--- On Tue, 10/19/10, Stefan Reinauer <[email protected]> wrote:
> From: Stefan Reinauer <[email protected]>
> Subject: Re: [flashrom] DOS binary doesn't work?
> To: "max" <[email protected]>
> Cc: [email protected]
> Date: Tuesday, October 19, 2010, 1:22 PM
> * max <[email protected]>
> [101012 07:33]:
> > --- On Mon, 10/11/10, max <[email protected]>
> wrote:
> >
> > > Thank you, lspci yielded some interesting
> information. On
> > > the linux that works, there are two kernel
> modules
> > > associated with device 8086/24C0 (where the write
> enable
> > > register is located): iTCO_wdt and intel-rng.
> Those modules
> > > are not present on the linux that doesn't work.
> >
> > Ok, I have the answer. It was iTCO_wdt, not intel_rng
> as I first guessed. iTCO_wdt clears bit 13 (TCO_EN) of
> SMI_EN. This is what allows flashrom to enable writing
> (tested by clearing the bit with a debugger and running DOS
> flashrom).
> >
> > from iTCO_wdt.c iTCO_wdt_init:
> > /* Bit 13: TCO_EN -> 0 =
> Disables TCO logic generating an SMI# */
> > val32 = inl(SMI_EN);
> > val32 &=
> 0xffffdfff; /* Turn off SMI clearing
> watchdog */
> > outl(val32, SMI_EN);
> >
>
> Nice finding! Don't you love the effectiveness of SPI flash
> protection?
> :)
I noticed that in ICH5, Intel added yet another "lock" which prevents TCO_EN
from being cleared, perhaps to close this hole. However, I have an Intel ICH5
motherboard and it doesn't use the TCO_EN lock.
It might be dangerous to rely on TCO_EN since the BIOS is still getting SMI
interrupts from other sources. The safest thing is to exit with a meaningful
error message if the BIOS write lock bit is set.
Dan
_______________________________________________
flashrom mailing list
[email protected]
http://www.flashrom.org/mailman/listinfo/flashrom
