[flashrom] success hacking DELL Dimension 4100

Stefan Tauner stefan.tauner at student.tuwien.ac.at
Wed Mar 13 20:08:38 CET 2013

On Tue, 12 Mar 2013 16:59:26 +0000 (GMT)
Bertho Grandpied <y31415926536 at yahoo.fr> wrote:

> Some time ago, "Andrew Goodbody" noted :
> >> I'm pretty sure that the detection of FWH devices requires
> >> writing to the address space used and you cannot do that as
> >> you cannot set the BIOS WE bit in the chipset. So unless you
> >> can get around the SMI protection of that bit then there is
> >> no way to detect the chip in use. Even if you did detect it,
> >> you still could not program it.
> And I responded : 
> > I'll check whether the BIOS also has locked access to SMRAM
> > - usually it wasn't done at the time. If the SMRAM is
> > accessible from outside SMM, it would be straightforward to
> > bypass the protection (just replace an RSM instruction as
> > the SMI "handler" ;-)
> Which was done successfully a mompent ago... BIOS was not locking the SMM settings on this Intel board fortunately, so replacing a plain RSM instruction at the SMI origin (A000:8000) took just a couple minutes' hacking, then for sure Flashrom was able to detect the FWH, to dump and also to update the flash image successfully :=) 

Nice one, congratulations :)
Maybe this could be transformed to a patch for flashrom... I would like
to see your code (if any) in any case, can you publish it please?

> This complete circumvention of the (idiotic) BIOS 'protection' has achieved my original purpose - be able to modify the BIOS ad libitum. I did not have to search for the specific GPIO or similar method which the official BIOS patchers use. 

Because there is none... just the SMM protection (I guess).

Kind regards/Mit freundlichen Grüßen, Stefan Tauner

More information about the flashrom mailing list