On Fri, May 11, 2018 at 7:52 AM, Elmar Stellnberger <estellnb@elstel.org> wrote:


On 2018-05-11 00:08, Nico Huber wrote:
> actually, I don't see a BIOS in there at all. ...
If you want to hunt more clues nevertheless, you can send us the output
of `flashrom -p internal:laptop=force_I_want_a_brick -V`. IIRC, it
also tells from which bus the BIOS was loaded.

 I think the ME has some logging enabled and simply writes to the flash.

Nico


On 2018-05-10 23:24, David Hendricks wrote:
> If this is the case, then you will need to figure out how to prevent
> the EC  from reading/writing the ROM at the same time as flashrom.
> This could be as simple as disabling your OS's power management daemon
 > to avoid stimulating it, or ...

Here comes the verbose output of flashrom as attachement.
This time the output was taken after shutting down the backlight daemons:
systemctl stop systemd-backlight@backlight:acpi_video0.service
systemctl stop systemd-backlight@backlight:nv_backlight.service

- and see the newly loaded rom images do not differ any more (though the time between taking both images has been less this time).

Glad that seems to have worked for reading. However as Nico said we really can't recommend attempting to write using flashrom. At least not unless you can get a full understanding of how this works and how to safely disable the EC for updates, and have a method for recovery (e.g. an external programmer). Anything that interacts with the EC (power, thermal, input events, maybe other things) can wake it up and put your system in a bad (possibly bricked) state.
 
wget https://www.elstel.org/uploads/celsius3.rom
wget https://www.elstel.org/uploads/celsius4.rom

  Is it true that these flash images do not contain a BIOS?

It appears true. As Nico said it appears this chip is only for ME firmware and configuration data. There is almost certainly another SPI flash on the motherboard for the BIOS. You may need to (de-)assert some GPIO or send a special command to the EC to select it.
 
If it still contains all ME regions that should be enough for disabling ME? How to do that - I have heard that me_cleaner only works on gen2 and gen3 MEs but that my ME would be gen1?

I'm not an expert on me_cleaner, but the long story short is that ME is a complicated beast that changes frequently and is very intertwined with how the system works. me_cleaner can remove some (many?) modules but can't disable it completely since ME controls some functions needed to bring-up the CPU. I'm sure they'd appreciate your help demystifying your ME's generation!