Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MP 1,1-5,1 MVC EFI BIOS for AMD 580?
- Thread starter bookemdano
- WikiPost WikiPost
- Start date
- Sort by reaction score
- Status
Even on a genuine MVC card, software dump still 256k, but if you open the card and dump it by hardware, that will be 512k. And apart from size, the data is also a bit different.
That's a security measurement of the MVC ROM.
Yea I think also there is a hardware protection on the chip. That particular chip's one of the legs has to be isolated (cut) or best just desolder the chip from the board.
It's completely normal for some cards with 512k chips to run 256k BIOS. It's very common with graphics cards, the suppliers sometimes run out of a certain size chip. The 256k bios can be flashed to other compatible cards without any issues. The remaining 256k is zeroed out.
Anybody who has one of this cards should dump the rom and post it to the forum.
There will - for sure - be "communication" within less than 24 hours.
could this be one... ? completely untested . DO NOT use this unless you know what you are doing.
Build date 2017? Doubt it.could this be one... ? completely untested . DO NOT use this unless you know what you are doing.
This is just the build date of the Pulses' stock bios 015.050.002.001.000000. MVC just doesn't bother adjusting these. So it doesn't mean too much.
Last edited:
Maybe you can try yourself?could this be one... ? completely untested . DO NOT use this unless you know what you are doing.
I do not own one of these cards. But if you do and have the soldering skills to swap the eeprom to one that can hold 512k (or are lucky to have a card which already has such on it), it's as easy as getting a 10$ usb spi flasher of amazon or else (maybe 1.8v adapter required too) and flash it. Worst thing that can happen is that it just does not work. So you reflash the card's stock rom (you backed up before!) and you are good to go again.
Just
Just had some closer look: All of the PC roms for the 8GB Pulse in techpowerup’s bios collection are of the exact same length like the one you linked to: 0x40000 bytes. Meanig the cards need to have 512k chips on them. So no soldering skills needed!
Last edited:
This is a real MVC-rom (download times will rise now). The disassembled efi-image has exactly the same structure i've seen before; only six functions, a huge encrypted data-section, which will be unscrambled on the working card.
Code:
************************* GOPupd 1.9.6.5 *************************
************************ Update EFI GOP ************************
***************** Drop VBIOS file on this .bat *****************
File Not Found
Using python from C:\Users\<user>\AppData\Local\Programs\Python\Python38-32\python.exe
Dumping info from = 218960.rom
ID of ROM file = 1002-67DF
***************************************************************
*** Extracting with UEFIRomExtract by AndyV ***
***************************************************************
Found compressed EFI ROM start at 0x5c
Input size: 70052, Output size: 70848, Scratch size: 13360
---------------------------------------------------------------
***************************************************************
*** Extracting with Python... ***
***************************************************************
EFI ROM is present, but is not standard GOP type.
EFI image is NOT signed!
Machine Code = x64
Checksum CRC32 = 742357B1
PE Checksum = 00 (Should be 11F3B)
---------------------------------------------------------------
***************************************************************
*** Processing with Python... ***
***************************************************************
Not GOP or GOP is not common type! Please report it!
I looked at the "MVC" rom file named "AT25DF041A.rom" posted online along with a YouTube video.
The MVC EFI rom is based on an Armor OC rom from MSI. The structure of all RX 580 roms I looked at is weird. Both the legacy BIOS section and the EFI rom section start with the magic number 0x55AA. The EFI part on the MVC rom is slightly longer than in the original MSI rom. All RX580 roms are 256 kB long, almost half of it padding, so I cannot see the reason for changing the ROM chip, as done in the accompanying video.
I could not make sense of any of the code in any of the roms with the tools I have, nothing in UEFITool and nothing in Hopper disassembler. The EFI part seems to be compressed, so it is not possible to see what changes were made.
Update: I compared the EFI part of the AT25DF041A.rom file to the EFI rom section in the 218960.rom_newGOP file posted by startergo above. They are not the same.
I fixed my post above to specify which ROM file I am speaking about. I will not post a link to the file or the YouTube video.
