Quantcast AES-NI support in TrueCrypt (Sandy Bridge problem) - Page 15

+ Reply to Thread
Page 15 of 36 FirstFirst ... 511121314151617181925 ... LastLast
Results 141 to 150 of 357
Like Tree1Likes

Thread: AES-NI support in TrueCrypt (Sandy Bridge problem)

  1. #141
    Notebook Enthusiast
    Join Date
    Oct 2011
    Posts
    24
    Rep Power
    8

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    Hey guys,
    I have just successfully enabled AES-NI on my N53SV (with 2630QM)! This should work on most sandy-bridge laptops with AES-NI disabled.
    I'll explain to you how I did it but I have to warn you: these steps are a bit involved. Also THIS IS ENTIRELY AT YOUR OWN RISK.
    The idea is based on this pastebin entry describing how to do it on certain lenovo laptops: Unlocking AES-NI on certain Lenovo notebooks models with UEFI (Insyde) firmware - Pastebin.com

    Ok, first we need phoenixtool, get it here (I used v1.91): Tool to Insert/Replace SLIC in Phoenix / Insyde / Dell / EFI BIOSes
    Second, get the latest BIOS from the asus website (I used v214).

    Now we open the bios file using phoenixtool, let it think for a while. Now select manufacturer ASUS and click the 'Advanced' button.
    Tick these boxes:
    - "Ask prior to each modification"
    - "Allow user modification of modules"
    - "Always allow user modification of modules"
    - "Allow user to modify other modules"
    - "Extract modules when verifying"
    - "No SLIC"
    - "Process all compressed modules (EFI)".
    Click Done and click Go.
    After a while it will prompt "You can now make manual alterations to any module in the DUMP directory", DON'T click OK yet!

    I happened to have MinGW (http://www.mingw.org/), together with MSYS installed on my system. If you read the stuff below and have absolutely no idea what I'm doing, it's actually pretty simple. First I disassemble all binaries, then I look for an instruction containing 0x13c.
    I used the MinGW shell to navigate to the DUMP directory and executed the following command:
    Code:
    for i in *; do objdump -D -b binary -mi386 $i > $i.asm; done
    But of course you can also use your favorite disassembler
    Next command I used is:
    Code:
    find . -iname '*.asm' | xargs grep -li 0x13c[^0-9a-f] > interesting_files.txt
    Which will create a list of files containing 0x13c (the address where the AES-NI configuration bits are stored)
    Next command I used:
    Code:
    for i in `cat interesting_files.txt`; do echo $i; grep -i 0x13c[^0-9a-f] $i; done
    This gives me the following output:
    Code:
    ./2BB5AFA9-FF33-417B-8497-CB773C2B93BF_1_739.ROM.asm
        2448:	bb 3c 01 00 00       	mov    $0x13c,%ebx
    ./A062CF1F-8473-4AA3-8793-600BC4FFE9A8_1_300.ROM.asm
       1dfd3:	67 66 26 8b 87 3c 01 	mov    %es:0x13c(%bx),%ax
    The first file seemed very interesting, hence opening it and jumping to the offset yielded:
    Code:
        2448:	bb 3c 01 00 00       	mov    $0x13c,%ebx ; sets EBX to 0x13c
        244d:	53                   	push   %ebx
        244e:	e8 bd 00 00 00       	call   0x2510 ; copies the AES-config to EAX
        2453:	59                   	pop    %ecx
        2454:	8b c8                	mov    %eax,%ecx
        2456:	89 55 dc             	mov    %edx,-0x24(%ebp)
        2459:	83 e1 01             	and    $0x1,%ecx
        245c:	33 d2                	xor    %edx,%edx
        245e:	0b ca                	or     %edx,%ecx
        2460:	75 10                	jne    0x2472 ; Jumps if config is already locked
        2462:	ff 75 dc             	pushl  -0x24(%ebp)
        2465:	83 c8 03             	or     $0x3,%eax ; <== Sets the first two bits of EAX to 1, WE NEED TO PATCH THIS
        2468:	50                   	push   %eax
        2469:	53                   	push   %ebx
        246a:	e8 a8 00 00 00       	call   0x2517 ; writes EAX to the AES-config
    The first bit of the AES-config means it is locked for writing, the second bit means AES-NI is disabled.
    So if we change "or $0x3,%eax" (first two bits) to "or $0x1,%eax" (only first bit), we will enable AES-NI. Hence 83 c8 03 needs to be changed to 83 c8 01.
    I used a hex editor to open 2BB5AFA9-FF33-417B-8497-CB773C2B93BF_1_739.ROM, patched offset 0x2467 and set it to 01.

    Now I clicked OK in phoenixtool and it created a nice new bios image, which I flashed using winflash (using /nodate as a command line argument since it would not flash otherwise because I'm not upgrading). Rebooted and it WORKED!

    Remark: If your BIOS seems to contain a section 2BB5AFA9-FF33-417B-8497-CB773C2B93BF_1_739, it is probably the first place to look for the instruction to patch. It may even be exactly the same as mine, so you may want to try looking at offset 0x2467 first.

