<div dir="ltr">Hi.<div><br></div><div>> Third time lucky.</div><div>It indeed looks like to be a case here :)</div><div><br></div><div><div># flashrom --programmer internal -r 1002.bin.patch4 -V</div><div>flashrom v0.9.7-r1858 on Linux 3.16.0-4-686-pae (i686)</div><div>flashrom is free software, get the source code at <a href="http://www.flashrom.org">http://www.flashrom.org</a></div><div><br></div><div>flashrom was built with libpci 3.2.1, GCC 4.9.2, little endian</div><div>Command line (5 args): flashrom --programmer internal -r 1002.bin.patch4 -V</div><div>Calibrating delay loop... OS timer resolution is 1 usecs, 534M loops per second, 10 myus = 11 us, 100 myus = 107 us, 1000 myus = 1024 us, 10000 myus = 10026 us, 4 myus = 5 us, OK.</div><div>Initializing internal programmer</div><div>No coreboot table found.</div><div>Using Internal DMI decoder.</div><div>DMI string chassis-type: "Desktop"</div><div>DMI string system-manufacturer: "ASUSTeK COMPUTER INC."</div><div>DMI string system-product-name: "PCH-DR"</div><div>DMI string system-version: "1.XX "</div><div>DMI string baseboard-manufacturer: "ASUSTek Computer INC."</div><div>DMI string baseboard-product-name: "PCH-DR"</div><div>DMI string baseboard-version: "1.XX "</div><div>Found Winbond Super I/O, id 0x82</div><div>W836xx enter config mode worked or we were already in config mode. W836xx leave config mode had no effect.</div><div>Active config mode, unknown reg 0x20 ID: 00.</div><div>Please send the output of "flashrom -V -p internal" to </div><div><a href="mailto:flashrom@flashrom.org">flashrom@flashrom.org</a> with W836xx: your board name: flashrom -V</div><div>as the subject to help us finish support for your Super I/O. Thanks.</div><div>Found chipset "Intel 6300ESB" with PCI ID 8086:25a1. Enabling flash write... 0xfff80000/0xffb80000 FWH IDSEL: 0x0</div><div>0xfff00000/0xffb00000 FWH IDSEL: 0x0</div><div>0xffe80000/0xffa80000 FWH IDSEL: 0x1</div><div>0xffe00000/0xffa00000 FWH IDSEL: 0x1</div><div>0xffd80000/0xff980000 FWH IDSEL: 0x2 </div><div>0xffd00000/0xff900000 FWH IDSEL: 0x2 </div><div>0xffc80000/0xff880000 FWH IDSEL: 0x3 </div><div>0xffc00000/0xff800000 FWH IDSEL: 0x3 </div><div>0xff700000/0xff300000 FWH IDSEL: 0x4 </div><div>0xff600000/0xff200000 FWH IDSEL: 0x5 </div><div>0xff500000/0xff100000 FWH IDSEL: 0x6 </div><div>0xff400000/0xff000000 FWH IDSEL: 0x7 </div><div>0xfff80000/0xffb80000 FWH decode enabled </div><div>0xfff00000/0xffb00000 FWH decode enabled </div><div>0xffe80000/0xffa80000 FWH decode disabled </div><div>0xffe00000/0xffa00000 FWH decode disabled </div><div>0xffd80000/0xff980000 FWH decode disabled </div><div>0xffd00000/0xff900000 FWH decode disabled </div><div>0xffc80000/0xff880000 FWH decode disabled </div><div>0xffc00000/0xff800000 FWH decode disabled </div><div>0xff700000/0xff300000 FWH decode disabled </div><div>0xff600000/0xff200000 FWH decode disabled </div><div>0xff500000/0xff100000 FWH decode disabled </div><div>0xff400000/0xff000000 FWH decode disabled </div><div>Maximum FWH chip size: 0x100000 bytes </div><div> </div><div>BIOS_CNTL = 0x01: BIOS Lock Enable: disabled, BIOS Write Enable: enabled </div><div>OK. </div><div>The following protocols are supported: FWH. </div><div>Probing for Atmel AT49LH002, 256 kB: probe_82802ab: id1 0x08, id2 0x14, id1 is normal flash content, id2 is normal flash content </div><div>Probing for Atmel AT49LH00B4, 512 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content </div><div>Probing for Atmel AT49LH004, 512 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content </div><div>Probing for Intel 82802AB, 512 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content </div><div>Probing for Intel 82802AC, 1024 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for PMC Pm49FL002, 256 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for PMC Pm49FL004, 512 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Found PMC flash chip "Pm49FL004" (512 kB, LPC, FWH) mapped at physical address 0xfff80000.