[flashrom] [PATCH 2/8] ichspi: disable writes when locked or read-only regions are detected

Stefan Tauner stefan.tauner at student.tuwien.ac.at
Sat Sep 17 00:54:56 CEST 2011


On Sat, 17 Sep 2011 00:27:34 +0200
Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net> wrote:

> Am 04.09.2011 00:21 schrieb Stefan Tauner:
> > On Fri, 02 Sep 2011 20:27:37 +0200
> > Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net> wrote:
> >
> >> Am 20.08.2011 12:39 schrieb Stefan Tauner:
> >>
> >> How do we handle chips where a part of the chip is not part of any
> >> region? What does the hardware enforce in that situation?
> > i am not entirely sure yet if my hypothesis is correct, but i think
> > the hardware prohibits any accesses outside defined regions (i.e.
> > flash cycle error and/or access error log) - most probably only if the
> > flash descriptor is valid of course (and the flash descriptor
> > security override pin is not pulled down)...
> >
> > for some more detail please see
> > 201108170859.p7H8xGcB007590 at mail2.student.tuwien.ac.at in the "report
> > for Intel QM67 | Winbond W25Q64" thread.
> >
> > and due to this new information, i am not so sure anymore this patch is
> > a good idea... either we should add a check for PR-based protections and
> > that the regions cover the whole chip too (probably the right thing to
> > do according to my guts),
> 
> I think that would be a good idea. Maybe print a warning "please report
> foo to flashrom@" in case the chip is not completely covered by regions
> so we get a feeling for what's ok and what's not ok.

dunno if there is much more insight to be gained by reports of probings
only, but a more explicit warning and request for a report does not
hurt that much. we still get the 0.9.2 nvidia mcp reports, but i think
it is not *that* annoying to *not* make this "error" again :)

> > or drop the patch.
> >
> > OTOH improved layout support would make it possible to
> > read/write/verify unprotected parts without a problem. with this patch
> > --force is needed to write them, correct?
> 
> I'm not sure how --force would change anything here.

in chip_safety_check we check for !programmer_may_write and do *not*
bail out if --force is used. and afaics this is the only place where we
read this variable, so --force would indeed override it... like i
thought(?)

> > would be ok with me... as long
> > as it would not completely hinder the user from writing.
> 
> If any part of the write has a chance of not working reliably, we should
> completely block writing until we can exactly limit writes to writable
> regions.

well, i *think* that updating the bios/firmware region *only* may
actually be enough to update a mobo. i guess no one has tried yet
though so it is just a theory. if it is true disabling write access
completely reduces flashrom's capabilities... well that's pretty
academic nonsense, but that's how i work :P

i'd like to keep the --force override like it is for now (so the write
protection of a refined patch can still be overriden).

so i suggest we drop this patch for now until i have a refined one and
bring in the rest (of this patch set). i guess i will have a new patch
before all my other patches are reviewed, so it is not a big deal
anyway ;)
-- 
Kind regards/Mit freundlichen Grüßen, Stefan Tauner




More information about the flashrom mailing list