[flashrom] Flash Access on Shuttle XH170V failed

Michael Fuckner michael at fuckner.net
Fri Mar 24 15:14:45 CET 2017 

Hi,

I had to use flashrom and my raspi to reflash my bios chip after it got 
corrupted. Now I compare the original Firmware (XH170V00.200) I flashed 
into the Chip with the file I read (flash.bin).

I found the MAC Address in the File read (at 0x1000), so of course, the 
flash.bin is different from the original.

The descriptors look somewhat different from the information found in 
the log- here it is not overlapping

--- Details ---
Region 0 (Descr.) 0x00000000 - 0x00000fff
Region 1 (BIOS  ) 0x00200000 - 0x007fffff
Region 2 (ME    ) 0x00003000 - 0x001fffff
Region 3 (GbE   ) 0x00001000 - 0x00002fff
Region 4 (Platf.) is unused.

Should I upload you flash.bin somewhere?

Regards,
  Michael!


On 3/23/2017 10:36 PM, Nico Huber wrote:
> On 23.03.2017 20:26, Michael Fuckner wrote:
>> Hi,
>>
>> I got a file, 8MB in size and it contains data. md5sum is not identical
>> to original file and binwalk looks different on the beginning.
>
> Not sure, what an "original" file would be. The flash contains data that
> is specific to your device like serial numbers, the MAC address etc.
> Also, at least two of the firmwares in your flash are self-modifying
> (ME, UEFI).
>
>> The original file starts with 0x258988, so this is the area for ME and
>> Ethernet Config?
>
> What is 0x258988 supposed to mean? an offset? I doubt that binwalk can
> give any thorough report of the flash image though.
>
> Let's have a look at your log:
>
>> === Region Section ===
>> FLREG0   0x00000000
>> FLREG1   0x07ff0200
>> FLREG2   0x005a0000
>> FLREG3   0x5a000000
>> FLREG4   0x00000000
>>
>> --- Details ---
>> Region 0 (Descr.) 0x00000000 - 0x00000fff
>> Region 1 (BIOS  ) 0x00200000 - 0x007fffff
>> Region 2 (ME    ) 0x00000000 - 0x0005afff
>> Region 3 (GbE   ) 0x00000000 - 0x01a00fff
>> Region 4 (Platf.) 0x00000000 - 0x00000fff
>
> This is part of the Firmware Descriptor, the first part of any modern
> Intel flash image. Beside many other things it contains this partition
> table. It looks very odd, with overlapping regions. I haven't looked
> into changes in the descriptor for Skylake yet, maybe it's not decoded
> correctly.
>
> However if you want to verify your image you can try to decode the read
> descriptor:
>
>   $ make -Cutil/ich_descriptors_tool/
>   $ util/ich_descriptors_tool/ich_descriptors_tool -f flash.bin
>
> It should give you the same output that you can find in your log.
>
> Thanks again for testing and your log, it's nice to see things working!
> ;)
>
> Nico
>

-------------- next part --------------
The flash image has a size of 8388608 [0x800000] bytes.
=== Content Section ===
FLVALSIG 0x0ff0a55a
FLMAP0   0x00040003
FLMAP1   0x58100208
FLMAP2   0x00310330

--- Details ---
NR          (Number of Regions):                     1
FRBA        (Flash Region Base Address):         0x040
NC          (Number of Components):                  1
FCBA        (Flash Component Base Address):      0x030
ISL         (ICH/PCH Strap Length):                 88
FISBA/FPSBA (Flash ICH/PCH Strap Base Address):  0x100
NM          (Number of Masters):                     3
FMBA        (Flash Master Base Address):         0x080
MSL/PSL     (MCH/PROC Strap Length):                 3
FMSBA       (Flash MCH/PROC Strap Base Address): 0x300

=== Component Section ===
FLCOMP   0x124c00f4
FLILL    0xad604221

--- Details ---
Component 1 density:            unknown
Component 2 is not used.
Read Clock Frequency:           unknown
Read ID and Status Clock Freq.: unknown
Write and Erase Clock Freq.:    unknown
Fast Read is not supported.
Invalid instruction 0:          0x21
Invalid instruction 1:          0x42
Invalid instruction 2:          0x60
Invalid instruction 3:          0xad

=== Region Section ===
FLREG0   0x00000000
FLREG1   0x07ff0200
FLREG2   0x01ff0003
FLREG3   0x00020001
FLREG4   0x00007fff

--- Details ---
Region 0 (Descr.) 0x00000000 - 0x00000fff
Region 1 (BIOS  ) 0x00200000 - 0x007fffff
Region 2 (ME    ) 0x00003000 - 0x001fffff
Region 3 (GbE   ) 0x00001000 - 0x00002fff
Region 4 (Platf.) is unused.

=== Master Section ===
FLMSTR1  0xffffff00
FLMSTR2  0xffffff00
FLMSTR3  0xffffff00

--- Details ---
      Descr. BIOS ME GbE Platf.
BIOS    rw    rw  rw  rw   rw
ME      rw    rw  rw  rw   rw
GbE     rw    rw  rw  rw   rw

The MAC address might be at offset 0x1000: 80:ee:73:b9:85:aa

More information about the flashrom mailing list