</div><div>Probing for Sharp LHF00L04, 1024 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for SST SST49LF002A/B, 256 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for SST SST49LF003A/B, 384 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for SST SST49LF004A/B, 512 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for SST SST49LF004C, 512 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for SST SST49LF008A, 1024 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for SST SST49LF008C, 1024 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for SST SST49LF016C, 2048 kB: probe_82802ab: id1 0xff, id2 0xff, id1 parity violation, id1 is normal flash content, id2 is normal flash content</div><div>Probing for ST M50FLW040A, 512 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for ST M50FLW040B, 512 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for ST M50FLW080A, 1024 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for ST M50FLW080B, 1024 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for ST M50FW002, 256 kB: probe_82802ab: id1 0x08, id2 0x14, id1 is normal flash content, id2 is normal flash content</div><div>Probing for ST M50FW016, 2048 kB: probe_82802ab: id1 0xff, id2 0xff, id1 parity violation, id1 is normal flash content, id2 is normal flash content</div><div>Probing for ST M50FW040, 512 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for ST M50FW080, 1024 kB: probe_82802ab: id1 0x49, id2 0x4d, id1 is normal flash content, id2 is normal flash content</div><div>Probing for Winbond W39V040FA, 512 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for Winbond W39V040FB, 512 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for Winbond W39V040FC, 512 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for Winbond W49V002FA, 256 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for Winbond W39V080FA, 1024 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Probing for Winbond W39V080FA (dual mode), 512 kB: probe_jedec_common: id1 0x9d, id2 0x6e</div><div>Found PMC flash chip "Pm49FL004" (512 kB, LPC, FWH).</div><div>===</div><div>This flash part has status UNTESTED for operations: ERASE WRITE</div><div>The test status of this chip may have been updated in the latest development</div><div>version of flashrom. If you are running the latest development version,</div><div>please email a report to <a href="mailto:flashrom@flashrom.org">flashrom@flashrom.org</a> if any of the above operations</div><div>work correctly for you with this flash chip. Please include the flashrom log</div><div>file for all operations you tested (see the man page for details), and mention</div><div>which mainboard or programmer you tested in the subject line.</div><div>Thanks for your help!</div><div>Changed lock bits at 0xb733a002 to 0xf8.</div><div>Changed lock bits at 0xb734a002 to 0xf8.</div><div>Changed lock bits at 0xb735a002 to 0xf8.</div><div>Changed lock bits at 0xb736a002 to 0xf8.