diff options
author | Stefan Tauner <stefan.tauner@alumni.tuwien.ac.at> | 2012-04-27 20:41:23 +0000 |
---|---|---|
committer | Stefan Tauner <stefan.tauner@alumni.tuwien.ac.at> | 2012-04-27 20:41:23 +0000 |
commit | 3017bd90698e4c088f646cd033496aab795bc1d7 (patch) | |
tree | 5942453208bdb73ff2bfeadc94fbacf79d5bf023 /Documentation | |
parent | e99a2bb5e9bf62a595cad715b12d0493dd96bbe0 (diff) | |
download | flashrom-3017bd90698e4c088f646cd033496aab795bc1d7.zip flashrom-3017bd90698e4c088f646cd033496aab795bc1d7.tar.gz |
Add a bunch of new/tested stuff and various small changes 12
Tested Mainboards:
OK:
- ASUS M4A785T-M
http://www.flashrom.org/pipermail/flashrom/2012-April/009118.html
- ASUS P5VD2-MX
http://www.flashrom.org/pipermail/flashrom/2012-March/009014.html
- ASUS P8Z68-V PRO/GEN3
http://www.flashrom.org/pipermail/flashrom/2012-April/009086.html
- Bachmann electronic OT200
http://www.flashrom.org/pipermail/flashrom/2012-April/009094.html
- Biostar N61PB-M2S
http://www.flashrom.org/pipermail/flashrom/2012-March/008958.html
- GIGABYTE GA-H61M-D2-B3
http://www.flashrom.org/pipermail/flashrom/2012-March/009002.html
- MSI MS-7740 (H61MA-E35(B3))
http://www.flashrom.org/pipermail/flashrom/2012-March/008985.html
- Tyan S2875 (Tiger K8W)
http://www.flashrom.org/pipermail/flashrom/2012-March/008986.html
- ZOTAC nForce 630i Supreme (N73U-Supreme)
http://www.flashrom.org/pipermail/flashrom/2012-April/009073.html
- ZOTAC ZBOX AD02 (PLUS)
http://www.flashrom.org/pipermail/flashrom/2012-April/009047.html
NOT OK:
- ASRock H67M
http://www.flashrom.org/pipermail/flashrom/2012-March/008909.html
- ASUS P8P67 LE
http://paste.flashrom.org/view.php?id=1097
- ASUS Maximus IV Extreme
http://www.flashrom.org/pipermail/flashrom/2012-March/009033.html
- Biostar H61MU3
http://www.flashrom.org/pipermail/flashrom/2012-February/008832.html
- Biostar M7VIQ
http://www.flashrom.org/pipermail/flashrom/2012-February/008863.html
- Dell Inspiron 580
http://www.flashrom.org/pipermail/flashrom/2012-March/008888.html
- Dell Vostro 460
http://www.flashrom.org/pipermail/flashrom/2012-April/009144.html
- Fujitsu-Siemens CELSIUS W410 (D3062-A1)
http://www.flashrom.org/pipermail/flashrom/2012-March/008987.html
- EPoX EP-3PTA
http://www.flashrom.org/pipermail/flashrom/2012-April/009043.html
- HP XW6400
http://www.flashrom.org/pipermail/flashrom/2012-March/009006.html
- HP XW9300
http://www.flashrom.org/pipermail/flashrom/2012-February/008862.html
- Intel DG965OT
http://paste.flashrom.org/view.php?id=1096
- Intel DN2800MT (Marshalltown)
http://www.flashrom.org/pipermail/flashrom/2012-April/009095.html
- Lenovo T420
http://paste.flashrom.org/view.php?id=1095
- Lenovo X1
http://www.flashrom.org/pipermail/flashrom/2012-April/009135.html
- MSI GF615M-P33
http://www.flashrom.org/pipermail/flashrom/2012-March/008956.html
Tested flash chips:
- mark EN25Q32(A/B) as TEST_OK_PROBE (+P)
http://www.flashrom.org/pipermail/flashrom/2012-February/008832.html
- mark S25FL032A as TEST_OK_PR (+PR)
http://www.flashrom.org/pipermail/flashrom/2012-April/009105.html
- mark AT25DF161 as TEST_OK_PROBE (+P)
http://www.flashrom.org/pipermail/flashrom/2012-April/009095.html
- mark SST as TEST_OK_PREW (+EW)
http://www.flashrom.org/pipermail/flashrom/2012-April/009094.html
Tested chipset enables:
- H61 (various reports)
- SiS 755
http://www.flashrom.org/pipermail/flashrom/2012-April/009072.html
- Fix compilation of ich_descriptor_tool which was broken since r1492.
- Add Documentation regarding unlocking the ME region on Intel chipsets.
- Fix reading the flash descriptor via FDOC/FDOD and prettyprinting of the
descriptor on boards with 5 active regions.
- Reorder some boards in print.c.
- Add Intel 7 Series (Panther Point) PCI IDs.
- Add preliminary PCI IDs for future Intel chipsets (DH89xxCC and Lynx Point)
see https://lkml.org/lkml/2012/2/20/467
- Change the message for untested chipsets to send only after an attempt to
update the firmware with flashrom.
