[flashrom] N25Q128 and EliteBook
Andrew Goodbody
ajg4tadpole at gmail.com
Wed Mar 20 19:24:52 CET 2013
On 20/03/13 15:42, Stefan Tauner wrote:
> On Wed, 20 Mar 2013 19:09:07 +0400
> Vasiliy Vylegzhanin <coder at npo-echelon.ru> wrote:
>
>> Warning: Setting Bios Control at 0xdc from 0x0a to 0x0b on QM77 failed.
>
> I did miss that line in the first mail. Your BIOS traps the access to
> that register and reverts it in SMM so that the general write
> protection of the flash chip remains enabled. See also the mail titled
> "success hacking DELL Dimension 4100" with the same underlying problem.
> Sadly the exact hack was not posted (yet), you may wanna ping Bertho to
> send his solution.
I'll bet that the SMRAM will be locked and so the above hack will not be
possible. Bertho was able to do it on an old board whereas this one in
question is much newer. You might be lucky, but I doubt it. The hack is
simple enough in essence. Enable non-SMM access to the SMRAM via the
chipset (this is the bit I expect not to work as it should be locked
down via a write once mechanism) and then poke the RSM instruction into
the SMI vector ie SMRAM + 0x8000. The location of the SMRAM should be
visible from chipset settings iirc. Finally disable non-SMM access to
the SMRAM. This will prevent all SMM activity which may include thermal
control, hotplug assistance etc. so you probably don't want to leave it
in this state for longer than necessary.
Andrew
More information about the flashrom
mailing list