GM45 Thinkpad Internal flashing research
The wiki is being retired!
Documentation is now handled by the same processes we use for code: Add something to the Documentation/ directory in the coreboot repo, and it will be rendered to https://doc.coreboot.org/. Contributions welcome!
If we remove the RAM DIMM from slot0, the BIOS outputs an error message on the screen that asks to put the DIMM back and refuses to boot. I guess it's related to what mysteries_intel.txt (inside flashrom source ) was mentioning.
- When Removing the DIMM, the BIOS executes the PXE option rom. Usually that option rom is run twice: onece early, and once to boot on the network. Here only the early part is run. I wonder if it would accept to run express card or PCI option rom cards.
Here is a log of flashrom on the flash chip of an X200T In the log, we can see that the BIOS region is set read-write in the flash descriptor:
Descr. BIOS ME GbE Platf. BIOS r rw rw rw ME r rw rw GbE rw
The issue is that the BIOS region is still partially locked:
0x74: 0x9fff07e0 PR0: Warning: 0x007e0000-0x01ffffff is read-only.
The flash descriptor probably cannot be reflashed easily from the x86 CPU.
- Try to see if, by remapping the GPU GTT we could get around the PR registers issue.
- Using suspend to RAM will probably result in the PR region being unmapped between when it resumes at 0xFFFF0000 and when it re-enables that region lock.
- Look if SMM/SMI region is locked. And look what happen to it at resume.
- If we succeed to disable ME, it might result in some interesting behavior.