[flashrom] GSOC 2011

Stefan Tauner stefan.tauner at student.tuwien.ac.at
Tue Mar 22 06:46:46 CET 2011 

On Mon, 21 Mar 2011 12:41:11 -0400
Joshua Roys <roysjosh at gmail.com> wrote:

> My 2 cents are that this would be very useful...  There are a few
> ICH10 systems at work that are fairly locked down through the chipset 
> restrictions.  Other than flashing externally or attempting to 
> circumvent the chipset, your plan is the only other option.  I don't 
> think Intel will remove restrictions in the future (although they may 
> convince BIOS folk to use less restrictive defaults) so it would be a 
> good idea, I think, to learn to play nice with them.

hi

i talked to peter, joshua and marc on irc yesterday about it.
the condensed agreement is, that we don't really know what this would
get us exactly and we should know that before we really decide.

idwer at least said "I think choosing to work on Intel's ME as a
gsoc project will be more rewarding than focusing on ECs, which vary".

so i am trying to research this further in respect to impact on
different platforms and if the heci thing is really the one responsible
for this.

interesting bits so far:
there has been efforts to push a new heci driver upstream this year [1].

intel signs their firmware images with a PKI. the signature/public key
is checked on every boot with a sha-1 hash in rom [2]. not important
for my task but interesting nonetheless imho.


there seem to be two main architectures for accessing system flash
chips (in notebooks) these days. i'll give an example for each:
 - 1. system flash behind an external EC e.g. thinkpad SL410 [3],
 - 2. system flash directly connected to the southbridge, ec has its
   own flash for its firmware (either embedded or another external
   flash chip) thinkpad t400s (predecessor of my t410s) [4].

the first case is the known and feared case were the EC can
interfere in various ways with flashrom's interactions with the
flash. i'm pretty sure that we can make flashrom support the other
case with heci, but this would most probably only allow to flash the
bios flash not the EC firmware. updating the bios only is probably a
bad idea but this has to be solved later.

for non-mobile boards there seem to be a variety of ME configurations in
respect to flash settings in the wild:

flashrom does not work:
 - Zotac H55-itx (H55) [5]:
	Flash Configuration Lock-Down: disabled
	Flash descriptors: valid
	descriptors r/o, ME and platform locked
 - Intel DG45ID (my desktop) (ICH10R) [11]:
	Flash Configuration Lock-Down: enabled
	Flash descriptors: valid
	descriptors r/o, ME locked

flashrom works:
 - Supermicro C2SEA (ICH10R) [6]:
   Asus P5E-VM (ICH9R) [7]:
   Gigabyte EP45-DS4 (ICH10R) [8]:
   Z8NA-D6(C) (ICH10R) [9]:
	Flash Configuration Lock-Down: disabled
	Flash descriptors: disabled/not valid
 - EVGA X58 SLI (ICH10R) [10]:
	Flash Configuration Lock-Down: disabled
	Flash descriptors: valid
	all descriptors r/w

so the majority of desktop boards seem to not use the flash descriptors
at all or don't lock them and therefore work with flashrom already.
beside my intel board only that zotac boards locks flash regions.
i doubt that these are the only ones in the wild, but that's all i
could dig up yet.

i'd like to get a comment from carl-daniel, before i try dissecting
intel's flash program for the dg45id (for which i could use some help
btw).

1: http://linux.derkeiler.com/Mailing-Lists/Kernel/2011-02/msg04015.html
2:
http://software.intel.com/en-us/articles/architecture-guide-intel-active-management-technology/
3: http://notebookschematic.com/wp-content/uploads/2010/12/SL410K.png
4: http://notebookschematic.com/wp-content/uploads/2010/11/T400S_2.png
5: http://www.flashrom.org/pipermail/flashrom/2010-December/005578.html
6: http://www.flashrom.org/pipermail/flashrom/2010-November/005428.html
7: http://www.flashrom.org/pipermail/flashrom/2011-January/005705.html
8: http://paste.flashrom.org/view.php?id=429
9: http://www.flashrom.org/pipermail/flashrom/2010-September/004671.html
10: http://www.flashrom.org/pipermail/flashrom/2010-November/005409.html
11: http://www.flashrom.org/pipermail/flashrom/2011-March/006012.html
-- 
Kind regards/Mit freundlichen Grüßen, Stefan Tauner

More information about the flashrom mailing list