[coreboot] Intel SCH CMC(Chipset Microcode) state machine binary?

Peter Stuge peter at stuge.se
Fri Oct 21 16:50:30 CEST 2011

Alp Eren Köse wrote:
> > > But unfortunately I needed a windoz machine to extract the CMC binary,
> > > you can use the CBROM utility like this:
> > > C:\> CBROM32_195.EXE vendor_bios.bin /TOPHOLE:FFFD0000 extract
> > I'd say you can do the same with dd(1), no?
> >
> Oh yes of course, that's very likely probably :) that should be something
> like this maybe:
> dd skip=(blocks until FFFD0000) if=vendor_bios.bin of=cmc.bin
> is that right? I'm not good at those block calculations:)

The theory is in the right direction but the details are wrong, and
the command can't work at all.

() creates a subshell in most if not all shells; not what you want.

To give dd the correct parameters you need to know where cmc.bin
starts. FFFD0000 is not the answer; it is the correct physical
address when the factory BIOS image is in a flash chip that the CPU
can address, but it is obviously not the correct offset in the file.

You know that the factory BIOS image is mapped to top of 4GB physical
address, so you need to use subtraction to find the correct offset:

offset = 0xfffd0000 - (0x100000000 - size of factory BIOS image)

Then you need to express the offset in a way that dd understands. As
you know from the dd man page, dd uses blocks, and you can set any
block size you want. Since a factory BIOS image size will always be a
multiple of 64KB, and this is how much you want to copy, and since
all other terms in the above equation are 64KB aligned, and since it
is such a nice round number in binary and hexadecimal, 64KB seems
like a good block size. Translate the offset into number of blocks:

offset_in_blocks = offset / 65536

And run dd:

dd if=factor_bios.bin of=cmc.bin bs=64k skip=offset_in_blocks count=1

Another method is to use http://stuge.se/physrd.c to try to read from
the flash chip directly, then you do not need to do maths, but on the
other hand you must compile a special program and if you are unlucky
the address region is not accessible by the CPU without special magic
that flashom knows. You would run:

./physrd 0xfffd0000 64k cmc.bin

I think the calculation is faster and simpler.


More information about the coreboot mailing list