On Mon, 22 Aug 2011 15:31:17 +1200 Shailendra Sodhi shailendra.sodhi@endace.com wrote:
Hi,
Hi we use flashroom tool to flash our X8DTH and X8DTU Supermicro boards now when we try to flash X8SIE-F Motherboard with Intel 3420 chipset flashrom fails with error.
Attached a file(s) detailing error. Please let me know if any further information required to make this work.
hello shailendra
first: please don't post plain text as word documents.
0x04: 0x6008 (HSFS) HSFS: FDONE=0, FCERR=0, AEL=0, BERASE=1, SCIP=0, FDOPSS=1, FDV=1, FLOCKDN=0
FLOCKDN=0 is good, this means we can tinker with the relevant registers.
0x06: 0x0000 (HSFC) HSFC: FGO=0, FCYCLE=0, FDBC=0, SME=0 0x08: 0x00001000 (FADDR) 0x50: 0x0000ffff (FRAP) BMWAG 0x00, BMRAG 0x00, BRWA 0xff, BRRA 0xff 0x54: 0x00000000 (FREG0: Flash Descriptor) 0x00000000-0x00000fff is read-write 0x58: 0x03ff0100 (FREG1: BIOS) 0x00100000-0x003fffff is read-write 0x5C: 0x00ff0001 (FREG2: Management Engine) 0x00001000-0x000fffff is read-write 0x60: 0x00000fff (FREG3: Gigabit Ethernet) Gigabit Ethernet region is unused. 0x64: 0x00000fff (FREG4: Platform Data) Platform Data region is unused.
good. none of the 5 regions are locked.
0x74: 0x80108001 (PR0) 0x78: 0x00000000 (PR1) 0x7C: 0x00000000 (PR2) 0x80: 0x00000000 (PR3) 0x84: 0x00000000 (PR4)
and there we have our problem. the PR registers are another lock mechanism. the current content of PR0 declares the range 0x00001000 - 0x00010fff to be locked (write and read protected). because of FLOCKDN=0, we can manipulate this and the attached patch will try to remove the read and write protection. read and write operations should then pass the chipset's protection mechanisms and be delivered to the flash chip.
please note though, that we do not know why supermicro has decided to lock this address range. it might be a good idea to ask them, or to not touch the whole ME region at all (you can do this with the layout option). OTOH it might also be a bad idea to just update the bios without updating the ME firmware (or the bios and only a part of the ME range)... we just don't know. so if you don't have any means to recover a mis-flashed board, i would not recommend you try to write to this board with flashrom. i would appreciate a read test with the attached patch though, so that we know if the (read) protection can be circumvented.