</div><div>Changed lock bits at 0xb737a002 to 0xf8.</div><div>Changed lock bits at 0xb738a002 to 0xf8.</div><div>Changed lock bits at 0xb739a002 to 0xf8.</div><div>Changed lock bits at 0xb73aa002 to 0xf8.</div><div>Reading flash... done.</div><div>Restoring PCI config space for 00:1f:0 reg 0x4e</div></div><div><br></div><div><br></div><div>The only two lines that look suspicious are:</div><div><div> W836xx enter config mode worked or we were already in config mode. W836xx leave config mode had no effect.</div><div> Active config mode, unknown reg 0x20 ID: 00.</div><div>Is that normal?</div><div><br></div><div>Thanks for this patches!</div><div><br></div><div>Roman.</div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Dec 20, 2014 at 7:07 PM, Stefan Tauner <span dir="ltr"><<a href="mailto:stefan.tauner@alumni.tuwien.ac.at" target="_blank">stefan.tauner@alumni.tuwien.ac.at</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span>Previously we added the offset of the virtual register in several functions,<br>
</span><span>which produced segfaults. This patch renames a few parameters and<br>
reorganizes/fixes various parts of the changelock_regspace2_block()<br>
</span>function - hence the rather big diff.<br>
<br>
Thanks to Roman Lebedev for reporting this issue and testing numerous<br>
revisions of this patch.<br>
<span><br>
Signed-off-by: Stefan Tauner <<a href="mailto:stefan.tauner@alumni.tuwien.ac.at" target="_blank">stefan.tauner@alumni.tuwien.ac.at</a>><br>
---<br>
<br>
</span>$"!%§$&%%$"Q!<br>
Third time lucky.<br>
Sorry everybody for the spam.<br>
<br>
chipdrivers.h | 1 -<br>
jedec.c | 93 ++++++++++++++++++++++++++++++++++-------------------------<br>
2 files changed, 53 insertions(+), 41 deletions(-)<br>
<span><br>
diff --git a/chipdrivers.h b/chipdrivers.h<br>
index 8529c74..cac94f3 100644<br>
--- a/chipdrivers.h<br>
+++ b/chipdrivers.h<br>
@@ -150,7 +150,6 @@ int unlock_regspace2_uniform_32k(struct flashctx *flash);<br>
int unlock_regspace2_uniform_64k(struct flashctx *flash);<br>
int unlock_regspace2_block_eraser_0(struct flashctx *flash);<br>
int unlock_regspace2_block_eraser_1(struct flashctx *flash);<br>
-int unlock_regspace2_block(const struct flashctx *flash, chipaddr off);<br>
int printlock_regspace2_uniform_64k(struct flashctx *flash);<br>
int printlock_regspace2_block_eraser_0(struct flashctx *flash);<br>
int printlock_regspace2_block_eraser_1(struct flashctx *flash);<br>
diff --git a/jedec.c b/jedec.c<br>
</span>index 1345b89..19babf9 100644<br>
<span>--- a/jedec.c<br>
+++ b/jedec.c<br>
@@ -589,11 +589,10 @@ static int regspace2_walk_unlockblocks(const struct flashctx *flash, const struc<br>
#define REG2_LOCKDOWN (1 << 1)<br>
#define REG2_MASK (REG2_RWLOCK | REG2_LOCKDOWN)<br>
<br>
-static int printlock_regspace2_block(const struct flashctx *flash, chipaddr offset)<br>
+static int printlock_regspace2_block(const struct flashctx *flash, chipaddr lockreg)<br>
{<br>
- chipaddr wrprotect = flash->virtual_registers + offset + 2;<br>
- uint8_t state = chip_readb(flash, wrprotect);<br>
- msg_cdbg("Lock status of block at 0x%0*" PRIxPTR " is ", PRIxPTR_WIDTH, offset);<br>
+ uint8_t state = chip_readb(flash, lockreg);<br>
+ msg_cdbg("Lock status of block at 0x%0*" PRIxPTR " is ", PRIxPTR_WIDTH, lockreg);<br>
switch (state & REG2_MASK) {<br>
case 0:<br>
msg_cdbg("Full Access.\n");<br>
</span>@@ -656,67 +655,81 @@ int printlock_regspace2_block_eraser_1(struct flashctx *flash)<br>
