#1 [Tool] Flashrom v1.2 [DOS] [AMD] by headkaze 05.02.2021 02:58

Here's a compiled version of flashrom with Ryzen support (https://github.com/tolga9009/flashrom/tree/ryzen). It includes the libpci library so it supports the -p internal flag. It's possible to compile libpci on Windows using MinGW and DJGPP so I've also attached the "libpci-libgetopt" folder with the pre-compiled libraries included so you can compile your own version easily.

Use this to compile it from MSYS:

1
 
make CC=i586-pc-msdosdjgpp-gcc STRIP=i586-pc-msdosdjgpp-strip LIBS_BASE=../libpci-libgetopt CONFIG_ENABLE_LIBUSB1_PROGRAMMERS=no
 



I've also included a version of Rufus that will create an MS-DOS boot disk. NOTE: You may need to enable the Compatibility Support Module (CSM) in your BIOS to boot it.

To backup your BIOS:

1
 
flashrom -p internal -r BACKUP.ROM
 



To write your own custom BIOS:

1
 
flashrom -p internal -w MOD.ROM
 

#2 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by dsanke 05.02.2021 04:37

avatar

No AM4 mainboards handy now, will test it later and update result here.

#3 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by dsanke 05.02.2021 04:48

avatar

Is it possible to create an EFI Shell version flashrom to flash Ryzen platform?
Some laptop do not have CSM.

#4 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by headkaze 05.02.2021 05:04

Zitat von dsanke im Beitrag #3
Is it possible to create an EFI Shell version flashrom to flash Ryzen platform?
Some laptop do not have CSM.

flashrom requires DOS. If you don't have the CSM option in your BIOS you can try setup_var to set CSM and / or disable BIOS Lock if you need to.

#5 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by DarkPoe 28.06.2021 05:53

I am getting:

"No EEPROM/Flash device found"

I am on ASUS TUF GAMING X570-PLUS WiFi on BIOS 4002 at the moment

Using the DOS version...

Is there anything I can do?

#6 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by headkaze 27.08.2021 19:53

I got this error today.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
 
C:\>flashrom -p internal -w X3MSTX_1.70
flashrom on MS-DOS 8 (i786)
flashrom is free software, get the source code at https://flashrom.org
 
Calibrating delay loop... OK.
Found chipset "AMD FP4/FP5/AM4".
Enabling flash write... Disabling read write protection of flash addresses from Oxfc000000 to Oxfc85ffff failed.
Disabling read write protection of flash addresses from Oxfd000000 to Oxfd05ffff failed.
Disabling read write protection of flash addresses from Oxfe000000 to Oxfe05ffff failed.
Disabling read write protection of flash addresses from Oxff000000 to Oxff05ffff failed.
ERROR: State of SpiAccessMacRomEn or SpiHostAccessRomEn prohibits full access.
PROBLEMS, continuing anyway
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.
 



Looking into possible solutions.

#7 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by headkaze 30.08.2021 18:54

So it looks like AGESA 1.2.0.0 includes new security measures that render flashrom useless.

Before upgrading to a BIOS with AGESA 1.2.0.0 or above it has been suggested to use UEFITool 0.26.0 and remove the following modules:

  • F2A29BBB-12D0-402B-90EC-4064A0C3DE5A / SMM module / AmdSpiRomProtect
  • C178E415-6E49-469A-B73D-F6C5EB4101EB / DXE driver / AmdSpiRomProtectDxe
  • 9D5FD24C-53DF-44AC-A336-B4879CDB29D9 / PEI module / AmdSpiRomProtectPei


Can anyone confirm that the above removes protection? Probably best to have a CH341A flash programmer + SOIC8 test clip cable in case it renders system non-bootable.

If you already flashed to a BIOS with AGESA 1.2.0.0 or above you can try to flash to earlier BIOS (pre 1.2.0.0) and clear CMOS and see if flashrom works again. I have not had any luck using this method.

Some more information I found on a forum:

Zitat von miczyg
From the SPIBAR dump you have attached I can clearly see that the SpiAccessMacRomEn (bit22) and SpiHostAccessRomEn (bit23) are cleared in the SpiCntrl0 register (SPIBAR + 0x00). If any of those two bits are cleared, all of the SPIRestrictedCmd (SPIBAR + 0x04/0x08) as well as SPI_CmdValue registers (SPIBAR + 0x10/0x14/0x18) are effective. Additionally, if SpiAccessMacRomEn is set, the software cannot access the lower 512KB of the SPI flash. That is why you cannot access the SPI flash, because the hardware detects an attempt of illegal access. If the SpiAccessMacRomEn (bit22) and SpiHostAccessRomEn (bit23) are cleared by the firmware/BIOS then you would have to patch/modify you BIOS, because these bits are clear-once and may be set to 1 only by a platform reset. If not cleared by BIOS, just keep these bits set and your SPI access software should work.

#8 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by Fernando 30.08.2021 21:26

avatar

@headkaze:
The Flashrom 1.2 Utitlities, which are attached to the start post of >this< thread, seem to work with my ASRock X570 Pro4 mainboard, although the in-use BIOS 4.20 contains the latest AGESA 1.2.0.3 Patch C modules.
As you can see here, I was recently able to let the Flashrom 1.2 create a BACKUP of my mainboard's current BIOS Region:


What I haven't yet tested is flashing of a modded BIOS by using the Flashrom 1.2 Utilities.

#9 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by headkaze 31.08.2021 16:41

Zitat von Fernando im Beitrag #8
What I haven't yet tested is flashing of a modded BIOS by using the Flashrom 1.2 Utilities.