The MVC EFI rom is based on an Armor OC rom from MSI. The structure of all RX 580 roms I looked at is weird. Both the legacy BIOS section and the EFI rom section start with the magic number 0x55AA. The EFI part on the MVC rom is slightly longer than in the original MSI rom. All RX580 roms are 256 kB long, almost half of it padding, so I cannot see the reason for changing the ROM chip, as done in the accompanying video.
I could not make sense of any of the code in any of the roms with the tools I have, nothing in UEFITool and nothing in Hopper disassembler. The EFI part seems to be compressed, so it is not possible to see what changes were made.
Update: I compared the EFI part of the AT25DF041A.rom file to the EFI rom section in the 218960.rom_newGOP file posted by startergo above. They are not the same.
I fixed my post above to specify which ROM file I am speaking about. I will not post a link to the file or the YouTube video.
Last edited:
Inside is the compressed and the disassembled EFI ROM
Secure Boot Solutions for GOP
1. Duplicate the configuration data in both legacy VGA BIOS and GOP driver. The disadvantage: requires a larger ROM, raising the cost.
2. Apply the same authentication to both legacy VGA BIOS and GOP?
3. Have graphic vendors do their private hash on the legacy VGA BIOS image and let the GOP driver authenticate it in execution to ensure safety
And here is a more comprehensive study:
AMD and Nvidia GOP update (No requests, DIY)
I’m not really the guy to run on unlimited supply of patience, so this will be more a mix of tutorial, tool to do the job for you, assistance (“as long as you don’t insist with unlimited/unrelated questions” kind) and ABSOLUTELY NO GUARANTEES. Users should read this again, I am not offering any...
www.win-raid.com
Sure it is!
You need to use UEFIRomExtract first. I had to do this in Windows as the Mac version didn't work for me.
Last edited:
This is the decompressed code from EFI-section made of the dump from techpowerup-vga-collection. Please change the extension from .txt to .bin, .rom, .efi.
I'm sure the complete rom won't work. MVC changes spi-eeprom to avoid reading/deleting the rom by usual flashtools, e.g. atiflash.
I'm sure the complete rom won't work. MVC changes spi-eeprom to avoid reading/deleting the rom by usual flashtools, e.g. atiflash.
yes but the EFI ROM needs to be compressed for insertion in the VBIOS. Also it needs to point to the configuration table to work.
Maybe not „by usual flashtools“. But there are other ways as well!
Don't like to share some piece of experience to this case, cause i remember it not beeing "that welcome" here. All i can say is: There is not much to be lost by just giving it a try. At least if one has a backup copy of their card's stock rom.
Thanks!
...but there ist in fact not realy some point in decompressing it if not to just have a curious look inside. The first byte beeing edited will 100% stop it from working. As well as trying to combine the whole thing with some other vbios.
Sure. I decompressed the efi for people who wants to take a look into the code. Anyway, it is complete useless for most users; i guess, MVC is using a sort of hardware-protection and rom works only w/ the right flash-ic.
If this is the case, it must be new for the AMD cards. For the older nv roms i can "kind of" confirm that it wasn't. Or i was just lucky, picking the right one by coincidence.
Hi guys,
he is fully right with this guess.
I have been looked right after their release into the rom and the ability to combine and flash this on other cards. Like you already know this is in no case possible. The data part of the decompressed EFI is encrypted and probably needs to be decrypted to change one single value...
The thing I have directly seen last year when examining the modifications to the card was the different eeprom although it is not needed for a bigger size. Most of the cards or likely all are using 512kb sized chips.
The chip they have used was the atmel chip which was mentioned here earlier. This one has a special device id which is married to the EFI. Changing this value to the soldered chip should solve every magic about the work done to the card.
I can write you the device id if anyone is able to decrypt the part or to change the value in the efi.
Just a little hint. This work done to the efi and the "hardware protection" is very likely done by his russian colleague...
Another solution would be spoofing the device ID but I didn't found any mechanic to do this.
PS: soldering the right eeprom also solves this thing and is the common way of the other traders who are offering flashing and these flashed cards beside dave...However boosting this already overpriced chips is not the solution and economically. I have some of this chips here but inside me I am refusing to use these if the solution seems to be easy..
Last edited: