1. You may have noticed things look a little different around here - we've switched to a new platform (XenForo) and have some new forum styles and features. This how-to guide will help you find your way around. If you find anything that looks strange, post it in this thread.

AES-NI support in TrueCrypt (Sandy Bridge problem)

Discussion in 'Windows OS and Software' started by Skywise, May 31, 2011.

  1. carlicious

    carlicious Notebook Enthusiast

    Reputations:
    22
    Joined:
    Oct 18, 2011
    Messages:
    24
    Hey guys,
    I have just successfully enabled AES-NI on my N53SV (with 2630QM)! This should work on most sandy-bridge laptops with AES-NI disabled.
    I'll explain to you how I did it but I have to warn you: these steps are a bit involved. Also THIS IS ENTIRELY AT YOUR OWN RISK.
    The idea is based on this pastebin entry describing how to do it on certain lenovo laptops: Unlocking AES-NI on certain Lenovo notebooks models with UEFI (Insyde) firmware - Pastebin.com

    Ok, first we need phoenixtool, get it here (I used v1.91): Tool to Insert/Replace SLIC in Phoenix / Insyde / Dell / EFI BIOSes
    Second, get the latest BIOS from the asus website (I used v214).

    Now we open the bios file using phoenixtool, let it think for a while. Now select manufacturer ASUS and click the 'Advanced' button.
    Tick these boxes:
    - "Ask prior to each modification"
    - "Allow user modification of modules"
    - "Always allow user modification of modules"
    - "Allow user to modify other modules"
    - "Extract modules when verifying"
    - "No SLIC"
    - "Process all compressed modules (EFI)".
    Click Done and click Go.
    After a while it will prompt "You can now make manual alterations to any module in the DUMP directory", DON'T click OK yet!

    I happened to have MinGW (http://www.mingw.org/), together with MSYS installed on my system. If you read the stuff below and have absolutely no idea what I'm doing, it's actually pretty simple. First I disassemble all binaries, then I look for an instruction containing 0x13c.
    I used the MinGW shell to navigate to the DUMP directory and executed the following command:
    Code:
    for i in *; do objdump -D -b binary -mi386 $i > $i.asm; done
    But of course you can also use your favorite disassembler
    Next command I used is:
    Code:
    find . -iname '*.asm' | xargs grep -li 0x13c[^0-9a-f] > interesting_files.txt
    Which will create a list of files containing 0x13c (the address where the AES-NI configuration bits are stored)
    Next command I used:
    Code:
    for i in `cat interesting_files.txt`; do echo $i; grep -i 0x13c[^0-9a-f] $i; done
    This gives me the following output:
    Code:
    ./2BB5AFA9-FF33-417B-8497-CB773C2B93BF_1_739.ROM.asm
        2448:	bb 3c 01 00 00       	mov    $0x13c,%ebx
    ./A062CF1F-8473-4AA3-8793-600BC4FFE9A8_1_300.ROM.asm
       1dfd3:	67 66 26 8b 87 3c 01 	mov    %es:0x13c(%bx),%ax
    The first file seemed very interesting, hence opening it and jumping to the offset yielded:
    Code:
        2448:	bb 3c 01 00 00       	mov    $0x13c,%ebx ; sets EBX to 0x13c
        244d:	53                   	push   %ebx
        244e:	e8 bd 00 00 00       	call   0x2510 ; copies the AES-config to EAX
        2453:	59                   	pop    %ecx
        2454:	8b c8                	mov    %eax,%ecx
        2456:	89 55 dc             	mov    %edx,-0x24(%ebp)
        2459:	83 e1 01             	and    $0x1,%ecx
        245c:	33 d2                	xor    %edx,%edx
        245e:	0b ca                	or     %edx,%ecx
        2460:	75 10                	jne    0x2472 ; Jumps if config is already locked
        2462:	ff 75 dc             	pushl  -0x24(%ebp)
        2465:	83 c8 03             	or     $0x3,%eax ; <== Sets the first two bits of EAX to 1, WE NEED TO PATCH THIS
        2468:	50                   	push   %eax
        2469:	53                   	push   %ebx
        246a:	e8 a8 00 00 00       	call   0x2517 ; writes EAX to the AES-config
    The first bit of the AES-config means it is locked for writing, the second bit means AES-NI is disabled.
    So if we change "or $0x3,%eax" (first two bits) to "or $0x1,%eax" (only first bit), we will enable AES-NI. Hence 83 c8 03 needs to be changed to 83 c8 01.
    I used a hex editor to open 2BB5AFA9-FF33-417B-8497-CB773C2B93BF_1_739.ROM, patched offset 0x2467 and set it to 01.

