Hi list,
I don't know if it's common yet (the wiki article doesn't mention it) but today I discovered that there are Lenovo Thinkpads with very flat SMD-Flash-ROMs which make it impossible to access them with a SOIC-Clip or flash them by soldering wires to the pins directly.
I aborted the flashing but am going to try finding a work-around.
About the laptop: Type 4298-W28 S/N R9-E4CFC 11/06 (so probably manufactured in 2011)
Product ID: 4298W28
Maybe we should write one sentence in the wiki mentioning that not all chips are accessable very comfortably.
Greetings,
P.
PS: Rantmode: Why the hell don't they just solder a socket? It's not that unrealistic that someone bricks the BIOS while updating the firmware from time to time. Being able to replace the ROM with a fresh one is a huge plus.
On Sat, 5 Aug, 2017 at 5:01 PM, Philipp Stanner stanner@posteo.de wrote:
PS: Rantmode: Why the hell don't they just solder a socket? It's not that unrealistic that someone bricks the BIOS while updating the firmware from time to time. Being able to replace the ROM with a fresh one is a huge plus.
I guess that's just the throw-it-away philosophy ...
Hello Philipp,
Saturday, August 5, 2017, 6:01:04 PM, you wrote: PS> PS: Rantmode: Why the hell don't they just solder a socket? It's not PS> that unrealistic that someone bricks the BIOS while updating the PS> firmware from time to time. Being able to replace the ROM with a fresh PS> one is a huge plus.
A socket would add some cost; not just of the part itself but also cost of the assembly process since flash chip could not be soldered together with the rest of the components now, and possibly other logistical issues (e.g. they would have to order DIP chips specifically for this model instead of SMD parts like for everything else). It would also increase the height of the board, and you know how everyone is obsessed with thin laptops nowadays.
Just because it would be convenient for maybe ten people in the world doesn't make it an incentive for the manufacturers.
Besides, 99.9% users are not expected to ever open their device, let alone mess with the chips. If they get a brick (which is a pretty rare thing nowadays AFAIK), they send it off for repairs.
Yes, you're probably right.
Though I wonder when and how they programmed the firmware. Before or after soldering?
Am 05.08.2017 um 19:41 schrieb Igor Skochinsky via coreboot:
Hello Philipp,
Saturday, August 5, 2017, 6:01:04 PM, you wrote: PS> PS: Rantmode: Why the hell don't they just solder a socket? It's not PS> that unrealistic that someone bricks the BIOS while updating the PS> firmware from time to time. Being able to replace the ROM with a fresh PS> one is a huge plus.
A socket would add some cost; not just of the part itself but also cost of the assembly process since flash chip could not be soldered together with the rest of the components now, and possibly other logistical issues (e.g. they would have to order DIP chips specifically for this model instead of SMD parts like for everything else). It would also increase the height of the board, and you know how everyone is obsessed with thin laptops nowadays.
Just because it would be convenient for maybe ten people in the world doesn't make it an incentive for the manufacturers.
Besides, 99.9% users are not expected to ever open their device, let alone mess with the chips. If they get a brick (which is a pretty rare thing nowadays AFAIK), they send it off for repairs.
Hello Philipp,
Saturday, August 5, 2017, 8:41:42 PM, you wrote:
PS> Yes, you're probably right.
PS> Though I wonder when and how they programmed the firmware. Before or PS> after soldering?
Most likely before, unless they have some debug header exposed. From [1]:
When the hardware and software nears production readiness, it is common practice to preprogram flash memory devices prior to starting high-volume PCB manufacturing flows for two principal reasons. First, firmware loaded onto the device can be used to perform basic booting and testing of the PCB during manufacturing to check system/module functionality. Second, loading the final firmware, operating system (OS), and application code on the flash device prior to manufacturing maintains a high-volume manufacturing beat rate. To support these usage models, multiple vendors provide systems for loading firmware and data into flash memory devices prior to the PCB solder flow process.
Modern flash chips don't have issues retaining programmed bits during reflow soldering as long as the correct temperature profile is observed [2].
[1]: http://www.electronicdesign.com/memory/understanding-onboard-flash-programmi... [2]: http://dataioinfo.com/LiveImages/26/20/DocumentURL.pdf
Do we have any idea what exactly they do to update the firmware internally?
The wiki says once coreboot is flashed you can flash it internally. I suppose this means the blockade protecting the flash can be switched of somehow, as the vendor's have to do it to install firmware-updates.
Am 05.08.2017 um 21:12 schrieb Igor Skochinsky via coreboot:
Hello Philipp,
Saturday, August 5, 2017, 8:41:42 PM, you wrote:
PS> Yes, you're probably right.
PS> Though I wonder when and how they programmed the firmware. Before or PS> after soldering?
