Hi there!
I'm looking for information about topic subject. Now the agenda is AMI's Aptio 8. For example, I see File System objects inside of raw firmware image but I can't determine main File System structures - no such values or signatures defined by Intel's Framework Specs. May be someone got into this damn too?
EFI BIOS Reverse Engeneering
-
maman
- Master Flasher
- Posts: 173
- Joined: Sun Mar 31, 2002 2:08 pm
- Location: Taka Bonerate National Park, Indonesia
- Contact:
I have no specific help for you, just a hint though. Have you gone to tianocore webite? https://www.tianocore.org/
btw, I'm not sure yet, but possibly it's a modification of FAT32 file system.
btw, I'm not sure yet, but possibly it's a modification of FAT32 file system.
People at the OSx86Project are also interested in this. Intel is supposed to be using "AMIBIOS Desktop Core 8.0" with its D945, P965 and D975X boards:
http://www.intel.com/design/motherbd/nt ... yspecs.htm
http://www.intel.com/design/motherbd/lt ... yspecs.htm
http://www.intel.com/design/motherbd/bx ... yspecs.htm
Like Aptio, AMIBIOS8 is an EFI based BIOS.
We have been able to load an Apple .efi module to read HFS+ file system from the EFI Shell on such systems.
For information see this: http://forum.insanelymac.com/index.php?showforum=74
http://www.intel.com/design/motherbd/nt ... yspecs.htm
http://www.intel.com/design/motherbd/lt ... yspecs.htm
http://www.intel.com/design/motherbd/bx ... yspecs.htm
Like Aptio, AMIBIOS8 is an EFI based BIOS.
We have been able to load an Apple .efi module to read HFS+ file system from the EFI Shell on such systems.
For information see this: http://forum.insanelymac.com/index.php?showforum=74
Last edited by bofors on Tue Aug 08, 2006 3:10 pm, edited 1 time in total.
This description of AMIBIOS8 implies it is EFI firmware: http://www.ami.com/support/doc/AMIBIOS8-Desktop.pdf. Note that the "Highlights" section on the first page states "Extensible Firmware Interface (EFI)".
But I guess this AMI Press Release sums it up much better, AMIBIOS8 is a BIOS based firmware that can be converted into EFI compliant firmware:
But I guess this AMI Press Release sums it up much better, AMIBIOS8 is a BIOS based firmware that can be converted into EFI compliant firmware:
http://www.ami.com/news/pressshow.cfm?PrID=102Monday: February 25, 2002
INTEL DEVELOPER FORUM (IDF), SAN FRANCISCO, California (Monday, February 25, 2002) American Megatrends Inc. (AMI), a leader in storage and computing innovations worldwide, presents a number of Extensible Firmware Interface (EFI) products at Intel Developer Forum (IDF) Spring 2002, booth 607 (February 25-28, Moscone Center, San Francisco, Ca).
EFI support is available with AMIBIOS8™, Enterprise64™, AMIDiag® and other software utility product lines.
...
AMIBIOS8, a leading edge solution for 32-bit based BIOS development, also offers EFI firmware support. AMIBIOS8 uses snap-in expansion modules, called ''eModules'', to facilitate new technologies. The EFI eModule can be added to any AMIBIOS8 solution. ''The AMIBIOS8 modular architecture easily supports new technology to benefit the OEM and ODM,'' said Mike Shields, AMI Software Sales Manager.
''AMI’s implementation of EFI on 32-bit platforms is designed to facilitate the transition from the legacy PC interface to a fully compliant EFI platform. Our EFI module operates side-by side with the legacy BIOS,'' added Brian Richardson, BIOS Sales Engineer.
Last edited by bofors on Tue Aug 08, 2006 3:10 pm, edited 1 time in total.
-
maman
- Master Flasher
- Posts: 173
- Joined: Sun Mar 31, 2002 2:08 pm
- Location: Taka Bonerate National Park, Indonesia
- Contact:
hmm.. this eModules. It's interesting, I wonder where I can download one of the BIOS binary image (AMIBIOS8 with eModules).
The press release says that it's an expansion module. It's possible that it's implemented just like an expansion ROM, but takes a quite different approach in the way to execute it.
It reminds me to the etBIOS module
The press release says that it's an expansion module. It's possible that it's implemented just like an expansion ROM, but takes a quite different approach in the way to execute it.
It reminds me to the etBIOS module
How about an Intel BIOS update for the D945GNT: http://downloadfinder.intel.com/scripts ... bmit=Go%21 ?maman wrote:hmm.. this eModules. It's interesting, I wonder where I can download one of the BIOS binary image (AMIBIOS8 with eModules).
It supposed to be an AMIBIOS8 with the EFI eModule.
