[flashrom] MSI H55-GD65 (MS-7637) (H55, locked ME region, FLOCKDN=0(!))

Stefan Tauner stefan.tauner at student.tuwien.ac.at
Fri Aug 19 07:23:16 CEST 2011


*sigh*

when i said complicated i really meant it. please don't mind if you
don't understand everything of my mails. they are also for documentation
for future devs (those who have to take over when i become insane from
all of this :)

after looking into your logs in detail i noticed, that the PR registers
are not the problem (they are all 0, which indicates no read/write
protection). the real problem is the FRAP register. in there the host
can grant other flash masters access to the flash (the host is not the
only one with (write) access to the flash: the GbE controller and the
embedded controller (ME) can access it too). the second half of FRAP
indicates the rights of those host itself. it is initialized on startup
with the values stored in the descriptor. the other masters can grant
the host access to their regions afterwards. this part of FRAP is
read/only even if FLOCKDN=0, hence your board is not better off than
any other board with locked regions. that means there is no way to
access the whole flash on your board until we can unlock the ME region
(by telling the ME to grant the host access to its section, which wont
happen soon). sorry for the encouraging first mail. 

recap:
 - FRAP indicates host access to all other regions and is always
   read-only (even with FLOCKDN=0). it can be changed by other masters
   (this is what we want to achieve eventually).
 - FRAP also can be used to grant access to the BIOS range to the other
   masters. this can be prohibited by FLOCKDN=1.
 - FREG* defines the addresses of the regions above (r/o, filled from
   the descriptor on startup)
 - PR* is an additional access control mechanism independent from
   FRAP/FREG*, constrained by FLOCKDN=1.

-- 
Kind regards/Mit freundlichen Grüßen, Stefan Tauner




More information about the flashrom mailing list