  2. #142
    Newbie
    Join Date
    Aug 2011
    Posts
    5
    Rep Power
    8

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    Quote Originally Posted by carlicious View Post
    Hey guys,
    I have just successfully enabled AES-NI on my N53SV (with 2630QM)! This should work on most sandy-bridge laptops with AES-NI disabled.
    I'll explain to you how I did it but I have to warn you: these steps are a bit involved. Also THIS IS ENTIRELY AT YOUR OWN RISK.
    The idea is based on this pastebin entry describing how to do it on certain lenovo laptops: Unlocking AES-NI on certain Lenovo notebooks models with UEFI (Insyde) firmware - Pastebin.com
    Thank you!!!! It worked like a charm on my Asus A53E! The rom and address were the same as yours which made it extremely easy to do the mod. HERE is a link to my modified BIOS. It's version 214 for Asus A53E and K53E laptops.

    Proof: http://imgur.com/a/8Uxqy
    Last edited by wrathchild_67; 19th October 2011 at 12:07 AM. Reason: Added proof the mod worked.

  3. #143
    Notebook Consultant
    Join Date
    Jun 2011
    Posts
    111
    Rep Power
    9

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    please make bios 208 for N53SN!!!

  4. #144
    Notebook Enthusiast
    Join Date
    Oct 2011
    Posts
    24
    Rep Power
    8

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    Quote Originally Posted by ankhazam View Post
    please make bios 208 for N53SN!!!
    It was easy. Yours has the exact same section, here is the modded version:
    N53SNAS_AES.208

    I'll also post mine for the N53SV since I have it laying around anyway:
    N53SVAS_AES.214

    Try doing this yourself first, people.

  5. #145
    Notebook Consultant
    Join Date
    Aug 2005
    Posts
    102
    Rep Power
    23

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    @carlicious

    Which version of WinFlash did you use? I assume flashing with EZFlash won't work because of the build date check.

  6. #146
    Notebook Enthusiast
    Join Date
    Oct 2011
    Posts
    24
    Rep Power
    8

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    Quote Originally Posted by nebulus View Post
    @carlicious

    Which version of WinFlash did you use? I assume flashing with EZFlash won't work because of the build date check.
    I used the latest from the ASUS website, just use cmd.exe and cd to the winflash directory and type winflash /nodate, it should then accept any bios image.

  7. #147
    Newbie
    Join Date
    Oct 2011
    Posts
    3
    Rep Power
    0

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    Thank you carlicious!
    I flashed the modded BIOS you provided for the N53SV and it worked perfectly!

  8. #148
    Notebook Enthusiast
    Join Date
    Sep 2011
    Posts
    12
    Rep Power
    8

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    Do any of you have confirmation that flipping a bit in the BIOS is actually turning on AES-NI functionality on the Intel CPU? e.g. volume encryption benchmark, etc?

    HP is claiming the 2630QM doesn't actually support AES-NI and HP is also claiming the Intel website cpu spec page is wrong.

  9. #149
    Gone
    Join Date
    Apr 2010
    Posts
    872
    Rep Power
    16

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    Quote Originally Posted by jobriennbr View Post
    HP is claiming the 2630QM doesn't actually support AES-NI and HP is also claiming the Intel website cpu spec page is wrong.
    There are 2630QM's out there with AES-NI enabled, google should help you find them.


    One of the posters here flashed a modded BIOS with the MSR set to AES-NI enabled and still didn't get AES-NI. My thoughts on this is that it possible Intel initially might have released the 2630QM with AES-NI fused off and later changed the fusing (enabling CPU functions on the die) to enabled. This is something that would have to be chased up on with Intel, perhaps by trying the Intel processor support forum to start with.

    Easy enough to check by showing MSR 0x13c enabled for AES-NI (MSR 0x13c bit 1 clear and bit 0 set) but CPUID still showing AES-NI not available. Also check the revision ID of the stepping.

    Idk, if this were so then maybe this presents a problem with the manufactures if they enable it in BIOS and some end users have AES-NI and some don't for the same systems with earlier 2630QM and later 2630QM. Of course I'm only speculating here.
    Last edited by Dufus; 26th October 2011 at 12:52 PM.

  10. #150
    Newbie
    Join Date
    Oct 2011
    Posts
    3
    Rep Power
    0

    Default Re: AES-NI support in TrueCrypt (Sandy Bridge problem)

    My ASUS N53SV-XE1 came with AES-NI disabled. After flashing the modded bios image provided by carlicious on this page it is now enabled. IŽll post later a screenshot of my computer running the truecrypt benchmark.

    The notebook came with the "new revision" 2630qm (i read this revision fixed some bug). Bought it May/2011.


    Quote Originally Posted by jobriennbr View Post
    Do any of you have confirmation that flipping a bit in the BIOS is actually turning on AES-NI functionality on the Intel CPU? e.g. volume encryption benchmark, etc?

    HP is claiming the 2630QM doesn't actually support AES-NI and HP is also claiming the Intel website cpu spec page is wrong.

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -4. The time now is 06:40 AM.
Powered by vBulletin® Version 4.2.2
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
SEO by vBSEO 3.6.1