Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Asus N551VW and Intel BootGuard to Prevent Custom Bios?

noahvt24
Level 7

‎07-28-2016 07:54 AM - last edited on ‎03-06-2024 01:59 AM by Community Admin

Hello!

I just bought this Asus N551VW (skylake I7-6700HQ) and I'm loving it, the problem is that I would like to make some BIOS modifications to enable some options (like disable Intel HD530 for hackintosh purposes).

I created my modified BIOS ROM (with AMIBcp/AfuWin) and I am ready to flash it, the problem is: I've heard about something called "Intel Bootguard with verified boot" which essentially prevents any custom BIOS from booting (messages like "Bootguard verified DXE is fail")

I remember that the AMIBcp/AfuWin worked on Asus laptops like the X550 and N550 with haswell cpu's (which normally also have Intel bootguard) but I have no clue about the N551/GL551 and up...

Does anyone know if these skylake Asus laptops like the GL552VW, GL551VW, N551VW have Intel bootguard that prevents a custom BIOS?

Thanks!
0 Kudos
5,085 Views
1 REPLY 1

AtlasMinor
Level 8

‎07-28-2016 03:39 PM

Before i throw out input or ideas, was wondering if you planned on running windows OS 7 and above on the laptop ?

Its a very nice laptop and should have shiped with win10, alongside a 4k/UHD IPS display.

Anyways i had to double check before shooting myself with info off the top of my head becuase its become almost a daily routine for me to boot up and start thinking about all the new security (measures) <----- want that word to stick out for the listed below info

Your short answer:

Intel BootGuard is something that they wanted to be Equal to and Better than TPM.

Boot Guard has two separate modes, according to Intel. Every single PC OEM we know of configures it to work in “Verified Boot” mode. The PC manufacturer fuses their public key into the hardware itself. If the UEFI firmware isn’t signed by the OEM—that is, created by the OEM—the computer will halt and refuse to boot. That’s why you can’t modify the UEFI firmware or change it to something else.

The longer answer:

There’s also a second option: “Measured Boot” mode, where the hardware securely stores information about the boot process in a trusted platform module (TPM) or Intel Platform Trust Technology (PTT). The operating system could then examine this information, and—if there was a problem—present an error to the user.

TPM and PTT both are fully hard baked into windows10, to do what your trying to do you would have to completly remove these component support modules rendering the entire OS unusable.

You can try running the most free of free open source OS and you still wont be 'free'

The hardware was manufactured to do exactly what your seeing, no matter how you turn the laptop On.

Unavoidable. I would start looking into first in this order.

Windows HELLO
Biometrics (IR)
TPP
TPM
Secure Boot

Then tag the searchs with BootGuard or Intel and how windows10 is in fact keeping you safe not only online, but through Gaming. Yes, this crap now is gaming related to prevent... Cheating.

Its all in the research and webinaires, hope this helps. There is no GL for this, you purchased Hardware your not performing something like Hackintosh on,

Its a very nice laptop for these reasons.
0 Kudos