It's quite possible the new security features don't inhibit the ability to use flashrom to make a backup of your BIOS and quite possibly you can still write a properly signed official BIOS. The problem is likely only with writing a custom modified BIOS.

#10 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by headkaze 31.08.2021 21:08

1
 
$ sudo python3 chipsec_util.py mmio dump SPIBAR
 



################################################################
## ##
## CHIPSEC: Platform Hardware Security Assessment Framework ##
## ##
################################################################
[CHIPSEC] Version : 1.7.0
[CHIPSEC] OS : Linux 5.14.0-custom #1 SMP Tue Aug 31 00:25:42 EDT 2021 x86_64
[CHIPSEC] Python : 3.9.5 (64-bit)

****** Chipsec Linux Kernel module is licensed under GPL 2.0
[CHIPSEC] API mode: using CHIPSEC kernel module API
[!] Unknown PCH: VID = 0x1022, DID = 0x790E, RID = 0xFF; Using Default.
[!] Results from this system may be incorrect.
[CHIPSEC] Helper : LinuxHelper (/home/***/Programming/chipsec/chipsec/helper/linux/chipsec.ko)
[CHIPSEC] Platform: Renoir Root Complex
[CHIPSEC] VID: 1022
[CHIPSEC] DID: 1630
[CHIPSEC] RID: 00
[CHIPSEC] PCH : Default PCH
[CHIPSEC] VID: FFFF
[CHIPSEC] DID: FFFF
[CHIPSEC] RID: FF
[CHIPSEC] Executing command 'mmio' with args ['dump', 'SPIBAR']

[CHIPSEC] Dumping SPIBAR MMIO space..
[mmio] MMIO register range [0x00000000FEC10000:0x00000000FEC10000+000000FF]:
+00000000: 4F0C2105
+00000004: 00000000
+00000008: 00000600
+0000000C: 02000000
+00000010: 04042006
+00000014: 059F0406
+00000018: 020A0B03
+0000001C: 0206B8FF
+00000020: 10330713
+00000024: 20202008
+00000028: 0E06140C
+0000002C: 800054C0
+00000030: 460814CC
+00000034: 00000003
+00000038: FCFCFCFC
+0000003C: 000088FC
+00000040: EBBB6B3B
+00000044: 00000500
+00000048: 02000001
+0000004C: 00030002
+00000050: 0C131200
+00000054: ECBC6C3C
+00000058: 00004608
+0000005C: 00000000
+00000060: 00000000
+00000064: 000000FD
+00000068: 00000000
+0000006C: 00000000
+00000070: 00000000
+00000074: 00000000
+00000078: 00000000
+0000007C: 00000000
+00000080: 05000000
+00000084: DA001123
+00000088: 300665B1
+0000008C: C95F17BB
+00000090: 870ED138
+00000094: 0324F3C3
+00000098: F01DFA28
+0000009C: 95E8B95B
+000000A0: D75105C2
+000000A4: 82FEDDA5
+000000A8: 5CE01B8E
+000000AC: 8CF1F388
+000000B0: 07614F3A
+000000B4: 9D89E91B
+000000B8: 84145D79
+000000BC: 81DC60B7
+000000C0: FF765F24
+000000C4: 00000000
+000000C8: 00000000
+000000CC: 00000000
+000000D0: 00000000
+000000D4: 00000000
+000000D8: 00000000
+000000DC: 00000000
+000000E0: 00000000
+000000E4: 00000000
+000000E8: 00000000
+000000EC: 00000000
+000000F0: 00000000
+000000F4: 00000000
+000000F8: 00000000
[CHIPSEC] (mmio) time elapsed 0.002


1
2
 
sudo python3 chipsec_util.py mmio read SPIBAR 0x0 0x4
[CHIPSEC] Read SPIBAR + 0x0: 0x4F0C2105
 



0x4F0C2105 | (1 << 22) | (1 << 23) = 0x4FCC2105

1
2
 
sudo python3 chipsec_util.py mmio write SPIBAR 0x0 0x4 0x4FCC2105
[CHIPSEC] Write SPIBAR + 0x0: 0x4FCC2105
 



1
2
 
sudo python3 chipsec_util.py mmio read SPIBAR 0x0 0x4
[CHIPSEC] Read SPIBAR + 0x0: 0x4F0C2105
 


I guess it was worth a try!

#11 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by Fernando 31.08.2021 22:27

avatar

@headkaze:
Please give us some additional information about your recent python tests while running Linux:
1. What exactly was the sense of your tests?
2. Which conclusions do you draw from the test results?
3. What have your python tests to do with the topic of this thread? Is the usage of python an alternative to the Flashrom tool?

Please put the python results into "spoilers" to save space.

#12 RE: [Tool] Flashrom v1.2 [DOS] [AMD] by headkaze 31.08.2021 22:58

Zitat von Fernando im Beitrag #11
1. What exactly was the sense of your tests?

Post #7 tells you the flash protection is SpiAccessMacRomEn (bit 22) and SpiHostAccessRomEn (bit 23) being cleared in the SPI_Cntrl0 register (SPIBAR + 0x00). There's a tool called chipsec which can read and write registers. You will need to compile the "amd" branch from https://github.com/kerneis-anssi/chipsec/tree/amd
Zitat von Fernando im Beitrag #11
2. Which conclusions do you draw from the test results?

First I read the register SPIBAR + 0x0 which has a value of 0x4F0C2105, then I set bits 22 and 23, which gives 0x4FCC2105 and write this value back. Reading it again gives the original value of 0x4F0C2105. It demonstrates that these "clear-once protection bits" cannot be set again to remove the protection (as expected).

Xobor Forum Software von Xobor
Datenschutz