All geek questions in one place

Changing the ia32 function control register on an Asus Z170 board with a BIOS error

I found myself in an unsuccessful situation when I need to use a CPU function that the BIOS did not include in the MSA register with the function management function. The BIOS sets the lock bit, so I cannot set the bit myself. BIOS (Asus UEFI BIOS) does not have the ability to change behavior. The question is, is there a way to set this bit? I think if you can write a UEFI extension or some program that I could execute from the UEFI shell. But I'm not sure if the register is locked before this is done (I know very little about UEFI and its programming environment). Alternatively, is it possible to fix the BIOS update image or change it using standard tools? Who has heard of success in this area?

This feature applies to SGX (Extensions Software Guard). Board Asus Z170-K. Everything is available to support SGX, except that the BIOS cannot set this bit.

May 22 Update: I just updated the Asus Z170-K to the recently released BIOS 1803 (released May 20). It was a big leap in the version number, so I was hoping. Unfortunately, there is still no SGX support. I have now filed a new request with Asus, and this time I plan not just to brush it off. I think this is frankly amateurish, it is not supported from the very beginning - it is an integral part of Skylake processor support, so I think that all customers requiring this should try to get a refund (I know that I will do it).

+5
source share
4 answers

A beta version of BIOS version 3107 is now available on the Asus website. This version first includes SGX (it introduces a new SGX option in the BIOS menu). I did not confirm that it works, but at least this is progress. It seems that other motherboards in the Z170 series get BIOS updates starting with "3" to add SGX for them.

+2
source

Perhaps this is not possible without modifying the BIOS ROM and flashing again. Initializing the CPU is one of the earliest parts of the load. The lock bit will be set to SEC or PEI phase . Any extension you write will be for the DXE phase, which occurs later.

It is best to contact Asus Technical Support. They may release a BIOS update to fix the problem.

If you have not done so already, check for a BIOS update.

+3
source

SGX support will require much more than just setting bits in the MSR. UEFI must reserve a special memory block (Encave Page Cache) for SGX to work correctly, therefore, if ASUS does not support SGX from UEFI, you either need to implement it yourself (which will be difficult even with sufficient UEFI programming experience, due to the required binary modifications of the firmware) or wait until ASUS catches up.

+3
source

It seems that the ASUS Z170-A does not support Intel SGX. Intel Core i7 6700K processor. I tried to install Intel SGX PSW, but it says that the platform does not support Intel SGX. I searched Intel SGX settings in BIOS settings and did not find such an option. Then I did a BIOS update, the actual version is 1602 at this point .. it still does not support Intel SGX. It is unfortunate that Intel does not publish a list of motherboards that support SGX.

+1
source

Source: https://habr.com/ru/post/1241020/

More articles:


All Articles