On Fri, 9 Sep 2011 15:47:34 +0200 "Feldschmid, Ingo" ifel@msc-ge.com wrote:
Uhm, the idea of this mechanism is to prevent flashing of the bios chip. Whenever the bios write enable bit is changed, an SMI is generated, and the SMI code from the bios is executed. Within this code, the original bios vendor can do anything, including preventing the changing of said bit. Normally, this can be used to make sure that the bios chip can only be written through a "bios-vendor-approved" update mechanism.
yes. the question is what should we do? the interrupt service routine could be a NOP too... or it could be undefined and reset the PC (we had something similar on an intel reference board when testing my hardware sequencing patches). of course it is not likely that a vendor will do something like that, but probably check for some internal "enabled"-flag and change back the write enable bit if that flag is not set...
so... is just warning the user enough? if something bad happens in the SMI it would have happened already when the message is printed... should we require --force to try to set the write enable, if the SMM protection is enabled (and warn and explain without --force ofc.)?
Looking at the Dell website, it seems that the optiplex includes a feature called "computrace". This is an advance thief protection which includes, among other things, a bios module which helps preventing the removal of the thief protection from the board. This might be the reason that Dell tries to prevent flashing the bios through the means described above.
To update this computer's bios through flashrom, the user might first have to contact Dell to disable the Computrace/Lojack mechanism on the board. After that, bios updates through non-dell programs might be possible.
jup that's possible. thank you very much for the mail.