Windows On ARM On Arm

April 10, 2025 by Bryan Cockfield 6 Comments

While some companies like Apple have gone all-in on the ARM architecture, others are more hesitant to dive into the deep end. For example, Microsoft remains heavily invested in the x86 architecture and although it does have some ARM offerings, a lot of them feel a bit half-baked. So you might question why someone like [Gustave] has spent so much time getting Windows to run on unusual ARM platforms. But we don’t need much of a reason to do something off-the-wall like that around these parts, so take a look at his efforts to get Windows for ARM running on a smartwatch.

The smartwatch in question here is a Pixel Watch 3, which normally runs a closed-source Android implementation called Wear OS. The bootloader can be unlocked, so [Gustave] took that approach to implement a few clever workarounds to get Windows to boot including adding UEFI to the watch. During the process Google updated these devices to Android 15, though, which broke some of these workarounds. The solution at that point was to fake a kernel header and re-implement UEFI and then load Windows (technically Windows PE) onto the watch.

Although this project was released on April 1, and is by [Gustave]’s own admission fairly ridiculous and not something he actually recommends anyone do, he does claim that it’s real and provides everything needed for others to run Windows on their smartwatches if they want to. Perhaps one of our readers will be brave enough to reproduce the results and post about it in the comments. In the meantime, there are a few more open options for smartwatches available if you’re looking for something to tinker with instead.

Thanks to [Ruhan] for the tip!

How Nyan Cat Was Ported To UEFI

January 13, 2025 by Lewin Day 13 Comments

The Unified Extensible Firmware Interface (UEFI) took over from the classical BIOS some years into the new millenium. It’s typically used for running a computer at the basic pre-OS level, and most of us don’t even notice it past boot time. However, you can do some neat things in this space—you can even port over Nyan Cat if you’re talented like [Cornelius].

*That’s fun. Set your friend’s computer to boot into this instead of their OS by default and see how long it takes them to figure it out.*

Yes, Nyan Cat is now available as a UEFI application, running via the EFI Simple Text Output Protocol. [Cornelius] approached this creation by first learning Rust, before progressing to the Hello World stage. Before long, the computer was booting up to display a simple text message with no OS required.

From there, creating the Nyan Cat animation required figuring out how to display it as a bunch of dancing characters, which is where the Simple Text Output Protocol came in. Nyan Cat was really the perfect animation for the UEFI environment, since its simple pixel art style was easily recreated with text. With a bit of work, the animation came together, with a remarkable resemblance to the original artwork.

All that’s missing is a routine to play the music over a PC speaker; only, those are hardly a thing anymore. A pity! In any case, if you’ve been cooking up your own nifty UEFI hacks, don’t hesitate to drop us a line!

IRC Client On Bare Metal

April 6, 2024 by Al Williams 14 Comments

In the beginning, there was the BIOS, and it was good. A PC’s BIOS knows how to set up the different hardware devices, grab a fixed part of a hard drive, load it, and run it. That’s all you need. While it might be all you need, it isn’t everything people want, so a consortium developed UEFI, which can do all the things a normal BIOS can’t. Among other things, UEFI can load code for the operating system over the network instead of from the hard drive.

In true hacker fashion, [Phillip Tennen] thought, “Does it have to be an operating system?” The answer, of course, is no. It could be an IRC client. He chose Rust to implement everything. While UEFI does provide a network stack, it isn’t very easy to use, apparently. It also provides support for a mouse. [Phillip] ported his GUI toolkit library over, and then the rest is just building an IRC client.

The client isn’t the easiest to use because, after all, this is a lark. Why would you want to do this? On the other hand, we can think of reasons we might want to take control of a UEFI motherboard and use it for something. If you want to do that, this project is a great template to jump-start your endeavors.

We’ve looked at the UEFI system a few times. Or, you can use it to play DOOM.

Continue reading “IRC Client On Bare Metal” →

Two pictures of the mobo side by side, both with kapton tape covering everything other than the flash chip. On the left, the flash chip is populated, whereas on the right it's not

Enabling Intel AMT For BIOS-over-WiFi

January 5, 2024 by Arya Voronova 28 Comments

Intel ME, AMT, SMT, V-Pro… All of these acronyms are kind of intimidating, all we know about them is that they are tied to remote control technologies rooted deep in Intel CPUs, way deeper than even operating systems go. Sometimes though, you want remote control for your own purposes, and that’s what [ABy] achieved. He’s got a HP ProDesk 600 G3 Mini, decided to put it into a hard to reach spot in his flat, somewhere you couldn’t easily fetch a monitor and a keyboard for any debugging needs. So, he started looking into some sort of remote access option in case he’d need to access the BIOS remotely, and went as far as it took to make it work. (Google Translate)

The features he needed are covered by Intel AMT — specifically, BIOS access over a WiFi connection. However, his mini PC only had SMT enabled from the factory, the cut-down version of AMT without features like wireless support. He figured out that BIOS dumping was the way, promptly did just that, found a suitable set of tools for his ME region version, and enabled AMT using Intel’s FIT (Flash Image Tool) software.

