On 09.04.2010 05:17, Darmawan Salihun wrote:
I'm not sure if this will work and it's risky as well, but you might want to try it out:
In most BIOS, shorting the address pins (or the equivalent of that act) upon boot will force the machine to boot from the bootblock BIOS. The bootblock routine usually searches for BIOS binary file to flash, because the assumption is the system BIOS a.k.a main BIOS module is corrupt and need replacement.
This can't work on LPC/FWH/SPI flash because there are no address lines on these chips.
And even on old-style parallel flash, I don't understand how this is supposed to work. If we short all address lines, the CPU is going to read garbage from the ROM and won't even start up. Same problem applies if you short the lowest address line. Shorting some intermediate address line like A8 could work if the BIOS image is carefully crafted. Shorting the uppermost address line could work as well. And if an EC is using that parallel flash chip as well, you'd better make sure it will _never_ read garbage or you have some really big problems.
I'd appreciate a real-world example where shorting an address pin works. Please include the flash chip type and tell me which address pin was shorted, and whether the pin was tied to 0 or to 1.
Regards, Carl-Daniel