Official GIGABYTE Forum

Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)

Oubadah

  • 51
  • 0
Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« on: August 10, 2016, 12:59:27 am »
I'm looking for owners of the G.1 Sniper M3 who have tried enabling Secureboot. You may have done this if you run Windows 8 or 10. The feature only exists in BIOS version F10f, and involves setting OS Type to "Windows 8" in the BIOS settings.

I'd also like to hear from anyone who knows anything about SecureBoot causing BIOS corruption in 2013-2014 era gigabyte motherboards.

I believe the SecureBoot feature in the G.1 Sniper M3 may be bugged and cause BIOS corruption. It could just be that my unit is faulty (unlikely for various reasons), but the only way I can rule this out is by finding G.1 Sniper M3 users who are successfully using SecureBoot. So far I've hunted down several M3 users running SecureBoot-supported operating systems, but none of then have actually enabled it in the BIOS.
« Last Edit: August 10, 2016, 01:03:18 am by Oubadah »

shadowsports

  • 2259
  • 67
  • Xbox One, Drives STI, Use QVL RAM For Best Results
    • Gigabyte US
Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #1 on: August 10, 2016, 05:15:27 am »
I installed W8.1 on my Z97.  UEFI, No legacy support and secure boot.  No issues for over a year.  Recently updated that machine to W10.  Haven't turned it on since the end of last month, but I don't anticipate any issues.  Different board and BIOS of course. 
Z390 AORUS PRO (F10) \850w, 9900K, 32GB GSkill TriZ RGB - 16-18-18-38, RTX 3080Ti FTW3 Ultra, 960 Pro_m.2, W11
Z370-HD3P (F5) \750w, 8350K, 8GB LPX 3200 - 16-18-18-38, GTX 970 FTW SC, Intel SSD, 2TB RAID1, W11
Z97X-UD5H \850w, 4790K, 32GB Vengeance, RTX 2080 FTW

Oubadah

  • 51
  • 0
Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #2 on: August 10, 2016, 05:36:51 am »
I installed W8.1 on my Z97.  UEFI, No legacy support and secure boot.  No issues for over a year.  Recently updated that machine to W10.  Haven't turned it on since the end of last month, but I don't anticipate any issues.  Different board and BIOS of course.

Yeah, I've had no issues with SecureBoot on newer Gigabyte boards, but their BIOSes were all designed with SecureBoot from the start. The z77 Sniper M3 only had it retrofitted into the final BIOS (a beta). I'm wondering how thoroughly the feature was tested.

I've contacted Gigabyte support about this. They claim that my main BIOS is faulty and that I should have the board repaired. That's not going to happen because the board is out of warranty, but I'm a bit skeptical of the idea that it's faulty anyway. If I could find one person that is able to enable SecureBoot on their Sniper M3 with no adverse effects, then sure, I'll concede that my unit is probably faulty. But So far I've been unable to find any such person (mainly because none of them use SecureBoot, and I can't well ask them to try enabling a feature that I suspect soft-bricks the board). So, at this point I can only ask which is more probable:

1) My main BIOS is faulty, but some miracle allows it to operate 100% normally unless I enable SecureBoot.
2) The SecureBoot functionality in the BIOS is bugged, probably because it was hastily retrofitted into the last beta BIOS (this board didn't support SecureBoot before F10f) and no-one at Gigabyte spent much time testing it.

The other thing that's making me lean toward #2 is that I found a report in the Gigabyte BIOS TweakTown thread of a x79 secureboot suspiciously similar BIOS bug:

Quote
...enabling secureboot and provisioning the default keys makes the system not able to boot at all. Not even to bios splash logo...when I enable SecureBoot it can't boot, at all. Not even the CPU_FAN starts spinning. The only way to recover from this is do a manual DUALBIOS flashback from the backup bios...

http://forums.tweaktown.com/gigabyte/28441-gigabyte-latest-beta-bios-910.html#post480600

EDIT: I just found another report of SecureBoot corrupting the BIOS of a Gigabyte board of the 7-series chipset era:

http://forum.giga-byte.co.uk/index.php?topic=13147.0, and in that thread they link to yet another similar complaint.

So I continue my search for a Sniper M3 user who is successfully using SecureBoot, or a particularly intrepid one who is willing to potentially corrupt their BIOS (temporarily) and test out the setting.
« Last Edit: August 10, 2016, 05:49:45 am by Oubadah »

shadowsports

  • 2259
  • 67
  • Xbox One, Drives STI, Use QVL RAM For Best Results
    • Gigabyte US
Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #3 on: August 11, 2016, 06:37:29 am »
I see what you are saying about the Z77 and no Secure Boot implementation until F10f BIOS.  Does the BIOS have a way for you to clear stored keys That Secure Boot relies on?  This might allow you to recover if this settings is available.  I have a Z77 board around here somewhere, but its an Asus and had UEFI / Secure Boot support out of the box if I remember right.    So won't help. 

