On Sat, 20 Aug 2011 23:03:16 +0100 (BST) Luzipher McLeod luziphermcleod@yahoo.ie wrote:
Thanks for your mails ! Good to know that there is something going on (even though you indicate that it'll take quite some time). If I can do anything to help, just let me know.
if you are good at REing you could help a lot (because i am a n00b regarding x86 asm, and therefor quite unmotivated to stare at disassembly - especially when i see how fluently others are able to read this :).
That said, it really seems to be a messed up situation. As far as I understood, there are several "units" involved in accessing the flash (or at least granting rights to access the flash).
yes. the firmware for the ME, the GbE controller and the host (=BIOS/EFI) are on the same flash chip and all of them can access it via the southbridge. they do also write to it (the ME logs some stuff at least). access restrictions are enforced by the southbridge which acts as a gatekeeper.
Am I right that the major missing thing is support for the embedded controller (ME) ?
exactly. usually that is the only real problem. the flash descriptor region is most often read-only, but that's not really an issue (it does not need to be updated normally). i *think* to know how the ME can be told to give us access superficially (using HECI/MEI), but i don't know the exact details. i have a patch already that implements MEI communication in flashrom... the question is just what to send (and what to expect to receive :)
I also do have a flashing utility that works from DOS if that'd be any help (reverse engineering) ?
there are various of those and RE is the way to go probably (because intel won't tell us probably). having access to the binary is not the problem though.
PS: Wir können auch deutsch schreiben, ich hab's mal in Englisch verfasst, weil du erwähnt hast, das das ganze evtl auch der Dokumentation für etwaige Nachfolgerwahnsinnige dient :-)
if it is not too hard for you, english is the way to go because it is the least common denominator of those involved.
i think i should write together what i know about unlocking the ME. probably a wiki page would be best...
You guys can also use flashrom utility to be able to write the firmware if the utility you are using is being stubborn (happens to me too), and if you want perfect chance, you will want to have a backup BIOS chip with the same copies of the original firmware (my motherboard have two firmware flash - something to be truly thankful!), and I would recommend to use Linux Live CD mentioned in flashrom download page, as FreeDOS have managed to brick all of the firmware image I have been trying to flash. Fed up, I went to get the live CD, it works now. I used SystemRescueCd distro (you need to figure out how to mount the hard drive or jump drive to be able to have flashrom to download the firmware ROM - for example: mount /dev/sda1 /mnt/disk0 ), so far, this distro is quite nice to have!
Also, some firmware also contain special key which prompts the southbridge to ignore the firmware flasher other than the regular utility recommended by the manufacturer of the motherboard you own. I own Gigabyte GA-MA78GM-S2HP, and the firmware has 4-byte keys (they have been long since obliterated, but at least it boots up fine.) You can reverse engineer it if you want to. Try starting at boot header, which the keys are likely to be at. However, your mileage will still vary. Hex editor is also good if you guys know how to read hex codes (Good ol' PIC days!)
Have a happy coding day! (P.S. Thanks all for such a wonderful firmware, Coreboot!)
On Sat, Aug 20, 2011 at 7:09 PM, Stefan Tauner < stefan.tauner@student.tuwien.ac.at> wrote:
On Sat, 20 Aug 2011 23:03:16 +0100 (BST) Luzipher McLeod luziphermcleod@yahoo.ie wrote:
Thanks for your mails ! Good to know that there is something going on
(even though you indicate that it'll take quite some time). If I can do anything to help, just let me know.
if you are good at REing you could help a lot (because i am a n00b regarding x86 asm, and therefor quite unmotivated to stare at disassembly - especially when i see how fluently others are able to read this :).
That said, it really seems to be a messed up situation. As far as I
understood, there are several "units" involved in accessing the flash (or at least granting rights to access the flash).
yes. the firmware for the ME, the GbE controller and the host (=BIOS/EFI) are on the same flash chip and all of them can access it via the southbridge. they do also write to it (the ME logs some stuff at least). access restrictions are enforced by the southbridge which acts as a gatekeeper.
Am I right that the major missing thing is support for the embedded
controller (ME) ?
exactly. usually that is the only real problem. the flash descriptor region is most often read-only, but that's not really an issue (it does not need to be updated normally). i *think* to know how the ME can be told to give us access superficially (using HECI/MEI), but i don't know the exact details. i have a patch already that implements MEI communication in flashrom... the question is just what to send (and what to expect to receive :)
I also do have a flashing utility that works from DOS if that'd be any
help (reverse engineering) ?
there are various of those and RE is the way to go probably (because intel won't tell us probably). having access to the binary is not the problem though.
PS: Wir können auch deutsch schreiben, ich hab's mal in Englisch
verfasst, weil du erwähnt hast, das das ganze evtl auch der Dokumentation für etwaige Nachfolgerwahnsinnige dient :-)
if it is not too hard for you, english is the way to go because it is the least common denominator of those involved.
i think i should write together what i know about unlocking the ME. probably a wiki page would be best...
-- Kind regards/Mit freundlichen Grüßen, Stefan Tauner
flashrom mailing list flashrom@flashrom.org http://www.flashrom.org/mailman/listinfo/flashrom
-
Donovan Lavinder -
Stefan Tauner