. Though mine hasn't been updated in a few months, and it's currently running on the original eMMC storage it came with, it took around 13 to 15 seconds or so (that's a guess) from the time I pressed the power button to the Windows desktop showing.

Regarding the problem of getting into the BIOS or Boot Menu using the keyboard, is the keyboard connected via Bluetooth, by chance? You mentioned that it was wireless, but I didn't know if that might mean Bluetooth. If it is, that's likely the problem, as Bluetooth doesn't engage until Windows itself starts opening, which by then is past the point of being able to open the BIOS or Boot Menu. If that's NOT the case and it's connected via a wireless USB dongle, perhaps try a different USB port. I use a Logitech wireless keyboard with a wireless USB dongle, and I was able to open both the BIOS and Boot Menu with the keyboard on startup.

If it is a wireless USB dongle type, but trying a different USB port doesn't help, I'm stumped. I don't know what could be causing the problem. If that is the case, and you do, by chance, have an old fashioned wired USB keyboard you could try, I would try it to see if that works for opening the BIOS and/or Boot Menu. If you do and it works, then we've at least narrowed it down to the wireless keyboard itself, though I still don't know why it wouldn't work.

Edit: Just for the heck of it, if the keyboard is NOT Bluetooth, I would try disconnecting the external HDD and the MMC card, just to see if it makes any difference. It may not, but at this point it's worth a try. It may also help with the speed of the startup.
Thank you for the info. I'll try all what you have sugested and will return with feedback.
Post Reply

Return to “Troubleshooting”