[flashrom] Failed Flashing Intel 3420 Chipset

Stefan Tauner stefan.tauner at student.tuwien.ac.at
Mon Aug 22 10:41:54 CEST 2011 

On Mon, 22 Aug 2011 15:31:17 +1200
Shailendra Sodhi <shailendra.sodhi at endace.com> wrote:

> Hi,
> 
> Hi we use flashroom tool to flash our X8DTH and X8DTU Supermicro boards
> now when we try to flash X8SIE-F Motherboard with Intel 3420 chipset
> flashrom fails with error.
> 
> Attached a file(s) detailing error. Please let me know if any further
> information required to make this work.
> 

hello shailendra

first: please don't post plain text as word documents.

> 0x04: 0x6008 (HSFS)
> HSFS: FDONE=0, FCERR=0, AEL=0, BERASE=1, SCIP=0, FDOPSS=1, FDV=1, FLOCKDN=0

FLOCKDN=0 is good, this means we can tinker with the relevant registers.

> 0x06: 0x0000 (HSFC)
> HSFC: FGO=0, FCYCLE=0, FDBC=0, SME=0
> 0x08: 0x00001000 (FADDR)
> 0x50: 0x0000ffff (FRAP)
> BMWAG 0x00, BMRAG 0x00, BRWA 0xff, BRRA 0xff
> 0x54: 0x00000000 (FREG0: Flash Descriptor)
> 0x00000000-0x00000fff is read-write
> 0x58: 0x03ff0100 (FREG1: BIOS)
> 0x00100000-0x003fffff is read-write
> 0x5C: 0x00ff0001 (FREG2: Management Engine)
> 0x00001000-0x000fffff is read-write
> 0x60: 0x00000fff (FREG3: Gigabit Ethernet)
> Gigabit Ethernet region is unused.
> 0x64: 0x00000fff (FREG4: Platform Data)
> Platform Data region is unused.

good. none of the 5 regions are locked.

> 0x74: 0x80108001 (PR0)
> 0x78: 0x00000000 (PR1)
> 0x7C: 0x00000000 (PR2)
> 0x80: 0x00000000 (PR3)
> 0x84: 0x00000000 (PR4)

and there we have our problem. the PR registers are another lock
mechanism. the current content of PR0 declares the range
0x00001000 - 0x00010fff to be locked (write and read protected).
because of FLOCKDN=0, we can manipulate this and the attached patch will
try to remove the read and write protection. read and write operations
should then pass the chipset's protection mechanisms and be delivered
to the flash chip.

please note though, that we do not know why supermicro has decided to
lock this address range. it might be a good idea to ask them, or to not
touch the whole ME region at all (you can do this with the layout
option). OTOH it might also be a bad idea to just update the bios
without updating the ME firmware (or the bios and only a part of the
ME range)... we just don't know. so if you don't have any means to
recover a mis-flashed board, i would not recommend you try to write to
this board with flashrom. i would appreciate a read test with the
attached patch though, so that we know if the (read) protection can be
circumvented.

-- 
Kind regards/Mit freundlichen Grüßen, Stefan Tauner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-not-for-merge-ichspi-add-prettyprinting-and-unlockin.patch
Type: text/x-patch
Size: 4188 bytes
Desc: not available
URL: <http://www.flashrom.org/pipermail/flashrom/attachments/20110822/595fbc64/attachment.patch>

More information about the flashrom mailing list