I'm in the unlucky situation that I need to use a CPU feature that the BIOS hasn't enabled in the ia32 feature control MSR register. The BIOS does set the lock bit so I can't set the bit myself. The BIOS (Asus UEFI BIOS) has no option to change the behavior. Question is, is there any way I can set this bit? I'm thinking if it is possible to write an UEFI extension or some program I could execute from the UEFI shell. But I'm not sure if the register is locked before this would be execute (I know very little about UEFI and its programming environment). Alternatively, is it possible to patch the BIOS update image or modify it using standard tools? Anyone who heard of success stores in this area?
The feature in question is SGX (Software Guard Extensions). The board is Asus Z170-K. Everything is in place to support SGX, except that the BIOS is unable to set this bit.
Update May 22th: I just updated the Asus Z170-K to the newly released BIOS 1803 (released 20th of May). It was a big jump in version number so I was hopeful. Sadly, SGX support still isn't there. I've now filed a new request with Asus and this time I plan not to be just brushed off. I think it is outright amateurish this is not supported from the beginning - it is part and parcel of supporting a Skylake CPU so I think all customers requiring this should try and pursue a refund (I know I'm gonna do that).
A beta BIOS version 3107 has now been released on the Asus web site. This version is the first to enable SGX (it introduces a new SGX option in the BIOS menu). I have not verified it is actually working, but at least this is progress. It seems other motherborads in the Z170-series are getting BIOS upgrades that start with "3" so that might add SGX for those as well.