Hopefully another Sniper owner will chime in and assist.
Z390 AORUS PRO (F10) \850w, 9900K, 32GB GSkill TriZ RGB - 16-18-18-38, RTX 3080Ti FTW3 Ultra, 960 Pro_m.2, W11
Z370-HD3P (F5) \750w, 8350K, 8GB LPX 3200 - 16-18-18-38, GTX 970 FTW SC, Intel SSD, 2TB RAID1, W11
Z97X-UD5H \850w, 4790K, 32GB Vengeance, RTX 2080 FTW

Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #4 on: August 13, 2016, 02:18:09 pm »
OK I have just setup a G1 Sniper M3 which has the F10f bios also and can confirm if the OS is selected as either Windows 8 or Windows 8 WHQL and then secure boot is enabled the board will not post and the bios then needs to be cleared and then reconfigured.
Hope this helps as unless this setting requires something else to be configured then it looks like this bios setting doesnt work and that there is nothing inherently wrong with your motherboard.

shadowsports

  • 2259
  • 67
  • Xbox One, Drives STI, Use QVL RAM For Best Results
    • Gigabyte US
Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #5 on: August 14, 2016, 12:31:38 am »
OK I have just setup a G1 Sniper M3 which has the F10f bios also and can confirm if the OS is selected as either Windows 8 or Windows 8 WHQL and then secure boot is enabled the board will not post and the bios then needs to be cleared and then reconfigured.
Hope this helps as unless this setting requires something else to be configured then it looks like this bios setting doesnt work and that there is nothing inherently wrong with your motherboard.

This is helpful feedback.  Corruption is possible, but it does sound like something with the keys or policy Secure Boot uses to validate OS signature.  Asus MB's display an error, I don't know what Gigabyte boards do if the signature cannot be read.

Oubadah, this may be the confirmation you are seeking.   

off topic...  I think we are going to see a second iteration of SB anyways since the keys to bypass the checks were leaked by MS a few months ago.     
Z390 AORUS PRO (F10) \850w, 9900K, 32GB GSkill TriZ RGB - 16-18-18-38, RTX 3080Ti FTW3 Ultra, 960 Pro_m.2, W11
Z370-HD3P (F5) \750w, 8350K, 8GB LPX 3200 - 16-18-18-38, GTX 970 FTW SC, Intel SSD, 2TB RAID1, W11
Z97X-UD5H \850w, 4790K, 32GB Vengeance, RTX 2080 FTW

Oubadah

  • 51
  • 0
Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #6 on: August 14, 2016, 08:53:09 am »
OK I have just setup a G1 Sniper M3 which has the F10f bios also and can confirm if the OS is selected as either Windows 8 or Windows 8 WHQL and then secure boot is enabled the board will not post and the bios then needs to be cleared and then reconfigured.
Hope this helps as unless this setting requires something else to be configured then it looks like this bios setting doesnt work and that there is nothing inherently wrong with your motherboard.

Thanks, I really appreciate your response. When you say "cleared and reconfigured", does that include manually initiating a dualBIOS restore?

In my testing, this bug has two potential levels of severity:

First: Corruption of the BIOS interface.

To replicate:

- Set OS Type to Windows 8
- Set CSM support to Never
- Save and exit BIOS
- Enter BIOS

BIOS is partially unreadable with color blocks everywhere. In this case you can fix it by F7 (load defaults) and restart.

Second: More severe corruption of the BIOS, effectively soft-bricking the board.

To replicate:

- Set OS Type to Windows 8
- Set CSM support to Never
- Install default SecureBoot keys
- Save and exit BIOS
- Enter BIOS (BIOS interface will be corrupted as before)
- Restore defaults
- Save and exit BIOS

System will enter a short boot loop (so short that most people won't even know it's a loop), and the only way to recover is to manually initiate a DualBIOS restore (DualBIOS will say the BIOS is corrupted), which restores from the backup BIOS.

