On Wed, 13 Mar 2013 13:15:32 +0000 Greg Schardt gschardt@ddn.com wrote:
I have modified the flashrom code to allow reads and writes to unprotected regions to occur, but am still blocked by having the ME region locked. Do you have any idea how the AFUDOS utility is able to modify the Management Engine region even though it should be locked? I would have thought that the Region Access Control settings would be in effect once the BIOS finished booting, before DOS could start. According to documentation, asserting HDA_SDO is the only way to override these settings, do you think that is the mechanism being used?
AFAIK updating the ME directly is not possible if the locks are enabled (HDA_SDO is one way to disable them but that does not work after boot either). The ME probably is able to update itself and there is probably an interface for the host to transfer an image to it, but that's speculation. Are you sure afudos changes the ME region at all?
AFAIK updating the ME (region) is not always needed. The problem is we do not know if this is true in all cases...