[flashrom] N25Q128 and EliteBook

Andrew Goodbody ajg4tadpole at gmail.com
Wed Mar 20 19:24:52 CET 2013

On 20/03/13 15:42, Stefan Tauner wrote:
> On Wed, 20 Mar 2013 19:09:07 +0400
> Vasiliy Vylegzhanin <coder at npo-echelon.ru> wrote:
>> Warning: Setting Bios Control at 0xdc from 0x0a to 0x0b on QM77 failed.
> I did miss that line in the first mail. Your BIOS traps the access to
> that register and reverts it in SMM so that the general write
> protection of the flash chip remains enabled. See also the mail titled
> "success hacking DELL Dimension 4100" with the same underlying problem.
> Sadly the exact hack was not posted (yet), you may wanna ping Bertho to
> send his solution.

I'll bet that the SMRAM will be locked and so the above hack will not be 
possible. Bertho was able to do it on an old board whereas this one in 
question is much newer. You might be lucky, but I doubt it. The hack is 
simple enough in essence. Enable non-SMM access to the SMRAM via the 
chipset (this is the bit I expect not to work as it should be locked 
down via a write once mechanism) and then poke the RSM instruction into 
the SMI vector ie SMRAM + 0x8000. The location of the SMRAM should be 
visible from chipset settings iirc. Finally disable non-SMM access to 
the SMRAM. This will prevent all SMM activity which may include thermal 
control, hotplug assistance etc. so you probably don't want to leave it 
in this state for longer than necessary.


More information about the flashrom mailing list