I tried looking for an answer to this but a quick one didn't surface: when flash regions are protected, is this implemented by the flash chip itself or by the SPI logic (ie ichspi for Intel programmer)?
There are two kinds of read locks that I know of. In the descriptor region of the flash are permissions for each region in the flash (BIOS, GbE, ME, for example). These can write protect, and read protect, the flash regions. There is also flags for the whole flash which are set in the PCH. The BIOS sets these flags. Ross
On Tue, Aug 5, 2014 at 10:55 AM, TR Reardon thomas_reardon@hotmail.com wrote:
I tried looking for an answer to this but a quick one didn't surface: when flash regions are protected, is this implemented by the flash chip itself or by the SPI logic (ie ichspi for Intel programmer)?
flashrom mailing list flashrom@flashrom.org http://www.flashrom.org/mailman/listinfo/flashrom
On Tue, Aug 5, 2014 at 9:55 AM, TR Reardon thomas_reardon@hotmail.com wrote:
I tried looking for an answer to this but a quick one didn't surface: when flash regions are protected, is this implemented by the flash chip itself or by the SPI logic (ie ichspi for Intel programmer)?
It can be implemented by either, though in most cases it's the SPI controller on Intel systems.
On Tue, 5 Aug 2014 12:55:33 -0400 TR Reardon thomas_reardon@hotmail.com wrote:
I tried looking for an answer to this but a quick one didn't surface: when flash regions are protected, is this implemented by the flash chip itself or by the SPI logic (ie ichspi for Intel programmer)?
Both, and more. There are 3 common cases:
1) was used at least in the last 20 years or so: a GPIO line from the chipset is connected to the write protection pin (most flash chips have that). This is usually mainboard-specific and is handled by flashrom in board_enable.c
2) Some flash chips offer software locking mechanisms where some commands need to be sent to the flash chip to lock and unlock respective address ranges. Those settings can then also be hardward-locked via 1)
3) are programmer-based protections such those seen on Intel chipsets where the chipset hardware implements a kind of firewall for the SPI stream.
Got it, thanks all for the quick responses.
I take it that read-protection of non-described areas (ie where there are gaps in the described regions) is done _implicitly_ by the ICH SPI controller?
In the case of Winbond 25Q64 chips, I saw only write-protection in the datasheet, no chip-level read-protection.
+Reardon
On Tue, Aug 5, 2014 at 2:41 PM, Stefan Tauner stefan.tauner@alumni.tuwien.ac.at wrote:
On Tue, 5 Aug 2014 12:55:33 -0400 TR Reardon thomas_reardon@hotmail.com wrote:
I tried looking for an answer to this but a quick one didn't surface: when flash regions are protected, is this implemented by the flash chip itself or by the SPI logic (ie ichspi for Intel programmer)?
Both, and more. There are 3 common cases:
- was used at least in the last 20 years or so: a GPIO line from the
chipset is connected to the write protection pin (most flash chips have that). This is usually mainboard-specific and is handled by flashrom in board_enable.c
- Some flash chips offer software locking mechanisms where some
commands need to be sent to the flash chip to lock and unlock respective address ranges. Those settings can then also be hardward-locked via 1)
- are programmer-based protections such those seen on Intel chipsets
where the chipset hardware implements a kind of firewall for the SPI stream.
-- Kind regards/Mit freundlichen Grüßen, Stefan Tauner
On Tue, 5 Aug 2014 15:41:03 -0400 TR Reardon thomas_reardon@hotmail.com wrote:
Got it, thanks all for the quick responses.
I take it that read-protection of non-described areas (ie where there are gaps in the described regions) is done _implicitly_ by the ICH SPI controller?
exactly. all addresses that are not described in the descriptor are implicitly read-/write-protected. IIRC this is not documented in any public intel datasheet
In the case of Winbond 25Q64 chips, I saw only write-protection in the datasheet, no chip-level read-protection.
Yes, read protections are not that common (yet) for basic flash chips. The are very common where companies think they have to hide their data and/or algorithms (FPGA code, industrial/automotive microcontrollers), and X86 is moving towards this area pretty fast right now. :(
-
David Hendricks -
Ross Amans -
Stefan Tauner -
TR Reardon