blob: 088abb8773d62ff5a62f9dfde4fc00cf8f465a54 [file] [log] [blame]
Stefan Tauner25ffba72011-11-13 23:03:30 +00001= BBAR on ICH8 =
2 There is no sign of BBAR (BIOS Base Address Configuration Register) in the
3 public datasheet (or specification update) of the ICH8. Also, the offset of
4 that register has changed between ICH7 (SPIBAR + 50h) and ICH9 (SPIBAR +
5 A0h), so we have no clue if or where it is on ICH8. Out current policy is to
6 not touch it at all and assume/hope it is 0.
7
David Hendricks3c720592020-06-17 13:54:05 -07008= Software Sequencing vs. Hardware Sequencing and the "Opaque flash chip" =
9Software sequencing and hardware sequencing are two methods used to interface
10with the SPI controller on Intel platforms. They can be selected using either
11ich_spi_mode=swseq or ich_spi_mode=hwseq programmer parameters. Flashrom will
12attempt to automatically detect which mode to use.
13
14Software sequencing is the traditional method whereby software running on the
15CPU handles most of the logic needed to interact with the flash chip. This
16offers good flexibility since the user can utilize any opcode available in the
17OPMENU registers, and OPMENU can be left unlocked or on coreboot-supported
18platforms the owner of the system may program it for their needs before locking
19it. Advanced or non-standard features of a chip such as write protection and
20OTP may therefore be directly utilized by software.
21
22Hardware sequencing is a newer method (since around 2011) whereby most of the
23logic for interacting with the SPI flash chip is contained within the SPI
24controller itself and software such as flashrom may only select a few operations
25chosen by Intel via the Flash Cycle (FCYCLE) field. The chip must conform to
26specifications from Intel for each chipset/PCH. The specs are given in the
27"SPI Programming Guide" application note. See [SPI_PROG] cited at the bottom of
28this document for an example.
29
30Hardware sequencing simplifies things from a software perspective since the
31software is guaranteed some minimal level of support and doesn't even need to
32know the chip's ID or opcodes; it just needs to tell the SPI controller to
33perform a type of transaction such as "read", "4k block erase", etc. Hence when
34using hardware sequencing one will see "Opaque flash chip" as the chip's
35description since software might not be able to identify the chip. The SPI
36controller can combine multiple physical flash chips to logically appear as a
37single large flash device, and in such cases it would not make sense for
38flashrom to try to identify the chip.
39
40In many non-Intel systems the software has full control of a generic SPI
41controller where the software controls the SPI signals and also constructs the
42data payload including pre-op (e.g. write enable latch), opcode, address, and
43data. Intel SPI flash controllers are purpose-built for flash chip access and
44the software does not control the hardware directly. This makes Intel SPI
45controllers less flexible from a software standpoint, however there are some
46benefits such as guaranteed atomicity and multi-master arbitration needed for
47modern Intel platforms where the CPU and various microprocessors can share the
48same flash chip.
49
David Hendricksa9d6d1a2019-11-19 19:29:26 -080050= SMM BIOS Write Protection =
51Sometimes a hardware vendor will enable "SMM BIOS Write Protect" (SMM_BWP)
52in the firmware during boot time. The bits that control SMM_BWP are in the
53BIOS_CNTL register in the LPC interface.
54
55When enabled, the SPI flash can only be written when the system is operating in
56in System Management Mode (SMM). In other words, only certain code that was
57installed by the BIOS can write to the flash chip. Programs that run in OS
58context such as flashrom can still read the flash chip, but cannot write to the
59flash chip.
60
61Flashrom will attempt to detect this and print a warning such as the following:
62"Warning: BIOS region SMM protection is enabled!"
63
64Many vendor-supplied firmware update utilities do not actually write to the ROM;
65instead they transfer data to/from memory which is read/written by a routine
66running in SMM and is responsible for writing to the firmware ROM. This causes
67severe system performance degradataion since all processors must be in SMM
68context (ring -2) instead of OS context (ring 0) while the firmware ROM is being
69written.
70
Stefan Tauner25ffba72011-11-13 23:03:30 +000071= Accesses beyond region bounds in descriptor mode =
72 Intel's flash image tool will always expand the last region so that it covers
73 the whole flash chip, but some boards ship with a different configuration.
74 It seems that in descriptor mode all addresses outside the used regions can not
75 be accessed whatsoever. This is not specified anywhere publicly as far as we
76 could tell. flashrom does not handle this explicitly yet. It will just fail
77 when trying to touch an address outside of any region.
78 See also http://www.flashrom.org/pipermail/flashrom/2011-August/007606.html
79
Stefan Taunerd94d25d2012-07-28 03:17:15 +000080= (Un)locking the ME region =
Stefan Tauner2abab942012-04-27 20:41:23 +000081 If the ME region is locked by the FRAP register in descriptor mode, the host
Stefan Taunerd94d25d2012-07-28 03:17:15 +000082 software is not allowed to read or write any address inside that region.
83 Although the chipset datasheets specify that "[t]he contents of this register
84 are that of the Flash Descriptor" [PANTHER], this is not entirely true.