Most likely before, unless they have some debug header exposed. From [1]:
When the hardware and software nears production readiness, it is common practice to preprogram flash memory devices prior to starting high-volume PCB manufacturing flows for two principal reasons. First, firmware loaded onto the device can be used to perform basic booting and testing of the PCB during manufacturing to check system/module functionality. Second, loading the final firmware, operating system (OS), and application code on the flash device prior to manufacturing maintains a high-volume manufacturing beat rate. To support these usage models, multiple vendors provide systems for loading firmware and data into flash memory devices prior to the PCB solder flow process.
Modern flash chips don't have issues retaining programmed bits during reflow soldering as long as the correct temperature profile is observed [2].
Hi Philipp,
On 05.08.2017 21:58, Philipp Stanner wrote:
Do we have any idea what exactly they do to update the firmware internally?
Well, I don't. Though, the flash chip is usually only partially protected (something like the upper 128KiB?). They probably only update the unprotected part or put an UEFI capsule (or something similar) into another part of the chip and update the protected part from within the firmware on the next boot.
The wiki says once coreboot is flashed you can flash it internally. I suppose this means the blockade protecting the flash can be switched of somehow, as the vendor's have to do it to install firmware-updates.
The upper most part of the chip is protected by a Protected Range Register (PRR). These PRRs are reset on each reboot. So the only chance to write to the protected region is during early boot before the firmware writes the PRR.
In case they do support updates to the protected region at all, it's likely that the code therein writes the PRR. So it's the update mecha- nism in the firmware that could be attacked (maybe it's just a check- sum, who knows?). You probably can't flash a whole coreboot image this way, but if you can make it write a modified firmware that doesn't set the PRR (or locks it to all zero early), you'd have won.
But first things first, we'd have to find out when the PRR is written and whether the protected region is updatable.
Nico
Hello Nico,
Monday, August 7, 2017, 2:16:05 PM, you wrote:
NH> Hi Philipp,
NH> On 05.08.2017 21:58, Philipp Stanner wrote:
Do we have any idea what exactly they do to update the firmware internally?
NH> Well, I don't. Though, the flash chip is usually only partially NH> protected (something like the upper 128KiB?). They probably only NH> update the unprotected part or put an UEFI capsule (or something NH> similar) into another part of the chip and update the protected NH> part from within the firmware on the next boot.
AFAIK the capsule is not written to flash. It's usually put into RAM or may be alternatively written to the EFI system partition on disk[1] (though I don't think I've ever observed that).
The wiki says once coreboot is flashed you can flash it internally. I suppose this means the blockade protecting the flash can be switched of somehow, as the vendor's have to do it to install firmware-updates.
NH> The upper most part of the chip is protected by a Protected Range NH> Register (PRR). These PRRs are reset on each reboot. So the only NH> chance to write to the protected region is during early boot before NH> the firmware writes the PRR.
NH> In case they do support updates to the protected region at all, it's NH> likely that the code therein writes the PRR. So it's the update mecha- NH> nism in the firmware that could be attacked (maybe it's just a check- NH> sum, who knows?). You probably can't flash a whole coreboot image this NH> way, but if you can make it write a modified firmware that doesn't set NH> the PRR (or locks it to all zero early), you'd have won.
NH> But first things first, we'd have to find out when the PRR is written NH> and whether the protected region is updatable.
You can use chipsec[2] to dump out the current configuration of the system and see if PRRs are indeed used (and how).
[1]: http://www.uefi.org/sites/default/files/resources/UEFI_Summerfest_Insyde_201... [2]: https://github.com/chipsec/chipsec
Hi Philipp,
It is just a wson-8 flash rom, whose soldering plates are compatible with those for soic-8 chips, often found on thinkpads produced when 8MiB soic-8 chip are hardly available.
The common way to deal with wson-8 chips is to blow it off with hot air blower, suck up its content, and finally replace it with a soic-8 chip.
There is an article mentioned wson-8 chips: https://www.coreboot.org/Board:lenovo/t430s
Persmule
在 2017年08月06日 00:01, Philipp Stanner 写道:
Hi list,
I don't know if it's common yet (the wiki article doesn't mention it) but today I discovered that there are Lenovo Thinkpads with very flat SMD-Flash-ROMs which make it impossible to access them with a SOIC-Clip or flash them by soldering wires to the pins directly.
I aborted the flashing but am going to try finding a work-around.
About the laptop: Type 4298-W28 S/N R9-E4CFC 11/06 (so probably manufactured in 2011)
Product ID: 4298W28
Maybe we should write one sentence in the wiki mentioning that not all chips are accessable very comfortably.
Greetings,
P.
PS: Rantmode: Why the hell don't they just solder a socket? It's not that unrealistic that someone bricks the BIOS while updating the firmware from time to time. Being able to replace the ROM with a fresh one is a huge plus.
-
Igor Skochinsky -
John Lewis -
Nico Huber -
persmule -
Philipp Stanner