On Dec 31 2012 11:13 AM, Stefan Tauner wrote:
Trammell Hudson hudson@osresearch.net wrote:
No changes were written to the executable portions of the ROM. The data regions at 0x2000-0x2FFF, 0x6400-0x67FF, 0xC000-0x14FFF, 0x1C000, 0x3C000, 0x40000-0x4BFFF were overwritten correctly. My firmware image differed only in those regions below 0x190000, so it might have successfully written to the entire 0x0-0x4BFFF (or even higher) space.
The terms executable and data region are not very accurate. The ME region (0x00001000 - 0x0018ffff) is executed by the embedded controller embedded in the PCH.
Interesting. Is the ME region common to all motherboards? On this Macbook part of that region (starting at offset 0x2000) appear to be re-written on almost every boot and is perhaps used to store some sort of OSX related data. It is written/erased in 4KB chunks and starts with the magic number 0x474F4C46 ("FLOG"). The previously written portion is erased with 0xFF and possibly some bookkeeping data. There is a different region in the flashrom (around offset 0x670000) that OSX uses to store the nvram data in an EFI firmware volume and is also rewritten on most boots.
On Macbooks it appears that the EFI firmware volumes with executables start at 0x190000, so I had mentally written off everything below that as data; my understanding of how the ROM is split up is inexact and is based only on my observations of what I've seen with this motherboard.
The ROM image that I was writing had changes in the executable firmware volume starting at 0x190000.
This contradicts what you wrote in the first paragraph (but is in line with the log).
I was unclear, sorry. I had made changes in the executable code stored in the EFI firmware volume at 0x190000 (length 0x1A0000) and was attempting to write them to the chip with flashrom, but as you can see in the logs, that portion of the ROM was unchanged. I have since successfully flashed the changes via my own SPI hardware device.