85 The firmware has to fill at least some of the registers involved. It is not
86 known when they become read-only or any other details, but there is at least
87 one HM67-based board, that provides an user-changeable setting in the firmware
88 user interface to enable ME region updates that lead to a FRAP content that is
89 not equal to the descriptor region bits [NC9B].
90
91 There are different ways to unlock access:
Stefan Tauner2abab942012-04-27 20:41:23 +000092
93 - A pin strap: Flash Descriptor Security Override Strap (as indicated by the
94 Flash Descriptor Override Pin Strap Status (FDOPSS) in HSFS. That pin is
95 probably not accessible to end users on consumer boards (every Intel doc i
96 have seen stresses that this is for debugging in manufacturing only and
97 should not be available for end users).
98 The ME indicates this in bits [19:16] (Operation Mode) in the HFS register of
99 the HECI/MEI PCI device by setting them to 4 (SECOVR_JMPR) [MODE_CTRL].
100
101 - Intel Management Engine BIOS Extension (MEBx) Disable
102 This option may be available to end users on some boards usually accessible
103 by hitting ctrl+p after BIOS POST. Quote: "'Disabling' the Intel ME does not
104 really disable it: it causes the Intel ME code to be halted at an early stage
105 of the Intel ME's booting so that the system has no traffic originating from
106 the Intel ME on any of the buses." [MEBX] The ME indicates this in
107 bits [19:16] (Operation Mode) in the HFS register of the HECI/MEI PCI device
108 by setting them to 3 (Soft Temporary Disable) [MODE_CTRL].
109
110 - Previous to Ibex Peak/5 Series chipsets removing the DIMM from slot (or
111 channel?) #0 disables the ME completely, which may give the host access to
112 the ME region.
113
114 - HMRFPO (Host ME Region Flash Protection Override) Enable MEI command
115 This is the most interesting one because it allows to temporarily disable
116 the ME region protection by software. The ME indicates this in bits [19:16]
117 (Operation Mode) in the HFS register of the HECI/MEI PCI device by setting
118 them to 5 (SECOVER_MEI_MSG) [MODE_CTRL].
119
120== MEI/HECI ==
121 Communication between the host software and the different services provided by
122 the ME is done via a packet-based protocol that uses MMIO transfers to one or
123 more virtual PCI devices. Upon this layer there exist various services that can
124 be used to read out hardware management values (e.g. temperatures, fan speeds
125 etc.). The lower levels of that protocol are well documented:
126 The locations/offsets of the PCI MMIO registers are noted in the chipset
127 datasheets. The actually communication is documented in a whitepaper [DCMI] and
128 an outdated as well as a current Linux kernel implementation (currently in
129 staging/ exist [KERNEL]. There exists a patch that re-implements this in user
130 space (as part of flashrom).
131
132== Problems ==
133 The problem is that only very few higher level protocols are documented publicly,
134 especially the bunch of messages that contain the HMRFPO commands is probably
135 well protected and only documented in ME-specific docs and the BIOS writer's
136 guides. We are aware of a few leaked documents though that give us a few hints
137 about it, but nothing substantial regarding its implementation.
138
139 The documents are somewhat contradicting each other in various points which
140 might be due to factual changes in process of time or due to the different
141 capabilities of the ME firmwares, example:
142
143 Intel's Flash Programming Tool (FPT) "automatically stops ME writing to SPI
144 ME Region, to prevent both writing at the same time, causing data corruption." [ME8]
145
146 "FPT is not HMRFPO-capable, so needs [the help of the FDOPS pin] HDA_SDO if
147 used to update the ME Region." [SPS]
148
149 When looking at the various ME firmware editions (and different chipsets), things
150 get very unclear. Some docs say that HMRFPO needs to be sent before End-of-POST
151 (EOP), others say that the ME region can be updated in the field or that some
152 vendor tools use it for updates. This needs to be investigated further before
153 drawing any conclusion.
154
Stefan Taunerd94d25d2012-07-28 03:17:15 +0000155[PANTHER] Intel 7 Series Chipset Family Platform Controller Hub (PCH) Datasheet
156 Document Number: 326776, April 2012, page 857
157[NC9B] Jetway NC9B flashrom v0.9.5.2-r1517 log with ME region unlocked.
158 NB: "FRAP 0e0f" vs. "FLMSTR1 0a0b".
159 http://paste.flashrom.org/view.php?id=1215
Stefan Tauner2abab942012-04-27 20:41:23 +0000160[MODE_CTRL] Client Platform Enabling Tour: Platform Software
161 Document Number: 439167, Revision 1.2, page 52
162[MEBX] Intel Management Engine BIOS Extension (MEBX) User's Guide
163 Revision 1.2, Section 3.1 and 3.5
164[DCMI] DCMI Host Interface Specification
165 Revision 1.0
166[KERNEL] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=tree;f=drivers/staging/mei;hb=HEAD
167[SPI_PROG] Ibex Peak SPI Programming Guide
168 Document Number: 403598, Revision 1.3, page 79
169[ME8] Manufacturing with Intel Management Engine (ME) Firmware 8.X on Intel 7 Series
170 Revision 2.0, page 59
171[SPS] Manufacturing with Intel Management Engine (ME) on Intel C600 Series Chipset 1
172 for Romley Server 2 Platforms using Server Platform Services (SPS) Firmware
173 Revision 2.2, page 51