On Dec 31 2012 11:13 AM, Stefan Tauner wrote:
Trammell Hudson <hudson(a)osresearch.net> wrote:
No changes were written to the executable
portions of the ROM. The
data regions at 0x2000-0x2FFF, 0x6400-0x67FF, 0xC000-0x14FFF,
0x3C000, 0x40000-0x4BFFF were overwritten correctly. My firmware
differed only in those regions below 0x190000, so it might have
successfully written to the entire 0x0-0x4BFFF (or even higher)
The terms executable and data region are not very accurate. The ME
region (0x00001000 - 0x0018ffff) is executed by the embedded
embedded in the PCH.
Interesting. Is the ME region common to all motherboards? On this
Macbook part of that region (starting at offset 0x2000) appear to be
re-written on almost every boot and is perhaps used to store some sort
of OSX related data. It is written/erased in 4KB chunks and starts with
the magic number 0x474F4C46 ("FLOG"). The previously written portion is
erased with 0xFF and possibly some bookkeeping data. There is a
different region in the flashrom (around offset 0x670000) that OSX uses
to store the nvram data in an EFI firmware volume and is also rewritten
on most boots.
On Macbooks it appears that the EFI firmware volumes with executables
start at 0x190000, so I had mentally written off everything below that
as data; my understanding of how the ROM is split up is inexact and is
based only on my observations of what I've seen with this motherboard.
The ROM image
that I was writing had changes in the executable
volume starting at 0x190000.
This contradicts what you wrote in the first paragraph (but is in
with the log).
I was unclear, sorry. I had made changes in the executable code stored
in the EFI firmware volume at 0x190000 (length 0x1A0000) and was
attempting to write them to the chip with flashrom, but as you can see
in the logs, that portion of the ROM was unchanged. I have since
successfully flashed the changes via my own SPI hardware device.