Am 20.08.2011 12:39 schrieb Stefan Tauner:
There is no sign of BBAR (BIOS Base Address Configuration Register) in the public datasheet (or specification update) of the ICH8. Also, the offset of that register has changed between ICH7 (SPIBAR + 50h) and ICH9 (SPIBAR + A0h), so we have no clue if or where it is on ICH8. Better don't try to touch it at all and assume/hope it is 0.
Just a short comment about this: Can we create a TODO.txt or UNKNOWN.txt file in the flashrom source which lists all such questions and similar assumptions? That way we know which questions we can ask Intel if one of their engineers talks to us.
Regards, Carl-Daniel
Move the serprog specification there and document a few things we could not figure out on intel platforms yet.
Signed-off-by: Stefan Tauner stefan.tauner@student.tuwien.ac.at --- Documentation/mysteries_intel.txt | 18 ++++++ Documentation/serprog-protocol.txt | 109 ++++++++++++++++++++++++++++++++++++ serprog-protocol.txt | 109 ------------------------------------ 3 files changed, 127 insertions(+), 109 deletions(-) create mode 100644 Documentation/mysteries_intel.txt create mode 100644 Documentation/serprog-protocol.txt delete mode 100644 serprog-protocol.txt
diff --git a/Documentation/mysteries_intel.txt b/Documentation/mysteries_intel.txt new file mode 100644 index 0000000..be452c3 --- /dev/null +++ b/Documentation/mysteries_intel.txt @@ -0,0 +1,18 @@ += BBAR on ICH8 = + There is no sign of BBAR (BIOS Base Address Configuration Register) in the + public datasheet (or specification update) of the ICH8. Also, the offset of + that register has changed between ICH7 (SPIBAR + 50h) and ICH9 (SPIBAR + + A0h), so we have no clue if or where it is on ICH8. Out current policy is to + not touch it at all and assume/hope it is 0. + += Accesses beyond region bounds in descriptor mode = + Intel's flash image tool will always expand the last region so that it covers + the whole flash chip, but some boards ship with a different configuration. + It seems that in descriptor mode all addresses outside the used regions can not + be accessed whatsoever. This is not specified anywhere publicly as far as we + could tell. flashrom does not handle this explicitly yet. It will just fail + when trying to touch an address outside of any region. + See also http://www.flashrom.org/pipermail/flashrom/2011-August/007606.html + += Unlocking the ME region = +TODO \ No newline at end of file diff --git a/Documentation/serprog-protocol.txt b/Documentation/serprog-protocol.txt new file mode 100644 index 0000000..168a28e --- /dev/null +++ b/Documentation/serprog-protocol.txt @@ -0,0 +1,109 @@ +Serial Flasher Protocol Specification - version 1 (0x01 return value == 1) + +Command And Answer Sequence - all commands give an answer. +PC: COMMAND(8bit) <parameters determined by opcode> +DEV: ACK/NAK(8bit) <OPTIONAL RETURN BYTES (only if ACK)> / nothing +Command 0x10 (SYNCNOP) has a special return of NAK+ACK for synchronization. + +ACK = 0x06 +NAK = 0x15 + +All multibyte values are little-endian. Addresses and lengths are 24-bit. + +COMMAND Description Parameters Return Value +0x00 NOP none ACK +0x01 Query programmer iface version none ACK + 16bit version (nonzero) +0x02 Query supported commands bitmap none ACK + 32 bytes (256 bits) of supported cmds flags +0x03 Query programmer name none ACK + 16 bytes string (null padding) / NAK +0x04 Query serial buffer size none ACK + 16bit size / NAK +0x05 Query supported bustypes none ACK + 8-bit flags (as per flashrom) / NAK +0x06 Query connected address lines none ACK + 8bit line count / NAK +0x07 Query operation buffer size none ACK + 16bit size / NAK +0x08 Query write-n maximum data len none ACK + 24bit maximum length / NAK +0x09 Read byte 24-bit addr ACK + BYTE / NAK +0x0A Read n bytes 24-bit addr + 24-bit length ACK + length bytes / NAK +0x0B Initialize operation buffer none ACK / NAK +0x0C Write to opbuf: Write byte 24-bit addr + 8-bit byte ACK / NAK (NOTE: takes 5 bytes in opbuf) +0x0D Write to opbuf: Write n 24-bit length + 24-bit addr + ACK / NAK (NOTE: takes 7+n bytes in opbuf) + + length bytes of data +0x0E Write to opbuf: delay 32-bit usecs ACK / NAK (NOTE: takes 5 bytes in opbuf) +0x0F Execute operation buffer none ACK / NAK +0x10 Sync NOP none NAK + ACK (for synchronization) +0x11 Query maximum read-n length none ACK + 24-bit length (0==2^24) / NAK +0x12 Set used bustype 8-bit flags (as with 0x05) ACK / NAK +0x13 Perform SPI operation 24-bit slen + 24-bit rlen ACK + rlen bytes of data / NAK + + slen bytes of data +0x?? unimplemented command - invalid. + + +Additional information of the above commands: + About unimplemented commands / startup sequence: + Only commands allowed to be used without checking anything are 0x00,0x10 and 0x01 (NOP,SYNCNOP,Q_IFACE). + If 0x01 doesn't return 1, dont do anything if you dont support a newer protocol. + Then, check support for any other opcode (except 0x02) by using 0x02 (Q_CMDMAP). + 0x02 (Q_CMDMAP): + The map's bits are mapped as follows: + cmd 0 support: byte 0 bit 0 + cmd 1 support: byte 0 bit 1 + cmd 7 support: byte 0 bit 7 + cmd 8 support: byte 1 bit 0, and so on. + 0x04 (Q_SERBUF): + If the programmer has a guaranteed working flow control, + it should return a big bogus value - eg 0xFFFF. + 0x05 (Q_BUSTYPE): + The bit's are defined as follows: + bit 0: PARALLEL, bit 1: LPC, bit 2: FWH, bit 3: SPI. + 0x06 (Q_CHIPSIZE): + Only applicable to parallel programmers. + An LPC/FWH/SPI-programmer can report this as not supported in the command bitmap. + 0x08 (Q_WRNMAXLEN): + If a programmer reports a bigger maximum write-n length than the serial buffer size, + it is assumed that the programmer can process the data fast enough to take in the + reported maximum write-n without problems. + 0x0F (O_EXEC): + Execute operation buffer will also clear it, regardless of the return value. + 0x11 (Q_RDNMAXLEN): + If this command is not supported, assume return of 0 (2^24). + 0x12 (S_BUSTYPE): + Set's the used bustype if the programmer can support more than one flash protocol. + Sending a byte with more than 1 bit set will make the programmer decide among them + on it's own. Bit values as with Q_BUSTYPE. + 0x13 (O_SPIOP): + Send and receive bytes via SPI. + Maximum slen is Q_WRNMAXLEN in case Q_BUSTYPE returns SPI only or S_BUSTYPE was used + to set SPI exclusively before. Same for rlen and Q_RDNMAXLEN. + This operation is immediate, meaning it doesnt use the operation buffer. + About mandatory commands: + The only truly mandatory commands for any device are 0x00, 0x01, 0x02 and 0x10, + but one can't really do anything with these commands. + Support for the following commands is necessary for flashrom to operate properly: + S_CMD_Q_SERBUF, S_CMD_Q_OPBUF, S_CMD_Q_WRNMAXLEN, S_CMD_R_BYTE, + S_CMD_R_NBYTES, S_CMD_O_INIT, S_CMD_O_WRITEB, S_CMD_O_WRITEN, + S_CMD_O_DELAY, S_CMD_O_EXEC. + In addition, support for these commands is recommended: + S_CMD_Q_PGMNAME, S_CMD_Q_BUSTYPE, S_CMD_Q_CHIPSIZE (if parallel). + + +This define listing should help C coders - (it's here to be the single source for copying - will be a .h someday i think) +#define S_ACK 0x06 +#define S_NAK 0x15 +#define