[flashrom] Emulating a flash chip for a real device

[Adam Nielsen]

Hi all,

I have just purchased a network-connected video camera which runs Linux, and I 
would like to experiment with creating my own firmware for it.  Since I am 
likely to brick the device a few times with this, I'd like to come up with a 
way of recovering it before I start.

The firmware (bootloader + kernel) is stored inside a 4MB SPI flash chip 
supported by flashrom, however it is soldered onto the board, so presumably to 
reflash it I will have to desolder at least one of the pins to avoid the 
flashrom commands getting tangled up with those sent by the device itself when 
reading the chip.

However I was thinking that instead of reflashing the entire chip every time 
something goes wrong, it would be a lot easier if I could produce my firmware 
image as a 4MB file, and emulate the chip so that the file is accessed 
directly every time the camera tries to read from the flash chip.

I see flashrom can already emulate some chips with the 'dummy' programmer, and 
as most (all?) programmers can both read and write data I am wondering whether 
it is possible to set flashrom up as a virtual flash chip connected to a real 
circuit, responding to read and write commands received from other chips in 
the device.

I plan to use a Bus Pirate as a programmer, so if I remove the flash chip and 
connect the Bus Pirate to the circuit instead, being able to edit a file and 
reset the device without actually reflashing anything would be a huge time saver.

If this isn't currently possible, would it be a big job to add support for it?

Thanks,
Adam.