Could you confirm that you've seen the first type? Here is a video demonstrating the issue: https://youtu.be/aYd0c7HnvZA

I'm currently in communication with a Gigabyte support rep regarding this issue, so I want to make sure I have my facts straight and that I'm 100% sure that there is nothing uniquely wrong with my board.
« Last Edit: August 14, 2016, 08:54:14 am by Oubadah »

Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #7 on: August 14, 2016, 06:01:14 pm »
When I load defaults enter bios and change the settings as you describe (the first part above) my system fails to post gives me one long and three short beeps...I cannot enter bios.
As I have my bios profile saved I simply hard reset the bios(jumper) and then enter bios to reload the profile.

My system is a raid config so beyond the above and short of reconfiguring and reloading an OS its about as far as I can go really as I dont feel the need to use secure boot.

Clearly there are issues with either the way it is implemented or the combination of bios settings ...however I doubt Gigabyte will address the problem, after all,the board is now relatively old and the number of users with this issue will likely be small. I'm afraid you will likely be fobbed off with a hardware excuse when in fact it is highly likley the issue is indeed the bios implementation.
« Last Edit: August 14, 2016, 06:10:56 pm by cjapeterborough »

dmdilks

  • 3094
  • 43
  • "If it isn't broke don't fix it"
    • http://dmdcomputerservice.webs.com/
Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #8 on: August 14, 2016, 10:50:23 pm »
It really is on what hardware he is using everything has to be UEFI support for everything to work. The big one in this game of secureboot is the video card.
X299X Aorus Master, i9-9940x-3.30Ghz, 64gb G-Skill DDR4-2400, MSI RTX-3070 8GB, Cooler Master case, Thermal-take PSU 850w, 1-M2-NMVe SSD-512gb, 3-Pny 1TB SSD, 2-WD Raptors 1TB, Win 10 pro 64bit, Asus 35" 144Mhz Monitor.

Oubadah

  • 51
  • 0
Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #9 on: August 15, 2016, 03:03:07 am »
When I load defaults enter bios and change the settings as you describe (the first part above) my system fails to post gives me one long and three short beeps...I cannot enter bios.
As I have my bios profile saved I simply hard reset the bios(jumper) and then enter bios to reload the profile.

My system is a raid config so beyond the above and short of reconfiguring and reloading an OS its about as far as I can go really as I dont feel the need to use secure boot.

Damn, sounds like you don't have quite the same issue after all. For me it's one of the two outcomes above (depending on whether the secureboot keys are loaded), and with the second type there is definitely no beeping.

Are you using a discrete GPU, and if so, what is it? As per dmdilks' post, you must have a UEFI GOP GPU to use secureboot. Any other add-on cards? My system (currently stripped down for diagnostic purposes) consists of motherboard, RAM, CPU (using IGP), and single SATA SSD.

I doubt Gigabyte will address the problem, after all,the board is now relatively old and the number of users with this issue will likely be small. I'm afraid you will likely be fobbed off with a hardware excuse when in fact it is highly likley the issue is indeed the bios implementation.

Yes, the rep already told me my board needed repairing, but I persisted, and they actually seem to be putting some effort into replicating the issue.

I'm 99% sure it's not a fault with my board, because I've found one picture of the exact same pattern of BIOS UI corruption I get (gigabyte board, but a different model), and also numerous forum mentions of the bootloop issue (all in different Gigabyte boards, but from around the same era as the M3). All of these complaints linked to SecureBoot. Really, what are the chances that my board has a unique fault that just happens to manifest itself like these known issues. When I gave the rep my list of secureboot bootloop mentions, they insinuated that it was a known issue, but that it had been fixed in all those boards via BIOS updates. Maybe the M3 slipped through the cracks?

The rep tried to reproduce the issue on an in-house M3 unit, but apparently could not. I gave them more specific information on my BIOS configuration, and now I'm waiting for a response. So as I said, they do seem to be taking it more seriously than I would have expected for such an old board.

The other thing that gives me hope is the fact that they've already supplied me with an F11 BIOS without the vulnerable SystemSmmRuntimeRt driver. (Obviously when I asked for the SystemSmmRuntimeRt fix I wasn't aware that SecureBoot was totally unusable on the board)

I was just really hoping to find another user of this specific model who had seen exactly the same results as me, so I had some unequivocal evidence to point to outside of my sample of one.
« Last Edit: August 15, 2016, 03:18:48 am by Oubadah »

Oubadah

  • 51
  • 0
Re: Calling G.1 Sniper M3 Owners (SecureBoot BIOS Corruption)
« Reply #10 on: August 15, 2016, 08:47:57 am »
Unfortunately I just got a response from the gigabyte rep saying that they re-tested their board with my same configuration and still can't replicate the issue. Now they're talking about drivers. I tried to stress in my last message that drivers are irrelevant because the issue is completely contained in the BIOS and I can replicate the issue without Windows even being installed.