Last edited by bofors on Tue Aug 08, 2006 3:10 pm, edited 1 time in total.
-
stonecoldtx
- New visitors - please read the rules.
- Posts: 6
- Joined: Tue Jul 25, 2006 12:11 am
Well, apparently not all Intel boards are using this type of BIOS/Firmware on their implementations.
I have one of the new Shuttle X100 machines, and it has an Intel 945GM board in it, which uses a Phoenix BIOS.
EDIT: I may have misunderstood your post; if you were referring to Intel-built motherboards, then it may be true, but apparently if the vendor is *not* Intel, it could be pretty much anything . . . unless Phoenix/Award has merged with AMI!
I have one of the new Shuttle X100 machines, and it has an Intel 945GM board in it, which uses a Phoenix BIOS.
EDIT: I may have misunderstood your post; if you were referring to Intel-built motherboards, then it may be true, but apparently if the vendor is *not* Intel, it could be pretty much anything . . . unless Phoenix/Award has merged with AMI!
That's right, I am just talking about retail EFI motherboards sold by Intel.
-
pipomolo42
- New visitors - please read the rules.
- Posts: 7
- Joined: Thu Jul 05, 2007 10:45 am
Hello,
You can find full details about the firmware image in the "UEFI Platform Initialization Specification 1.0" available at uefi.org
Please note that some of the EFI images provided by intel do not correctly follow the specs: they add no padding between files (which are then no longer aligned on a 8 byte boundary)
People at http://forum.insanelymac.com/index.php? ... 917&st=300 have built a tool that extracts and uncompresses files from an EFI image
I have created a parser for EFI images for the hachoir.org project (in parsers/misc/pifv.py)
For the reverse engineering part, you might want to have a look at the EFI/UEFI spec itself: each EFI application and driver's entrypoint is called with a structure of pointers to the EFI API functions as second argument, so there's a lot of calls to esp+offset. Also, if someone can point to a tool that can automate this lookup, it could also help me a lot.
You can find full details about the firmware image in the "UEFI Platform Initialization Specification 1.0" available at uefi.org
Please note that some of the EFI images provided by intel do not correctly follow the specs: they add no padding between files (which are then no longer aligned on a 8 byte boundary)
People at http://forum.insanelymac.com/index.php? ... 917&st=300 have built a tool that extracts and uncompresses files from an EFI image
I have created a parser for EFI images for the hachoir.org project (in parsers/misc/pifv.py)
For the reverse engineering part, you might want to have a look at the EFI/UEFI spec itself: each EFI application and driver's entrypoint is called with a structure of pointers to the EFI API functions as second argument, so there's a lot of calls to esp+offset. Also, if someone can point to a tool that can automate this lookup, it could also help me a lot.
EFI based bios image format is FFS which stands for Firmware File System.
Every EFI bios image is devided into at least 3 FVs. Here FV means firmware volume. FV is just looks like disk partitions for firmware device.
There are so many modules or files stored on each FV. These files, or eModules which AMI called, can be anything. Every file has a GUID.
But some FV is compressed. And EFI spec allows OEM/IBV use their own compress routine. So it's diffcult to decompress these FVs.
Every EFI bios image is devided into at least 3 FVs. Here FV means firmware volume. FV is just looks like disk partitions for firmware device.
There are so many modules or files stored on each FV. These files, or eModules which AMI called, can be anything. Every file has a GUID.
But some FV is compressed. And EFI spec allows OEM/IBV use their own compress routine. So it's diffcult to decompress these FVs.
-
pipomolo42
- New visitors - please read the rules.
- Posts: 7
- Joined: Thu Jul 05, 2007 10:45 am
Well, as far as I know, the default compression/decompression algorithm is detailed in the specification, and you can even get sample code on http://edk2.tianocore.org .
I used this sample to build some compression & decompression binaries, you can find the details here: http://themacelite.com/forums/viewtopic ... ight=#4603 .
Also, I think I missed the part of the spec telling that third parties were allowed to use some other algorithms ... And it would still require some coordination between the EFI vendor and the device vendor.
I used this sample to build some compression & decompression binaries, you can find the details here: http://themacelite.com/forums/viewtopic ... ight=#4603 .
Also, I think I missed the part of the spec telling that third parties were allowed to use some other algorithms ... And it would still require some coordination between the EFI vendor and the device vendor.
Hi, pipomolo42
I works for a EFI bios vendor. I know Apple use default algorithm, but we don't. Intel also use customized version fot its own board.
AMI use default on some engineering sample bios, but use customized one in its product bios.
I works for a EFI bios vendor. I know Apple use default algorithm, but we don't. Intel also use customized version fot its own board.
AMI use default on some engineering sample bios, but use customized one in its product bios.