Angel Pons has posted comments on this change. (
Change subject: Add "--dangerous-bruteforce" mode for the unreliable ISP
Patch Set 6: Code-Review-1
I would not want to see this merged, so as to not encourage in-circuit flashing on boards
which are not designed for that due to the potential risks involved.
Breaking hardware is easier than one could think: just powering a mainboard via a clip can
violate the power sequencing requirements of the board and damage to other ICs on the
board. Even using an external power supply could harm some boards. Overloading data pins
is very easy to do. Even using an ohmeter (multimeter in resistance mode) on an unpowered
board can kill circuits.
Let's see some examples. Let's suppose we have a chip (e.g. a southbridge) that
uses two voltage rails: rail A (3.3V) and rail B (1.8V). Suppose we're only powering
one rail at a time, while the other rail is left unpowered (therefore, at zero volts). The
voltage difference between both rails (A - B) changes significantly:
Normal: 3.3V - 1.8V = 1.5V
Only rail A: 3.3V - 0V = 3.3V
Only rail B: 0V - 1.8V = -1.8V
The rail A case means that some parts of the chip would see more than twice of the voltage
they expect. Doesn't look good.
The rail B case is even worse: some parts of the chip would be reverse-biased (powered
backwards). I don't even want to think about it.
If there are protection diodes, you could survive such a disaster. But how do you know
they are installed in first place? They could be omitted on designs with a strict power
sequence, or on cheap designs. Moreover, if any of these diodes is clamping the voltage
down to a safe level, this means more current is drawn from the programmer. Most 3.3V
regulators on flashers are tiny and easy to overload, and their failure mode usually
results in them passing through their input voltage to the output, which is usually 5V
from the USB ports. Then, everything gets overvolted, and things die.
Some people suggest using a beefier external power supply, such as an ATX computer PSU, if
the flasher is not giving out enough power. That is an insane recommendation nobody should
ever follow unless their goal is to light that board on fire. If any clamp circuits were
active and overloading the flasher's (relatively weak) voltage source to protect the
board, they will now have to handle currents of up to a few dozen amps, coming from the
external PSU. Do you like fireworks?
If you're powering the board using its own power supply, so that the flash chip is
powered by the board itself, not the programmer, then you have to deal with the other
active masters on the SPI bus (ideally, just one). If you can make all of them stay idle
or in reset, the SPI bus should be inactive and you should be able to flash without
requiring this mode.
If you can't make the other SPI masters shut up, then your flasher will be fighting
with the other masters on the SPI bus. Data corruption aside, if a master drives a pin
high while the other one drives the same pin low, then we have problems.
If the circuit board has resistors between the flash chip and the onboard masters, the
onboard masters will have a higher impedance than your flasher, so theoretically you could
probably flash fine without needing this mode.
However, if the board has no resistors between the masters (usually the case on cheap
boards), you have a short-circuit. On most SPI masters, the absolute maximum allowable
current flowing through I/O pins is very low. A short-circuit can easily kill those pins,
and thus render the SPI interface useless. And killing a CH341A that way will hurt much
less than killing a computer mainboard with a soldered CPU.
If somebody wants to flash a mainboard which is not designed to be flashed in-circuit,
they should consider removing the flash chip. If flashing needs to be done regularly, then
they should consider making the flash chip easily removable by installing a socket, or
modifying the board so that it can handle in-circuit flashing: a diode on VCC to prevent
powering the rest of the board, and resistors on the data signals to avoid driving
outputs. Some boards' design makes the last option impossible to sanely implement,
I can see why people want to avoid doing any of the above: it involves using soldering
equipment on rather small components. Without soldering, there's no good solution.
To view, visit https://review.coreboot.org/c/flashrom/+/31830
To unsubscribe, or for help writing mail filters, visit
Gerrit-Owner: Mike Banon <mikebdp2(a)gmail.com>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Mike Banon <mikebdp2(a)gmail.com>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-CC: Paul Menzel <paulepanter(a)users.sourceforge.net>
Gerrit-Comment-Date: Thu, 22 Aug 2019 19:09:26 +0000