--- On Tue, 10/19/10, Stefan Reinauer stepan@coreboot.org wrote:
From: Stefan Reinauer stepan@coreboot.org Subject: Re: [flashrom] DOS binary doesn't work? To: "max" opendtv@yahoo.com Cc: flashrom@flashrom.org Date: Tuesday, October 19, 2010, 1:22 PM
[101012 07:33]:
--- On Mon, 10/11/10, max opendtv@yahoo.com
wrote:
Thank you, lspci yielded some interesting
information. On
the linux that works, there are two kernel
modules
associated with device 8086/24C0 (where the write
enable
register is located): iTCO_wdt and intel-rng.
Those modules
are not present on the linux that doesn't work.
Ok, I have the answer. It was iTCO_wdt, not intel_rng
as I first guessed. iTCO_wdt clears bit 13 (TCO_EN) of SMI_EN. This is what allows flashrom to enable writing (tested by clearing the bit with a debugger and running DOS flashrom).
from iTCO_wdt.c iTCO_wdt_init: /* Bit 13: TCO_EN -> 0 =
Disables TCO logic generating an SMI# */
val32 = inl(SMI_EN); val32 &=
0xffffdfff; /* Turn off SMI clearing watchdog */
outl(val32, SMI_EN);
Nice finding! Don't you love the effectiveness of SPI flash protection? :)
I noticed that in ICH5, Intel added yet another "lock" which prevents TCO_EN from being cleared, perhaps to close this hole. However, I have an Intel ICH5 motherboard and it doesn't use the TCO_EN lock.
It might be dangerous to rely on TCO_EN since the BIOS is still getting SMI interrupts from other sources. The safest thing is to exit with a meaningful error message if the BIOS write lock bit is set.
Dan