
Flashrom – flash BIOS/EFI/coreboot/firmware/optionROM and expansion cards - peter_d_sherman
https://www.flashrom.org/Flashrom
======
chubs
I used this recently to pull the bios off a lenovo, use UEFITool to pull out
one of the applications, used Hopper to find where it only allowed whitelisted
wifi cards, patch that and rewrite the bios. Works perfectly! Flashrom is
fantastic.

~~~
voltagex_
I would _absolutely_ read a write-up of how you did this.

~~~
wolfreiser
I would like to warn you about signature checking.

My HP got a password after a faulty BIOS update (it just hanged up for 30
minutes on one block and I pulled the battery, never do this!)

So I had to fix this. However, my laptop will reset the BIOS if it fails the
signature checking. Luckly for me, HP didn't used the BIOS Guard/Boot Guard
technology and did the checking on the PEI stage with their own module. The
checking part was in the same module as BIOS flasher (IIRC).

The password checking was easy to find because AMI BIOS sources are available
on GitHub. Interestingly, HP has a "backdoor" feature that lets you generate a
password from code displayed, so I easily unlocked my laptop without any
patches. I could have released the generator utility, but, hell, this will let
people unlock any other laptop with same kind of BIOS, so no.

As a bonus I had also unlocked hidden settings, which gave me a great control
over my CPU and chipset. So I disabled hyperthreding thanks to my paranoia :)

------
devereaux
Remember to always read at least twice, then compare the md5s before flashing

Many SOIC8 clips can give an intermittent/bad connection. You will only
realize it when you try to restore and ... oops!

~~~
userbinator
Also worth opening the file itself in an editor to at least see if something
reasonable was read --- a consistently bad connection can give you a
consistently bad file!

~~~
eloy
or use `strings`

~~~
TiltMeSenpai
Specific to BIOS images, `binwalk` is probably a better choice than `strings.`
There's often data in LZMA streams or otherwise compressed, and chances are
you're gonna binwalk your image at some point if you want to modify it.

Also, specific to Intel powered motherboards newer than a certain generation,
the image should show as an "Intel PCH File Descriptor" or something if you
run `file` against it. Don't use this as an integrity check though, `file` is
just looking at an Intel-specific header at the beginning of the ROM file.

------
oil25
Flashrom is excellent software. I just used it yesterday to flash Coreboot on
a new Thinkpad X230, using a SOIC8 clip and Raspberry Pi, to replace the
proprietary Lenovo BIOS and run me_cleaner. Huge thanks to the developers!

~~~
O_H_E
> new

as in used, but you just brought it?

~~~
oil25
Brand new, from seller "Deus PC" on Newegg at a cost of $649.

------
pathartl
Been using this for so many years! The last time I used it I was able to
update the BIOS on a Supermicro board that only supported the processor I
bought through a BIOS update. Some quick googling, a couple of jumper wires, a
Raspberry Pi, and I was up and running within a few minutes.

------
jchw
I used Flashrom and a Raspberry Pi to save a dead motherboard. BIOS chips with
properly flashed image are easy to find on eBay and whatnot, but it was
rewarding to solve the problem myself.

------
Exorus18
Cool project, very handy auto detection of memory chip model. I used it
recently to flash on-board spi flash on ice40 fpga devkit.

------
noja
Can this be used to easily disable ME?

~~~
wmf
Short answer: no.

Longer answer: You cannot fully disable the ME (the system won't boot) but you
can use me_cleaner
[https://github.com/corna/me_cleaner](https://github.com/corna/me_cleaner) to
remove parts of the ME firmware that you don't want. "However, ... flashing
back the modified [ME firmware] is usually not trivial, as the Intel ME
firmware region is often non-writable from the OS (and it's not a safe option
anyways), requiring the use of an external SPI programmer."

~~~
iamnothere
You're right in most cases, although it's doable on very old hardware.
Depending on your use case that may be an acceptable tradeoff.