<span> return regspace2_walk_unlockblocks(flash, unlockblocks, &printlock_regspace2_block);<br>
}<br>
<br>
-static int changelock_regspace2_block(const struct flashctx *flash, chipaddr offset, uint8_t new_bits)<br>
</span>-{<br>
<span>- chipaddr wrprotect = flash->virtual_registers + offset + 2;<br>
- uint8_t old;<br>
-<br>
- if (new_bits & ~REG2_MASK) {<br>
- msg_cerr("Invalid locking change 0x%02x requested at 0x%0*" PRIxPTR "! "<br>
</span><span>+/* Try to change the lock register at address lockreg from cur to new.<br>
+ *<br>
+ * - Try to unlock the lock bit if requested and it is currently set (although this is probably futile).<br>
+ * - Try to change the read/write bits if requested.<br>
+ * - Try to set the lockdown bit if requested.<br>
+ * Return an error immediately if any of this fails. */<br>
+static int changelock_regspace2_block(const struct flashctx *flash, chipaddr lockreg, uint8_t cur, uint8_t new)<br>
+{<br>
+ /* Only allow changes to known read/write/lockdown bits */<br>
</span>+ if (((cur ^ new) & ~REG2_MASK) != 0) {<br>
+ msg_cerr("Invalid lock change from 0x%02x to 0x%02x requested at 0x%0*" PRIxPTR "!\n"<br>
<span> "Please report a bug at <a href="mailto:flashrom@flashrom.org" target="_blank">flashrom@flashrom.org</a>\n",<br>
- new_bits, PRIxPTR_WIDTH, offset);<br>
</span>+ cur, new, PRIxPTR_WIDTH, lockreg);<br>
<span> return -1;<br>
}<br>
- old = chip_readb(flash, wrprotect);<br>
</span>- /* Early exist if no change (of read/write/lockdown) was requested. */<br>
<span>- if (((old ^ new_bits) & REG2_MASK) == 0) {<br>
- msg_cdbg2("Locking status at 0x%0*" PRIxPTR " not changed\n", PRIxPTR_WIDTH, offset);<br>
+<br>
</span><span>+ /* Exit early if no change (of read/write/lockdown bits) was requested. */<br>
+ if (((cur ^ new) & REG2_MASK) == 0) {<br>
</span>+ msg_cdbg2("Lock bits at 0x%0*" PRIxPTR " not changed.\n", PRIxPTR_WIDTH, lockreg);<br>
return 0;<br>
}<br>
- /* Normally lockdowns can not be cleared. Try nevertheless if requested. */<br>
<span>- if ((old & REG2_LOCKDOWN) && !(new_bits & REG2_LOCKDOWN)) {<br>
- chip_writeb(flash, old & ~REG2_LOCKDOWN, wrprotect);<br>
- if (chip_readb(flash, wrprotect) != (old & ~REG2_LOCKDOWN)) {<br>
- msg_cerr("Lockdown can't be removed at 0x%0*" PRIxPTR "!\n", PRIxPTR_WIDTH, offset);<br>
+<br>
</span><span>+ /* Normally the lockdown bit can not be cleared. Try nevertheless if requested. */<br>
+ if ((cur & REG2_LOCKDOWN) && !(new & REG2_LOCKDOWN)) {<br>
+ chip_writeb(flash, cur & ~REG2_LOCKDOWN, lockreg);<br>
+ cur = chip_readb(flash, lockreg);<br>
+ if ((cur & REG2_LOCKDOWN) == REG2_LOCKDOWN) {<br>
</span>+ msg_cwarn("Lockdown can't be removed at 0x%0*" PRIxPTR "! New value: 0x%02x.\n",<br>
+ PRIxPTR_WIDTH, lockreg, cur);<br>
return -1;<br>
}<br>
}<br>
- /* Change read or write lock? */<br>
<span>- if ((old ^ new_bits) & REG2_RWLOCK) {<br>
+<br>
</span><span>+ /* Change read and/or write bit */<br>
</span>+ if ((cur ^ new) & REG2_RWLOCK) {<br>
<span> /* Do not lockdown yet. */<br>
- msg_cdbg("Changing locking status at 0x%0*" PRIxPTR " to 0x%02x\n", PRIxPTR_WIDTH, offset, new_bits & REG2_RWLOCK);<br>
- chip_writeb(flash, new_bits & REG2_RWLOCK, wrprotect);<br>
- if (chip_readb(flash, wrprotect) != (new_bits & REG2_RWLOCK)) {<br>
- msg_cerr("Locking status change FAILED at 0x%0*" PRIxPTR "!\n", PRIxPTR_WIDTH, offset);<br>
</span><span>+ uint8_t wanted = (cur & ~REG2_RWLOCK) | (new & REG2_RWLOCK);<br>
</span><span>+ chip_writeb(flash, wanted, lockreg);<br>
+ cur = chip_readb(flash, lockreg);<br>
