ron minnich wrote:
And they used flashrom, it appears. :-)
Great!
The SPI controllers in ICH7 and up have several security mechanisms to prevent unauthorized modification of the flash memory. Boards from intel utilize those mechanisms, but many more boards from other manufacturers don't.
By gaining security from those mechanisms, one loses freedom. One mechanism seems to involve public key cryptography. AFAIK, one can only use the IFlash utility from intel to reflash their BIOS, and I am not awared of any cross-flash ability of IFlash. Thus, intel boards are flashrom unfriendly.
That said, I think there is still chance that the cryptographical security mechanism could be cracked. (I am not good at cryptography, so expect errors and correct me.) Since IFlash needs to authenticate itself (to the SMI handler), the process might be:
SMI handler generates a random number SMI handler encrypts that number with the public key. SMI handler publish the challenge
IFlash decrypt that with a private key(!) IFlash writes its answer IFlash sends a modification request SMI handler receives the request SMI handler compares the answer with the original number confirmed and unlocked
IFlash needs to carry the private key with it.
If that is true and someone implements an attack, the public-key cryptography security mechanism for the flash memory will be a joke. If the knowledge is not publicly known, then the security mechanism becomes a path for the malware and an obstacle for utilities like flashrom.
yu ning