S_CMD_NOP 0x00 /* No operation */ +#define S_CMD_Q_IFACE 0x01 /* Query interface version */ +#define S_CMD_Q_CMDMAP 0x02 /* Query supported commands bitmap */ +#define S_CMD_Q_PGMNAME 0x03 /* Query programmer name */ +#define S_CMD_Q_SERBUF 0x04 /* Query Serial Buffer Size */ +#define S_CMD_Q_BUSTYPE 0x05 /* Query supported bustypes */ +#define S_CMD_Q_CHIPSIZE 0x06 /* Query supported chipsize (2^n format) */ +#define S_CMD_Q_OPBUF 0x07 /* Query operation buffer size */ +#define S_CMD_Q_WRNMAXLEN 0x08 /* Query Write to opbuf: Write-N maximum length */ +#define S_CMD_R_BYTE 0x09 /* Read a single byte */ +#define S_CMD_R_NBYTES 0x0A /* Read n bytes */ +#define S_CMD_O_INIT 0x0B /* Initialize operation buffer */ +#define S_CMD_O_WRITEB 0x0C /* Write opbuf: Write byte with address */ +#define S_CMD_O_WRITEN 0x0D /* Write to opbuf: Write-N */ +#define S_CMD_O_DELAY 0x0E /* Write opbuf: udelay */ +#define S_CMD_O_EXEC 0x0F /* Execute operation buffer */ +#define S_CMD_SYNCNOP 0x10 /* Special no-operation that returns NAK+ACK */ +#define S_CMD_Q_RDNMAXLEN 0x11 /* Query read-n maximum length */ +#define S_CMD_S_BUSTYPE 0x12 /* Set used bustype(s). */ +#define S_CMD_O_SPIOP 0x13 /* Perform SPI operation. */ diff --git a/serprog-protocol.txt b/serprog-protocol.txt deleted file mode 100644 index 168a28e..0000000 --- a/serprog-protocol.txt +++ /dev/null @@ -1,109 +0,0 @@ -Serial Flasher Protocol Specification - version 1 (0x01 return value == 1) - -Command And Answer Sequence - all commands give an answer. -PC: COMMAND(8bit) <parameters determined by opcode> -DEV: ACK/NAK(8bit) <OPTIONAL RETURN BYTES (only if ACK)> / nothing -Command 0x10 (SYNCNOP) has a special return of NAK+ACK for synchronization. - -ACK = 0x06 -NAK = 0x15 - -All multibyte values are little-endian. Addresses and lengths are 24-bit. - -COMMAND Description Parameters Return Value -0x00 NOP none ACK -0x01 Query programmer iface version none ACK + 16bit version (nonzero) -0x02 Query supported commands bitmap none ACK + 32 bytes (256 bits) of supported cmds flags -0x03 Query programmer name none ACK + 16 bytes string (null padding) / NAK -0x04 Query serial buffer size none ACK + 16bit size / NAK -0x05 Query supported bustypes none ACK + 8-bit flags (as per flashrom) / NAK -0x06 Query connected address lines none ACK + 8bit line count / NAK -0x07 Query operation buffer size none ACK + 16bit size / NAK -0x08 Query write-n maximum data len none ACK + 24bit maximum length / NAK -0x09 Read byte 24-bit addr ACK + BYTE / NAK -0x0A Read n bytes 24-bit addr + 24-bit length ACK + length bytes / NAK -0x0B Initialize operation buffer none ACK / NAK -0x0C Write to opbuf: Write byte 24-bit addr + 8-bit byte ACK / NAK (NOTE: takes 5 bytes in opbuf) -0x0D Write to opbuf: Write n 24-bit length + 24-bit addr + ACK / NAK (NOTE: takes 7+n bytes in opbuf) - + length bytes of data -0x0E Write to opbuf: delay 32-bit usecs ACK / NAK (NOTE: takes 5 bytes in opbuf) -0x0F Execute operation buffer none ACK / NAK -0x10 Sync NOP none NAK + ACK (for synchronization) -0x11 Query maximum read-n length none ACK + 24-bit length (0==2^24) / NAK -0x12 Set used bustype 8-bit flags (as with 0x05) ACK / NAK -0x13 Perform SPI operation 24-bit slen + 24-bit rlen ACK + rlen bytes of data / NAK - + slen bytes of data -0x?? unimplemented command - invalid. - - -Additional information of the above commands: - About unimplemented commands / startup sequence: - Only commands allowed to be used without checking anything are 0x00,0x10 and 0x01 (NOP,SYNCNOP,Q_IFACE). - If 0x01 doesn't return 1, dont do anything if you dont