+ if (cur != wanted) {<br>
</span>+ msg_cerr("Changing lock bits failed at 0x%0*" PRIxPTR "! New value: 0x%02x.\n",<br>
+ PRIxPTR_WIDTH, lockreg, cur);<br>
return -1;<br>
}<br>
+ msg_cdbg("Changed lock bits at 0x%0*" PRIxPTR " to 0x%02x.\n",<br>
+ PRIxPTR_WIDTH, lockreg, cur);<br>
}<br>
- /* Enable lockdown if requested. */<br>
<span>- if (!(old & REG2_LOCKDOWN) && (new_bits & REG2_LOCKDOWN)) {<br>
- msg_cdbg("Enabling lockdown at 0x%0*" PRIxPTR "\n", PRIxPTR_WIDTH, offset);<br>
- chip_writeb(flash, new_bits, wrprotect);<br>
- if (chip_readb(flash, wrprotect) != new_bits) {<br>
- msg_cerr("Enabling lockdown FAILED at 0x%0*" PRIxPTR "!\n", PRIxPTR_WIDTH, offset);<br>
+<br>
</span><span>+ /* Eventually, enable lockdown if requested. */<br>
</span>+ if (!(cur & REG2_LOCKDOWN) && (new & REG2_LOCKDOWN)) {<br>
+ chip_writeb(flash, new, lockreg);<br>
<span>+ cur = chip_readb(flash, lockreg);<br>
</span>+ if (cur != new) {<br>
+ msg_cerr("Enabling lockdown FAILED at 0x%0*" PRIxPTR "! New value: 0x%02x.\n",<br>
+ PRIxPTR_WIDTH, lockreg, cur);<br>
return -1;<br>
}<br>
+ msg_cdbg("Enabled lockdown at 0x%0*" PRIxPTR ".\n", PRIxPTR_WIDTH, lockreg);<br>
}<br>
<br>
return 0;<br>
}<br>
<br>
<span>-int unlock_regspace2_block(const struct flashctx *flash, chipaddr off)<br>
+static int unlock_regspace2_block_generic(const struct flashctx *flash, chipaddr lockreg)<br>
{<br>
- chipaddr wrprotect = flash->virtual_registers + off + 2;<br>
- uint8_t old = chip_readb(flash, wrprotect);<br>
+ uint8_t old = chip_readb(flash, lockreg);<br>
/* We don't care for the lockdown bit as long as the RW locks are 0 after we're done */<br>
- return changelock_regspace2_block(flash, off, old & ~REG2_RWLOCK);<br>
+ return changelock_regspace2_block(flash, lockreg, old, old & ~REG2_RWLOCK);<br>
}<br>
<br>
static int unlock_regspace2_uniform(struct flashctx *flash, unsigned long block_size)<br>
{<br>
const unsigned int elems = flash->chip->total_size * 1024 / block_size;<br>
struct unlockblock blocks[2] = {{.size = block_size, .count = elems}};<br>
- return regspace2_walk_unlockblocks(flash, blocks, &unlock_regspace2_block);<br>
+ return regspace2_walk_unlockblocks(flash, blocks, &unlock_regspace2_block_generic);<br>
}<br>
<br>
int unlock_regspace2_uniform_64k(struct flashctx *flash)<br>
</span>@@ -734,7 +747,7 @@ int unlock_regspace2_block_eraser_0(struct flashctx *flash)<br>
<span> // FIXME: this depends on the eraseblocks not to be filled up completely (i.e. to be null-terminated).<br>
const struct unlockblock *unlockblocks =<br>
(const struct unlockblock *)flash->chip->block_erasers[0].eraseblocks;<br>
- return regspace2_walk_unlockblocks(flash, unlockblocks, &unlock_regspace2_block);<br>
+ return regspace2_walk_unlockblocks(flash, unlockblocks, &unlock_regspace2_block_generic);<br>
}<br>
<br>
int unlock_regspace2_block_eraser_1(struct flashctx *flash)<br>
</span>@@ -742,6 +755,6 @@ int unlock_regspace2_block_eraser_1(struct flashctx *flash)<br>
<div><div> // FIXME: this depends on the eraseblocks not to be filled up completely (i.e. to be null-terminated).<br>
const struct unlockblock *unlockblocks =<br>
(const struct unlockblock *)flash->chip->block_erasers[1].eraseblocks;<br>
- return regspace2_walk_unlockblocks(flash, unlockblocks, &unlock_regspace2_block);<br>
+ return regspace2_walk_unlockblocks(flash, unlockblocks, &unlock_regspace2_block_generic);<br>
}<br>
<br>
--<br>
Kind regards, Stefan Tauner<br>
<br>
</div></div></blockquote></div><br></div></div></div>