On Sat, 17 Sep 2011 00:27:34 +0200 Carl-Daniel Hailfinger email@example.com wrote:
Am 04.09.2011 00:21 schrieb Stefan Tauner:
On Fri, 02 Sep 2011 20:27:37 +0200 Carl-Daniel Hailfinger firstname.lastname@example.org wrote:
Am 20.08.2011 12:39 schrieb Stefan Tauner:
How do we handle chips where a part of the chip is not part of any region? What does the hardware enforce in that situation?
i am not entirely sure yet if my hypothesis is correct, but i think the hardware prohibits any accesses outside defined regions (i.e. flash cycle error and/or access error log) - most probably only if the flash descriptor is valid of course (and the flash descriptor security override pin is not pulled down)...
for some more detail please see 201108170859.p7H8xGcB007590@mail2.student.tuwien.ac.at in the "report for Intel QM67 | Winbond W25Q64" thread.
and due to this new information, i am not so sure anymore this patch is a good idea... either we should add a check for PR-based protections and that the regions cover the whole chip too (probably the right thing to do according to my guts),
I think that would be a good idea. Maybe print a warning "please report foo to flashrom@" in case the chip is not completely covered by regions so we get a feeling for what's ok and what's not ok.
dunno if there is much more insight to be gained by reports of probings only, but a more explicit warning and request for a report does not hurt that much. we still get the 0.9.2 nvidia mcp reports, but i think it is not *that* annoying to *not* make this "error" again :)
or drop the patch.
OTOH improved layout support would make it possible to read/write/verify unprotected parts without a problem. with this patch --force is needed to write them, correct?
I'm not sure how --force would change anything here.
in chip_safety_check we check for !programmer_may_write and do *not* bail out if --force is used. and afaics this is the only place where we read this variable, so --force would indeed override it... like i thought(?)
would be ok with me... as long as it would not completely hinder the user from writing.
If any part of the write has a chance of not working reliably, we should completely block writing until we can exactly limit writes to writable regions.
well, i *think* that updating the bios/firmware region *only* may actually be enough to update a mobo. i guess no one has tried yet though so it is just a theory. if it is true disabling write access completely reduces flashrom's capabilities... well that's pretty academic nonsense, but that's how i work :P
i'd like to keep the --force override like it is for now (so the write protection of a refined patch can still be overriden).
so i suggest we drop this patch for now until i have a refined one and bring in the rest (of this patch set). i guess i will have a new patch before all my other patches are reviewed, so it is not a big deal anyway ;)