common flash hw write enable methods
steven james
pyro at linuxlabs.com
Wed Dec 4 11:49:01 CET 2002
Greetings,
Security by obscurity is likely part of it, but either it's not the whole
story or not well thought out. A simple jumper is much more secure and not
at all obscure.
G'day,
sjames
On Wed, 4 Dec 2002, Stefan Reinauer wrote:
> * Ronald G. Minnich <rminnich at lanl.gov> [021202 04:43]:
> > Another way I found it on one board was to try every combination of GPIOs
> > until the FLASH started working. Not fun, but pretty fast if you write a
> > program.
>
> Some machines, like my Thinkpad A21p, reboot immediately on probing, if
> the right GPIO is not set. Pretty ugly.
>
> > get the flash burner for this board, run under a simulator of some sort,
> > and watch the IOs. Or put a PCI bus analyzer on the machine, run the flash
> > program, and watch the IOs. It's not going to be fun.
>
> ouch! sounds like this gets nasty quickly.
>
> > I still don't see how running under Bochs helps with the chipset but maybe
> > I missed something.
>
> It doesn't. Basically most flasher programs use some kind of data
> structure the look for in the bios memory, that contains pointers to
> functions like "map flash to memory", "disable write protection", etc.
> This is at least the case with AMI and Award, probably Phoenix as well.
> These are 16bit calls, which makes it kind of hard/impossible to really
> use directly. It's possible to search for this structure and look at
> the code. However, this is likely to be illegal in many countries.
>
> > No, the goal is to make it hard for you to reflash. So the vendors keep
> > coming up with new ways to hide this. Very annoying!
>
> Especially after the first non-vendor-written flashers appeared, many
> people were scared of viruses destroying the flash data and such.
> Security by obscurity...
>
> Stefan
>
>
--
-------------------------steven james, director of research, linux labs
... ........ ..... .... 230 peachtree st nw ste 701
the original linux labs atlanta.ga.us 30303
-since 1995 http://www.linuxlabs.com
office 404.577.7747 fax 404.577.7743
-----------------------------------------------------------------------
More information about the coreboot
mailing list