[coreboot] password

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Fri Apr 9 14:25:56 CEST 2010

On 09.04.2010 05:17, Darmawan Salihun wrote:
> I'm not sure if this will work and it's risky as well, but you might
> want to try it out:
> In most BIOS, shorting the address pins (or the equivalent of that
> act) upon boot will force the machine to boot from the bootblock BIOS.
> The bootblock routine usually searches for BIOS binary file to flash,
> because the assumption is the system BIOS a.k.a main BIOS module is
> corrupt and need replacement.

This can't work on LPC/FWH/SPI flash because there are no address lines
on these chips.

And even on old-style parallel flash, I don't understand how this is
supposed to work. If we short all address lines, the CPU is going to
read garbage from the ROM and won't even start up. Same problem applies
if you short the lowest address line. Shorting some intermediate address
line like A8 could work if the BIOS image is carefully crafted. Shorting
the uppermost address line could work as well. And if an EC is using
that parallel flash chip as well, you'd better make sure it will _never_
read garbage or you have some really big problems.

I'd appreciate a real-world example where shorting an address pin works.
Please include the flash chip type and tell me which address pin was
shorted, and whether the pin was tied to 0 or to 1.



More information about the coreboot mailing list