On Tue, 22 Mar 2011 08:36:50 +0100 Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net wrote:
Locked region reflashing is considerably harder than handling the rest of the flash. Most Intel chipsets released after ICH7 (except later ICH7 derivatives) support two flash interfaces: One interface which lets flashrom do all the heavy lifting (which we use right now), and one interface outsources read/write/erase commands to the chipset and just tells the chipset in abtract terms what to do. Most locked down boards still allow the outsourced interface to read some regions, but that interface is not supported in flashrom right now. One of the interfaces is called hardware sequencing, the other one software sequencing, but I can't remember which one is which. If we can add a driver for the currently unsupported interface (which is fully documented), we'd already achieve a major step forward.
flashrom supports software sequencing, hardware sequencing is the interface were the chipset handles "everything". from what i have read in the ICH datasheets (while i tried to understand sw sequencing/what flashrom does) hardware sequencing won't get us anywhere. it seems it's just a simpler interface for compatible/supported flash chips. the main difference is that in software sequencing the software can define the spi commands to be used. my impression can be wrong of course.
adding support for hardware sequencing shouldn't be that hard, because the software has less options than with sw sequencing. but... i don't know what we would get. you said that the "outsourced" interface (=hw sequencing) would allow to read "some regions" on locked boards. sw sequencing allows that too: flashrom can read the first region (=flash descriptors) of my boards. it just stops when it reaches the first locked region (and does not write the date to file it has read until then).
Having the ME reflash some stuff would definitely be interesting, but I have no idea if there is even a consistent interface for that, and the problem space is similar to having an EC reflash some stuff. It can be done, but each machine would have to be reverse engineered individually. Not fun. If you attempt any of this during GSoC, please make sure you first support the interface I mentioned above, and if any time is left, reverse that for reversing any ME-controlled flashing.
the question is if each machine is really different in that respect. i doubt that because that would mean that every vendor has to provide its own firmware for the ME microcontroller that is included in the MCH*/ICH/SCH. * including it in the mch makes sense because it is cheaper there due to different manufacturing processes and it is mentioned here explicitly: http://software.intel.com/en-us/articles/architecture-guide-intel-active-man...
so i'm pretty sure if we can RE the heci flash protocol (if it really exists :) once, we would be able to support all locked down mainboards.