[coreboot] SPI Flash Writeprotect

Marshall Dawson marshalldawson3rd at gmail.com
Mon Feb 27 15:51:57 CET 2017 

>
> It's probably the MRC cache...
>
Agreed, if this feature is enabled it will reliably modify the flash
contents during the first boot.  This can typically be disabled under the
chipset menu.  You may need to look for something like "Enable Fast Boot"
but I suspect this text could be inconsistent across technologies.

The Intel ME can also modify the contents without your knowledge, e.g. for
logging.  This could potentially be more intermittent, though.  For good
measure, you probably want to use the Intel FITC tool and ensure ME logging
is disabled on your system.  (This is NDA only, I believe.)

Since you didn't mention your CPU vendor, the AMD PSP can also modify the
flash device contents in its firmware area.

Of course, if you can read the device and identify the address of the
change, that will give you clues for determining how it's getting modified.

Thanks,
Marshall


On Mon, Feb 27, 2017 at 2:38 AM, John Lewis <jlewis at johnlewis.ie> wrote:

> Hi Naveed,
>
> It's probably the MRC cache or something like that, which IIRC you can
> disable. Whether there is also something else writing to the chip from
> coreboot I'm not 100% but others will chime in on that, I'm sure.
>
> Kind Regards,
>
> John.
>
> On 27/02/17 08:15, Naveed Ghori wrote:
>
> Hi all,
>
> Does Coreboot write to the flash chip it resides on? Can this be disabled?
>
> Verify of the SPI bios chip fails once the unit has booted up at least
> once.
>
>
>
> Best Regards,
>
> Naveed
> *Naveed Ghori* | Lead Firmware & Driver Engineer
> *DTI Group Ltd* | Transit Security & Surveillance
> 31 Affleck Road, Perth Airport, Western Australia 6105, Australia
> P +61 8 9373 2905,151 | F +61 8 9479 1190 <+61%208%209479%201190> |
> naveed.ghori at dti.com.au
> Visit our website  www.dti.com.au
> The information contained in this email is confidential. If you receive
> this email in error, please inform DTI Group Ltd via the above contact
> details. If you are not the intended recipient, you may not use or disclose
> the information contained in this email or attachments.
>
>
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://www.coreboot.org/mailman/listinfo/coreboot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20170227/53b43f7d/attachment.html>

More information about the coreboot mailing list