Now, dumping the image could be done from a running system fully through software, but apparently, flashing back requires an external programmer. He went with the classic CH341, did the 3.3 V voltmod that’s required to make it safe for flash chip use, and proceeded to spend a good amount of time making it work. Something about the process was screwy, likely the proprietary CH341 software. Comments under the article highlight that you should use flashrom for these tasks, and indeed, you should.

This article goes into a ton of detail when it comes to working with Intel BIOS images — whichever kind of setting you want to change, be it AMT support or some entirely different but just as tasty setting, you will be well served by this write-up. Comments do point out that you might want to upgrade the Intel ME version while at it, and for what it’s worth, you can look into disabling it too; we’ve shown you a multitude of reasons why you should, and a good few ways you could.

This Week In Security: LogoFail, National DNS Poison, And DNA

December 8, 2023 by Jonathan Bennett 3 Comments

When there’s a vulnerability in a system library, we install updates, and go on with our lives. When there’s a vulnerability in a Java library, jars get rebuilt, and fixed builds slowly roll out. But what happens when there’s a vulnerability in a library used in firmware builds? And to make it even more fun, it’s not just a single vulnerability. All three major firmware vendors have problems when processing malicious images. And LogoFail isn’t limited to x86, either. UEFI Arm devices are vulnerable, too.
Continue reading “This Week In Security: LogoFail, National DNS Poison, And DNA” →

Linux Fu: UEFI Booting

January 19, 2023 by Al Williams 30 Comments

Unless your computer is pretty old, it probably uses UEFI (Unified Extensible Firmware Interface) to boot. The idea is that a bootloader picks up files from an EFI partition and uses them to start your operating system. If you use Windows, you get Windows. If you use Linux, there’s a good chance you’ll use Grub which may or may not show you a menu. The problem with Grub is you have to do a lot of configuration to get it to do different things. Granted, distros like Ubuntu have tools that go through and do much of the work for you and if you are satisfied with that, there’s no harm in using Grub to boot and manage multiple operating systems.

An alternative would be rEFInd, which is a nice modern UEFI boot manager. If you are still booting through normal (legacy) BIOS, the installation might be a hassle. But, in general, rEFInd, once installed, just automatically picks up most things, including Windows, Mac, and Linux operating systems and kernels. The biggest reasons you might change the configuration is if you want to hide some things you don’t care about or change the visual theme.

Continue reading “Linux Fu: UEFI Booting” →

Screenshot of the EFI shell, showing doom.wad and doom.efi in 'ls' command output, and then doom.efi being loaded

DOOM? In Your BIOS? More Likely Than You Think!

June 12, 2022 by Arya Voronova 25 Comments

We’ve seen hackers run DOOM on a variety of appliances, from desk phones to pregnancy tests. Now, the final frontier has been conquered – we got DOOM to run on an x86 machine. Of course, making sure we utilize your PC hardware to its fullest, we have to forego an OS. Here are two ways you can run the classic shooter without the burden of gigabytes of bloated code in the background.

[nic3-14159] implemented this first version as a payload for coreboot, which is an open-source BIOS/UEFI replacement for x86 machines. Some might say it’s imperfect — it has no sound support, only works with PS/2 keyboards, and exiting the game makes your computer freeze. However, it’s playable, and it fits into your BIOS flash chip.

But what if your computer hasn’t yet been blessed with a free BIOS replacement? You might like this UEFI module DOOM port instead, originally made by [Warfish] and then built upon by [Cacodemon345]. To play this, you only need to compile the binary and an UEFI shell, then use the “Load EFI Shell” option in your UEFI menu – something that’s widely encountered nowadays. This version also lacks sound, but is a bit more fully featured due to all the facilities that UEFI provides for its payloads.

Of course there’s far more efficient ways to slay demons on your computer, but even if they aren’t necessarily practical from a gaming standpoint, these two projects serve as decent examples of Coreboot and UEFI payloads. BIOS replacements like coreboot take up so little space, we’ve even seen Windows 3.1 fit alongside coreboot in the BIOS chip. Wondering what UEFI is, even? Here’s a primer for you. And, if you don’t mind the exceptional bloat of a stripped-down Linux install, here’s a Linux image built from the ground up to run DOOM specifically.

Continue reading “DOOM? In Your BIOS? More Likely Than You Think!” →