- Fix warnings in ich_descriptor_tool's build.
Corresponding to flashrom svn r1524.
Signed-off-by: Stefan Tauner <stefan.tauner@alumni.tuwien.ac.at>
Acked-by: Stefan Tauner <stefan.tauner@alumni.tuwien.ac.at>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/mysteries_intel.txt | 81 |
1 files changed, 80 insertions, 1 deletions
diff --git a/Documentation/mysteries_intel.txt b/Documentation/mysteries_intel.txt index d6d3dfb..55921cf 100644 --- a/Documentation/mysteries_intel.txt +++ b/Documentation/mysteries_intel.txt @@ -15,4 +15,83 @@ See also http://www.flashrom.org/pipermail/flashrom/2011-August/007606.html = Unlocking the ME region = -TODO + If the ME region is locked by the FRAP register in descriptor mode, the host + software is not allowed to read or write any address inside that region. There + are different ways to unlock access: + + - A pin strap: Flash Descriptor Security Override Strap (as indicated by the + Flash Descriptor Override Pin Strap Status (FDOPSS) in HSFS. That pin is + probably not accessible to end users on consumer boards (every Intel doc i + have seen stresses that this is for debugging in manufacturing only and + should not be available for end users). + The ME indicates this in bits [19:16] (Operation Mode) in the HFS register of + the HECI/MEI PCI device by setting them to 4 (SECOVR_JMPR) [MODE_CTRL]. + + - Intel Management Engine BIOS Extension (MEBx) Disable + This option may be available to end users on some boards usually accessible + by hitting ctrl+p after BIOS POST. Quote: "'Disabling' the Intel ME does not + really disable it: it causes the Intel ME code to be halted at an early stage + of the Intel ME's booting so that the system has no traffic originating from + the Intel ME on any of the buses." [MEBX] The ME indicates this in + bits [19:16] (Operation Mode) in the HFS register of the HECI/MEI PCI device + by setting them to 3 (Soft Temporary Disable) [MODE_CTRL]. + + - Previous to Ibex Peak/5 Series chipsets removing the DIMM from slot (or + channel?) #0 disables the ME completely, which may give the host access to + the ME region. + + - HMRFPO (Host ME Region Flash Protection Override) Enable MEI command + This is the most interesting one because it allows to temporarily disable + the ME region protection by software. The ME indicates this in bits [19:16] + (Operation Mode) in the HFS register of the HECI/MEI PCI device by setting + them to 5 (SECOVER_MEI_MSG) [MODE_CTRL]. + +== MEI/HECI == + Communication between the host software and the different services provided by + the ME is done via a packet-based protocol that uses MMIO transfers to one or + more virtual PCI devices. Upon this layer there exist various services that can + be used to read out hardware management values (e.g. temperatures, fan speeds + etc.). The lower levels of that protocol are well documented: + The locations/offsets of the PCI MMIO registers are noted in the chipset + datasheets. The actually communication is documented in a whitepaper [DCMI] and + an outdated as well as a current Linux kernel implementation (currently in + staging/ exist [KERNEL]. There exists a patch that re-implements this in user + space (as part of flashrom). + +== Problems == + The problem is that only very few higher level protocols are documented publicly, + especially the bunch of messages that contain the HMRFPO commands is probably + well protected and only documented in ME-specific docs and the BIOS writer's + guides. We are aware of a few leaked documents though that give us a few hints + about it, but nothing substantial regarding its implementation. + + The documents are somewhat contradicting each other in various points which + might be due to factual changes in process of time or due to the different + capabilities of the ME firmwares, example: + + Intel's Flash Programming Tool (FPT) "automatically stops ME writing to SPI + ME Region, to prevent both writing at the same time, causing data corruption." [ME8] + + "FPT is not HMRFPO-capable, so needs [the help of the FDOPS pin] HDA_SDO if + used to update the ME Region." [SPS] + + When looking at the various ME firmware editions (and different chipsets), things + get very unclear. Some docs say that HMRFPO needs to be sent before End-of-POST + (EOP), others say that the ME region can be updated in the field or that some + vendor tools use it for updates. This needs to be investigated further before + drawing any conclusion. + +[MODE_CTRL] Client Platform Enabling Tour: Platform Software + Document Number: 439167, Revision 1.2, page 52 +[MEBX] Intel Management Engine BIOS Extension (MEBX) User's Guide + Revision 1.2, Section 3.1 and 3.5 +[DCMI] DCMI Host Interface Specification + Revision 1.0 +[KERNEL] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=tree;f=drivers/staging/mei;hb=HEAD +[SPI_PROG] Ibex Peak SPI Programming Guide + Document Number: 403598, Revision 1.3, page 79 +[ME8] Manufacturing with Intel Management Engine (ME) Firmware 8.X on Intel 7 Series + Revision 2.0, page 59 +[SPS] Manufacturing with Intel Management Engine (ME) on Intel C600 Series Chipset 1 + for Romley Server 2 Platforms using Server Platform Services (SPS) Firmware + Revision 2.2, page 51 |