Attention is currently required from: Nico Huber, Michał Żygowski, Paul Menzel.
1 comment:
File ite_ecfw.c:
The command that is sent when writing the first kilobyte probably indicates to the EC that:
1. The flash access is finished after it takes the first kilobyte to be flashed.
2. EC can switch back from scratch ROM to the flash ROM with the execution.That is why it must be done at the end of flashing process.
I hope I didn't make any mistake here, Michael can confirm
I took a deeper look at this once again. That 1kb write doesn't tell the EC that the flash process is finished, but the 0xfe command does.
In theory we could use the read/erase/write1k commands for flashing the way flashrom is usually doing it, but: when anything goes wrong during flashing (wrong byte written, then watchdog reset or power cycle), the autoload feature is not working bc the mirror size byte is still 0x00 (was set by the fw on first boot). The ec would then execute bad/broken code (or fail completely).
We could also erase the whole flash and write without skipping the first 1k. However, if the image has autoload disabled and something goes wrong during flashing somewhere after the signature was written, we have the same problem as above.
That is most likely the reason why the first 1k (which is the region where the signature is allowed to reside in flash) get written at the very end (to minimize the risk).
1k is the erase block size of the IT5570 btw. so we can just skip the signature and flash it alone, as we need to erase 1k anyway.
To view, visit change 55715. To unsubscribe, or for help writing mail filters, visit settings.