GM45 Thinkpad Internal flashing research: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
== BIOS | == Introduction == | ||
== ME region == | |||
If we remove the RAM DIMM from slot0, the BIOS outputs an error message on the screen that asks to put the DIMM back and refuses to boot. I guess it's related to what mysteries_intel.txt (inside flashrom source ) was mentioning. | |||
=== Ideas === | |||
* When Removing the DIMM, the BIOS executes the PXE option rom. Usually that option rom is run twice: onece early, and once to boot on the network. Here only the early part is run. I wonder if it would accept to run express card or PCI option rom cards. | |||
== BIOS region == | |||
Here is [http://paste.flashrom.org/view.php?id=2717 a log] of flashrom on the flash chip of an X200T | Here is [http://paste.flashrom.org/view.php?id=2717 a log] of flashrom on the flash chip of an X200T | ||
In the log, we can see that the BIOS region is set read-write in the flash descriptor: | In the log, we can see that the BIOS region is set read-write in the flash descriptor: | ||
| Line 11: | Line 19: | ||
The flash descriptor probably cannot be reflashed easily from the x86 CPU. | The flash descriptor probably cannot be reflashed easily from the x86 CPU. | ||
=== Ideas === | |||
== | * Try to see if, by remapping the GPU GTT we could get around the PR registers issue. | ||
* Try to see if, by remapping the GPU GTT we could get | |||
* Using suspend to RAM will probably result in the PR region being unmapped between when it resumes at 0xFFFF0000 and when it re-enables that region lock. | * Using suspend to RAM will probably result in the PR region being unmapped between when it resumes at 0xFFFF0000 and when it re-enables that region lock. | ||
* Look if SMM/SMI region is locked. And look what happen to it at resume. | * Look if SMM/SMI region is locked. And look what happen to it at resume. | ||
* | * If we succeed to disable ME, it might result in some interesting behavior. | ||
Revision as of 14:52, 25 January 2015
Introduction
ME region
If we remove the RAM DIMM from slot0, the BIOS outputs an error message on the screen that asks to put the DIMM back and refuses to boot. I guess it's related to what mysteries_intel.txt (inside flashrom source ) was mentioning.
Ideas
- When Removing the DIMM, the BIOS executes the PXE option rom. Usually that option rom is run twice: onece early, and once to boot on the network. Here only the early part is run. I wonder if it would accept to run express card or PCI option rom cards.
BIOS region
Here is a log of flashrom on the flash chip of an X200T In the log, we can see that the BIOS region is set read-write in the flash descriptor:
Descr. BIOS ME GbE Platf. BIOS r rw rw rw ME r rw rw GbE rw
The issue is that the BIOS region is still partially locked:
0x74: 0x9fff07e0 PR0: Warning: 0x007e0000-0x01ffffff is read-only.
The flash descriptor probably cannot be reflashed easily from the x86 CPU.
Ideas
- Try to see if, by remapping the GPU GTT we could get around the PR registers issue.
- Using suspend to RAM will probably result in the PR region being unmapped between when it resumes at 0xFFFF0000 and when it re-enables that region lock.
- Look if SMM/SMI region is locked. And look what happen to it at resume.
- If we succeed to disable ME, it might result in some interesting behavior.