    Now I clicked OK in phoenixtool and it created a nice new bios image, which I flashed using winflash (using /nodate as a command line argument since it would not flash otherwise because I'm not upgrading). Rebooted and it WORKED!

    Remark: If your BIOS seems to contain a section 2BB5AFA9-FF33-417B-8497-CB773C2B93BF_1_739, it is probably the first place to look for the instruction to patch. It may even be exactly the same as mine, so you may want to try looking at offset 0x2467 first.
     
  2. wrathchild_67

    wrathchild_67 Newbie

    Reputations:
    0
    Joined:
    Aug 11, 2011
    Messages:
    5
    Thank you!!!! It worked like a charm on my Asus A53E! The rom and address were the same as yours which made it extremely easy to do the mod. HERE is a link to my modified BIOS. It's version 214 for Asus A53E and K53E laptops.

    Proof: http://imgur.com/a/8Uxqy
     
  3. ankhazam

    ankhazam Notebook Consultant

    Reputations:
    15
    Joined:
    Jun 15, 2011
    Messages:
    111
    please make bios 208 for N53SN!!!
     
  4. carlicious

    carlicious Notebook Enthusiast

    Reputations:
    22
    Joined:
    Oct 18, 2011
    Messages:
    24
    It was easy. Yours has the exact same section, here is the modded version:
    N53SNAS_AES.208

    I'll also post mine for the N53SV since I have it laying around anyway:
    N53SVAS_AES.214

    Try doing this yourself first, people.
     
  5. nebulus

    nebulus Notebook Consultant

    Reputations:
    1
    Joined:
    Aug 4, 2005
    Messages:
    104
    @carlicious

    Which version of WinFlash did you use? I assume flashing with EZFlash won't work because of the build date check.
     
  6. carlicious

    carlicious Notebook Enthusiast

    Reputations:
    22
    Joined:
    Oct 18, 2011
    Messages:
    24
    I used the latest from the ASUS website, just use cmd.exe and cd to the winflash directory and type winflash /nodate, it should then accept any bios image.
     
  7. gh0st01

    gh0st01 Newbie

    Reputations:
    0
    Joined:
    Oct 24, 2011
    Messages:
    3
    Thank you carlicious!
    I flashed the modded BIOS you provided for the N53SV and it worked perfectly!
     
  8. jobriennbr

    jobriennbr Notebook Enthusiast

    Reputations:
    13
    Joined:
    Sep 19, 2011
    Messages:
    13
    Do any of you have confirmation that flipping a bit in the BIOS is actually turning on AES-NI functionality on the Intel CPU? e.g. volume encryption benchmark, etc?

    HP is claiming the 2630QM doesn't actually support AES-NI and HP is also claiming the Intel website cpu spec page is wrong.
     
  9. Dufus

    Dufus Given Up

    Reputations:
    1,077
    Joined:
    Apr 18, 2010
    Messages:
    939
    There are 2630QM's out there with AES-NI enabled, google should help you find them.
    [​IMG]

    One of the posters here flashed a modded BIOS with the MSR set to AES-NI enabled and still didn't get AES-NI. My thoughts on this is that it possible Intel initially might have released the 2630QM with AES-NI fused off and later changed the fusing (enabling CPU functions on the die) to enabled. This is something that would have to be chased up on with Intel, perhaps by trying the Intel processor support forum to start with.

    Easy enough to check by showing MSR 0x13c enabled for AES-NI (MSR 0x13c bit 1 clear and bit 0 set) but CPUID still showing AES-NI not available. Also check the revision ID of the stepping.

    Idk, if this were so then maybe this presents a problem with the manufactures if they enable it in BIOS and some end users have AES-NI and some don't for the same systems with earlier 2630QM and later 2630QM. Of course I'm only speculating here.
     
  10. gh0st01

    gh0st01 Newbie

    Reputations:
    0
    Joined:
    Oct 24, 2011
    Messages:
    3
    My ASUS N53SV-XE1 came with AES-NI disabled. After flashing the modded bios image provided by carlicious on this page it is now enabled. I´ll post later a screenshot of my computer running the truecrypt benchmark.

    The notebook came with the "new revision" 2630qm (i read this revision fixed some bug). Bought it May/2011.


     
Similar Threads: AES-NI support
Forum Title Date
Windows OS and Software Raspberry Pi2 to support Win10 (free license) Feb 2, 2015
Windows OS and Software Lenovo X230 Windows 10 Support Jan 14, 2015
Windows OS and Software Microsoft Ends Mainstream Support For Windows 7 Jan 13, 2015
Windows OS and Software Windows 7 will not support DX12 Nov 14, 2014
Windows OS and Software Must have software for tech support rep Aug 2, 2014

Share This Page