[flashrom] [PATCH 5/7] warn if SMM BIOS Write Protection is detected in BIOS_CNTL
Stefan Tauner
stefan.tauner at student.tuwien.ac.at
Fri Nov 4 00:38:34 CET 2011
On Thu, 3 Nov 2011 19:08:37 +0100
Stefan Reinauer <stefan.reinauer at coreboot.org> wrote:
> * Stefan Tauner <stefan.tauner at student.tuwien.ac.at> [111103 12:04]:
> > > > - new = old | 1;
> > > > + /*
> > > > + * Quote from the 6 Series datasheet:
> > > > + * "5: SMM BIOS Write Protect Disable (SMM_BWP)
> > > > + * 1 = BIOS region SMM protection is enabled.
> > > > + * The BIOS Region is not writable unless all processors are in SMM."
> > > > + * In earlier chipsets this bit is reserved. */
> > > > + if (old& (5<< 1)) {
> > > > + msg_pinfo("WARNING: BIOS region SMM protection is enabled!\n");
> > > > + return -1;
> > > You might still be successful doing the write, in case the SMM handler
> > > does not enforce the protection, so maybe you should just print a
> > > warning but not return here?
> >
> > in chromium-os you are trying to unset that bit[1], but according to the
> > data sheet this is impossible - it is R/W LO (read/write lock once).
>
> Maybe there is some confusion about R/W LO. The bit can be locked, but
> that does not mean it is locked automatically by writing / clearing it.
> Once it is locked, the lock can not be undone except by a chipset reset.
hm.
quote 6 series datasheet:
"R/WLO
Read/Write, Lock-Once. A register bit with this attribute can be
written to the non-locked value multiple times, but to the locked value
only once. After the locked value has been written, the bit becomes
read only."
> > and you degraded the warning to dbg level... certainly not suited for
> > upstream, but maybe desirable for chromium(?).
>
> Yes, that was done on purpose, because the lock bit that prevents the
> bit from being cleared also produces a warning.
and that is? BLE? i do not interpret the public datasheet like that,
but...
> > have you tested this on a board where SMM_BWP is really set to 1? we
> > may wanna try to write it anyway, but it would be far more interesting
> > if it really works on some chipsets :)
>
> Yes, this was implemented to fix a problem I was seeing, and it solved
> the problem. :-)
hm ok, we should get this upstream then.
--
Kind regards/Mit freundlichen Grüßen, Stefan Tauner
More information about the flashrom
mailing list