On Mon, 21 Mar 2011 12:41:11 -0400 Joshua Roys roysjosh@gmail.com wrote:
My 2 cents are that this would be very useful... There are a few ICH10 systems at work that are fairly locked down through the chipset restrictions. Other than flashing externally or attempting to circumvent the chipset, your plan is the only other option. I don't think Intel will remove restrictions in the future (although they may convince BIOS folk to use less restrictive defaults) so it would be a good idea, I think, to learn to play nice with them.
hi
i talked to peter, joshua and marc on irc yesterday about it. the condensed agreement is, that we don't really know what this would get us exactly and we should know that before we really decide.
idwer at least said "I think choosing to work on Intel's ME as a gsoc project will be more rewarding than focusing on ECs, which vary".
so i am trying to research this further in respect to impact on different platforms and if the heci thing is really the one responsible for this.
interesting bits so far: there has been efforts to push a new heci driver upstream this year [1].
intel signs their firmware images with a PKI. the signature/public key is checked on every boot with a sha-1 hash in rom [2]. not important for my task but interesting nonetheless imho.
there seem to be two main architectures for accessing system flash chips (in notebooks) these days. i'll give an example for each: - 1. system flash behind an external EC e.g. thinkpad SL410 [3], - 2. system flash directly connected to the southbridge, ec has its own flash for its firmware (either embedded or another external flash chip) thinkpad t400s (predecessor of my t410s) [4].
the first case is the known and feared case were the EC can interfere in various ways with flashrom's interactions with the flash. i'm pretty sure that we can make flashrom support the other case with heci, but this would most probably only allow to flash the bios flash not the EC firmware. updating the bios only is probably a bad idea but this has to be solved later.
for non-mobile boards there seem to be a variety of ME configurations in respect to flash settings in the wild:
flashrom does not work: - Zotac H55-itx (H55) [5]: Flash Configuration Lock-Down: disabled Flash descriptors: valid descriptors r/o, ME and platform locked - Intel DG45ID (my desktop) (ICH10R) [11]: Flash Configuration Lock-Down: enabled Flash descriptors: valid descriptors r/o, ME locked
flashrom works: - Supermicro C2SEA (ICH10R) [6]: Asus P5E-VM (ICH9R) [7]: Gigabyte EP45-DS4 (ICH10R) [8]: Z8NA-D6(C) (ICH10R) [9]: Flash Configuration Lock-Down: disabled Flash descriptors: disabled/not valid - EVGA X58 SLI (ICH10R) [10]: Flash Configuration Lock-Down: disabled Flash descriptors: valid all descriptors r/w
so the majority of desktop boards seem to not use the flash descriptors at all or don't lock them and therefore work with flashrom already. beside my intel board only that zotac boards locks flash regions. i doubt that these are the only ones in the wild, but that's all i could dig up yet.
i'd like to get a comment from carl-daniel, before i try dissecting intel's flash program for the dg45id (for which i could use some help btw).
1: http://linux.derkeiler.com/Mailing-Lists/Kernel/2011-02/msg04015.html 2: http://software.intel.com/en-us/articles/architecture-guide-intel-active-man... 3: http://notebookschematic.com/wp-content/uploads/2010/12/SL410K.png 4: http://notebookschematic.com/wp-content/uploads/2010/11/T400S_2.png 5: http://www.flashrom.org/pipermail/flashrom/2010-December/005578.html 6: http://www.flashrom.org/pipermail/flashrom/2010-November/005428.html 7: http://www.flashrom.org/pipermail/flashrom/2011-January/005705.html 8: http://paste.flashrom.org/view.php?id=429 9: http://www.flashrom.org/pipermail/flashrom/2010-September/004671.html 10: http://www.flashrom.org/pipermail/flashrom/2010-November/005409.html 11: http://www.flashrom.org/pipermail/flashrom/2011-March/006012.html