[flashrom] DOS binary doesn't work?
max
opendtv at yahoo.com
Wed Oct 20 02:15:50 CEST 2010
--- On Tue, 10/19/10, Stefan Reinauer <stepan at coreboot.org> wrote:
> From: Stefan Reinauer <stepan at coreboot.org>
> Subject: Re: [flashrom] DOS binary doesn't work?
> To: "max" <opendtv at yahoo.com>
> Cc: flashrom at flashrom.org
> Date: Tuesday, October 19, 2010, 1:22 PM
> * max <opendtv at yahoo.com>
> [101012 07:33]:
> > --- On Mon, 10/11/10, max <opendtv at yahoo.com>
> wrote:
> >
> > > Thank you, lspci yielded some interesting
> information. On
> > > the linux that works, there are two kernel
> modules
> > > associated with device 8086/24C0 (where the write
> enable
> > > register is located): iTCO_wdt and intel-rng.
> Those modules
> > > are not present on the linux that doesn't work.
> >
> > Ok, I have the answer. It was iTCO_wdt, not intel_rng
> as I first guessed. iTCO_wdt clears bit 13 (TCO_EN) of
> SMI_EN. This is what allows flashrom to enable writing
> (tested by clearing the bit with a debugger and running DOS
> flashrom).
> >
> > from iTCO_wdt.c iTCO_wdt_init:
> > /* Bit 13: TCO_EN -> 0 =
> Disables TCO logic generating an SMI# */
> > val32 = inl(SMI_EN);
> > val32 &=
> 0xffffdfff; /* Turn off SMI clearing
> watchdog */
> > outl(val32, SMI_EN);
> >
>
> Nice finding! Don't you love the effectiveness of SPI flash
> protection?
> :)
I noticed that in ICH5, Intel added yet another "lock" which prevents TCO_EN from being cleared, perhaps to close this hole. However, I have an Intel ICH5 motherboard and it doesn't use the TCO_EN lock.
It might be dangerous to rely on TCO_EN since the BIOS is still getting SMI interrupts from other sources. The safest thing is to exit with a meaningful error message if the BIOS write lock bit is set.
Dan
More information about the flashrom
mailing list