[flashrom] Emulating a flash chip for a real device

Stefan Tauner stefan.tauner at student.tuwien.ac.at
Tue Mar 19 10:30:12 CET 2013 

On Sun, 17 Mar 2013 07:15:39 +1000
Adam Nielsen <a.nielsen at shikadi.net> wrote:

> Hi all,
> 
> I have just purchased a network-connected video camera which runs Linux, and I 
> would like to experiment with creating my own firmware for it.  Since I am 
> likely to brick the device a few times with this, I'd like to come up with a 
> way of recovering it before I start.

Very thoughtful ;)

> The firmware (bootloader + kernel) is stored inside a 4MB SPI flash chip 
> supported by flashrom, however it is soldered onto the board, so presumably to 
> reflash it I will have to desolder at least one of the pins to avoid the 
> flashrom commands getting tangled up with those sent by the device itself when 
> reading the chip.

Please take a look at http://flashrom.org/ISP

> However I was thinking that instead of reflashing the entire chip every time 
> something goes wrong, it would be a lot easier if I could produce my firmware 
> image as a 4MB file, and emulate the chip so that the file is accessed 
> directly every time the camera tries to read from the flash chip.
> 
> I see flashrom can already emulate some chips with the 'dummy' programmer, and 
> as most (all?) programmers can both read and write data I am wondering whether 
> it is possible to set flashrom up as a virtual flash chip connected to a real 
> circuit, responding to read and write commands received from other chips in 
> the device.

The emulation in the "dummy" programmer is completely virtual which
allows trivially to do what it does. "Switching" the direction of
communication on hardware is fundamentally different - just doing reads
instead of writes and vice versa is not enough because of a number of
aspects I can not explain in a simple email (clock, chip select and all
the other tiny little details of digital communication :)

There are special devices that are able to emulate flash chips, but they
are expensive (500 eur range). One could implement such a device using
an FPGA but I am not aware of any free projects doing so...

> I plan to use a Bus Pirate as a programmer, so if I remove the flash chip and 
> connect the Bus Pirate to the circuit instead, being able to edit a file and 
> reset the device without actually reflashing anything would be a huge time saver.
> 
> If this isn't currently possible, would it be a big job to add support for it?

It is just not possible with the hardware used to write flash chips and
requires a completely new device.
-- 
Kind regards/Mit freundlichen Grüßen, Stefan Tauner

More information about the flashrom mailing list