I have just successfully enabled AES-NI on my N53SV (with 2630QM)! This should work on most sandy-bridge laptops with AES-NI disabled.
I'll explain to you how I did it but I have to warn you: these steps are a bit involved. Also THIS IS ENTIRELY AT YOUR OWN RISK.
The idea is based on this pastebin entry describing how to do it on certain lenovo laptops: Unlocking AES-NI on certain Lenovo notebooks models with UEFI (Insyde) firmware - Pastebin.com
Ok, first we need phoenixtool, get it here (I used v1.91): Tool to Insert/Replace SLIC in Phoenix / Insyde / Dell / EFI BIOSes
Second, get the latest BIOS from the asus website (I used v214).
Now we open the bios file using phoenixtool, let it think for a while. Now select manufacturer ASUS and click the 'Advanced' button.
Tick these boxes:
- "Ask prior to each modification"
- "Allow user modification of modules"
- "Always allow user modification of modules"
- "Allow user to modify other modules"
- "Extract modules when verifying"
- "No SLIC"
- "Process all compressed modules (EFI)".
Click Done and click Go.
After a while it will prompt "You can now make manual alterations to any module in the DUMP directory", DON'T click OK yet!
I happened to have MinGW (http://www.mingw.org/), together with MSYS installed on my system. If you read the stuff below and have absolutely no idea what I'm doing, it's actually pretty simple. First I disassemble all binaries, then I look for an instruction containing 0x13c.
I used the MinGW shell to navigate to the DUMP directory and executed the following command:
But of course you can also use your favorite disassembler
for i in *; do objdump -D -b binary -mi386 $i > $i.asm; done
Next command I used is:
Which will create a list of files containing 0x13c (the address where the AES-NI configuration bits are stored)
find . -iname '*.asm' | xargs grep -li 0x13c[^0-9a-f] > interesting_files.txt
Next command I used:
This gives me the following output:
for i in `cat interesting_files.txt`; do echo $i; grep -i 0x13c[^0-9a-f] $i; done
The first file seemed very interesting, hence opening it and jumping to the offset yielded:
2448: bb 3c 01 00 00 mov $0x13c,%ebx
1dfd3: 67 66 26 8b 87 3c 01 mov %es:0x13c(%bx),%ax
The first bit of the AES-config means it is locked for writing, the second bit means AES-NI is disabled.
2448: bb 3c 01 00 00 mov $0x13c,%ebx ; sets EBX to 0x13c
244d: 53 push %ebx
244e: e8 bd 00 00 00 call 0x2510 ; copies the AES-config to EAX
2453: 59 pop %ecx
2454: 8b c8 mov %eax,%ecx
2456: 89 55 dc mov %edx,-0x24(%ebp)
2459: 83 e1 01 and $0x1,%ecx
245c: 33 d2 xor %edx,%edx
245e: 0b ca or %edx,%ecx
2460: 75 10 jne 0x2472 ; Jumps if config is already locked
2462: ff 75 dc pushl -0x24(%ebp)
2465: 83 c8 03 or $0x3,%eax ; <== Sets the first two bits of EAX to 1, WE NEED TO PATCH THIS
2468: 50 push %eax
2469: 53 push %ebx
246a: e8 a8 00 00 00 call 0x2517 ; writes EAX to the AES-config
So if we change "or $0x3,%eax" (first two bits) to "or $0x1,%eax" (only first bit), we will enable AES-NI. Hence 83 c8 03 needs to be changed to 83 c8 01.
I used a hex editor to open 2BB5AFA9-FF33-417B-8497-CB773C2B93BF_1_739.ROM, patched offset 0x2467 and set it to 01.
Now I clicked OK in phoenixtool and it created a nice new bios image, which I flashed using winflash (using /nodate as a command line argument since it would not flash otherwise because I'm not upgrading). Rebooted and it WORKED!
Remark: If your BIOS seems to contain a section 2BB5AFA9-FF33-417B-8497-CB773C2B93BF_1_739, it is probably the first place to look for the instruction to patch. It may even be exactly the same as mine, so you may want to try looking at offset 0x2467 first.