[flashrom] reading the flash image of my Celsius H265

Fri May 11 18:00:51 CEST 2018

On Fri, May 11, 2018 at 7:52 AM, Elmar Stellnberger <estellnb at elstel.org>
wrote:

>
>
> On 2018-05-11 00:08, Nico Huber wrote:
> > actually, I don't see a BIOS in there at all. ...
>
>> If you want to hunt more clues nevertheless, you can send us the output
>> of `flashrom -p internal:laptop=force_I_want_a_brick -V`. IIRC, it
>> also tells from which bus the BIOS was loaded.
>>
>> I think the ME has some logging enabled and simply writes to the flash.
>>
>> Nico
>>
>>
> On 2018-05-10 23:24, David Hendricks wrote:
> > If this is the case, then you will need to figure out how to prevent
> > the EC  from reading/writing the ROM at the same time as flashrom.
> > This could be as simple as disabling your OS's power management daemon
> > to avoid stimulating it, or ...
>
> Here comes the verbose output of flashrom as attachement.
> This time the output was taken after shutting down the backlight daemons:
> systemctl stop systemd-backlight at backlight:acpi_video0.service
> systemctl stop systemd-backlight at backlight:nv_backlight.service
>
> - and see the newly loaded rom images do not differ any more (though the
> time between taking both images has been less this time).
>

Glad that seems to have worked for reading. However as Nico said we really
can't recommend attempting to write using flashrom. At least not unless you
can get a full understanding of how this works and how to safely disable
the EC for updates, and have a method for recovery (e.g. an external
programmer). Anything that interacts with the EC (power, thermal, input
events, maybe other things) can wake it up and put your system in a bad
(possibly bricked) state.

> wget https://www.elstel.org/uploads/celsius3.rom
> wget https://www.elstel.org/uploads/celsius4.rom
>
>   Is it true that these flash images do not contain a BIOS?
>

It appears true. As Nico said it appears this chip is only for ME firmware
and configuration data. There is almost certainly another SPI flash on the
motherboard for the BIOS. You may need to (de-)assert some GPIO or send a
special command to the EC to select it.

> If it still contains all ME regions that should be enough for disabling
> ME? How to do that - I have heard that me_cleaner only works on gen2 and
> gen3 MEs but that my ME would be gen1?
>

I'm not an expert on me_cleaner, but the long story short is that ME is a
complicated beast that changes frequently and is very intertwined with how
the system works. me_cleaner can remove some (many?) modules but can't
disable it completely since ME controls some functions needed to bring-up
the CPU. I'm sure they'd appreciate your help demystifying your ME's
generation!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/flashrom/attachments/20180511/24a309f6/attachment.html>