support a newer protocol. - Then, check support for any other opcode (except 0x02) by using 0x02 (Q_CMDMAP). - 0x02 (Q_CMDMAP): - The map's bits are mapped as follows: - cmd 0 support: byte 0 bit 0 - cmd 1 support: byte 0 bit 1 - cmd 7 support: byte 0 bit 7 - cmd 8 support: byte 1 bit 0, and so on. - 0x04 (Q_SERBUF): - If the programmer has a guaranteed working flow control, - it should return a big bogus value - eg 0xFFFF. - 0x05 (Q_BUSTYPE): - The bit's are defined as follows: - bit 0: PARALLEL, bit 1: LPC, bit 2: FWH, bit 3: SPI. - 0x06 (Q_CHIPSIZE): - Only applicable to parallel programmers. - An LPC/FWH/SPI-programmer can report this as not supported in the command bitmap. - 0x08 (Q_WRNMAXLEN): - If a programmer reports a bigger maximum write-n length than the serial buffer size, - it is assumed that the programmer can process the data fast enough to take in the - reported maximum write-n without problems. - 0x0F (O_EXEC): - Execute operation buffer will also clear it, regardless of the return value. - 0x11 (Q_RDNMAXLEN): - If this command is not supported, assume return of 0 (2^24). - 0x12 (S_BUSTYPE): - Set's the used bustype if the programmer can support more than one flash protocol. - Sending a byte with more than 1 bit set will make the programmer decide among them - on it's own. Bit values as with Q_BUSTYPE. - 0x13 (O_SPIOP): - Send and receive bytes via SPI. - Maximum slen is Q_WRNMAXLEN in case Q_BUSTYPE returns SPI only or S_BUSTYPE was used - to set SPI exclusively before. Same for rlen and Q_RDNMAXLEN. - This operation is immediate, meaning it doesnt use the operation buffer. - About mandatory commands: - The only truly mandatory commands for any device are 0x00, 0x01, 0x02 and 0x10, - but one can't really do anything with these commands. - Support for the following commands is necessary for flashrom to operate properly: - S_CMD_Q_SERBUF, S_CMD_Q_OPBUF, S_CMD_Q_WRNMAXLEN, S_CMD_R_BYTE, - S_CMD_R_NBYTES, S_CMD_O_INIT, S_CMD_O_WRITEB, S_CMD_O_WRITEN, - S_CMD_O_DELAY, S_CMD_O_EXEC. - In addition, support for these commands is recommended: - S_CMD_Q_PGMNAME, S_CMD_Q_BUSTYPE, S_CMD_Q_CHIPSIZE (if parallel). - - -This define listing should help C coders - (it's here to be the single source for copying - will be a .h someday i think) -#define S_ACK 0x06 -#define S_NAK 0x15 -#define S_CMD_NOP 0x00 /* No operation */ -#define S_CMD_Q_IFACE 0x01 /* Query interface version */ -#define S_CMD_Q_CMDMAP 0x02 /* Query supported commands bitmap */ -#define S_CMD_Q_PGMNAME 0x03 /* Query programmer name */ -#define S_CMD_Q_SERBUF 0x04 /* Query Serial Buffer Size */ -#define S_CMD_Q_BUSTYPE 0x05 /* Query supported bustypes */ -#define S_CMD_Q_CHIPSIZE 0x06 /* Query supported chipsize (2^n format) */ -#define S_CMD_Q_OPBUF 0x07 /* Query operation buffer size */ -#define S_CMD_Q_WRNMAXLEN 0x08 /* Query Write to opbuf: Write-N maximum length */ -#define S_CMD_R_BYTE 0x09 /* Read a single byte */ -#define S_CMD_R_NBYTES 0x0A /* Read n bytes */ -#define S_CMD_O_INIT 0x0B /* Initialize operation buffer */ -#define S_CMD_O_WRITEB 0x0C /* Write opbuf: Write byte with address */ -#define S_CMD_O_WRITEN 0x0D /* Write to opbuf: Write-N */ -#define S_CMD_O_DELAY 0x0E /* Write opbuf: udelay */ -#define S_CMD_O_EXEC 0x0F /* Execute operation buffer */ -#define S_CMD_SYNCNOP 0x10 /* Special no-operation that returns NAK+ACK */ -#define S_CMD_Q_RDNMAXLEN 0x11 /* Query read-n maximum length */ -#define S_CMD_S_BUSTYPE 0x12 /* Set used bustype(s). */ -#define S_CMD_O_SPIOP 0x13 /* Perform SPI operation. */
-
Carl-Daniel Hailfinger -
Stefan Tauner