Hacker News new | past | comments | ask | show | jobs | submit login
Flashrom – flash BIOS/EFI/coreboot/firmware/optionROM and expansion cards (flashrom.org)
107 points by peter_d_sherman 8 months ago | hide | past | web | favorite | 19 comments

I used this recently to pull the bios off a lenovo, use UEFITool to pull out one of the applications, used Hopper to find where it only allowed whitelisted wifi cards, patch that and rewrite the bios. Works perfectly! Flashrom is fantastic.

I would absolutely read a write-up of how you did this.

I would like to warn you about signature checking.

My HP got a password after a faulty BIOS update (it just hanged up for 30 minutes on one block and I pulled the battery, never do this!)

So I had to fix this. However, my laptop will reset the BIOS if it fails the signature checking. Luckly for me, HP didn't used the BIOS Guard/Boot Guard technology and did the checking on the PEI stage with their own module. The checking part was in the same module as BIOS flasher (IIRC).

The password checking was easy to find because AMI BIOS sources are available on GitHub. Interestingly, HP has a "backdoor" feature that lets you generate a password from code displayed, so I easily unlocked my laptop without any patches. I could have released the generator utility, but, hell, this will let people unlock any other laptop with same kind of BIOS, so no.

As a bonus I had also unlocked hidden settings, which gave me a great control over my CPU and chipset. So I disabled hyperthreding thanks to my paranoia :)

Remember to always read at least twice, then compare the md5s before flashing

Many SOIC8 clips can give an intermittent/bad connection. You will only realize it when you try to restore and ... oops!

And keep the leads short. This got me, and I should know better!

Setting a lower SPI speed didn't help. It felt like there must be a flaw in the Linux SPI implementation (/BeagleBoneBlack driver) that even though I lowered the clock speed, the delay between data and clock was still tight. Either that or the signal times were so fast, they were coupling enough to override an active driver?? Rather than setting up the scope to investigate, I just tidied up the leads.

Also worth opening the file itself in an editor to at least see if something reasonable was read --- a consistently bad connection can give you a consistently bad file!

Yes, among the basic check with hexedit or strings as suggested below.

When you are flashing a bios as the other poster mentioned, you want to be sure you have the right file and you will be able to restore it.

About SOIC8 clips, if you can't get a reliable read, consider soldering with stripping wire straight to the IO ports.

Stripping wire is thin enough that you can't break a leg of the chip.

or use `strings`

Specific to BIOS images, `binwalk` is probably a better choice than `strings.` There's often data in LZMA streams or otherwise compressed, and chances are you're gonna binwalk your image at some point if you want to modify it.

Also, specific to Intel powered motherboards newer than a certain generation, the image should show as an "Intel PCH File Descriptor" or something if you run `file` against it. Don't use this as an integrity check though, `file` is just looking at an Intel-specific header at the beginning of the ROM file.

I actually had better luck with cheapest SOIC clips from eBay, than the Pomona clips.

While trying to seat/reseat on the package, the lower pins in the Pomona clips would tend to get pushed in, bent, and pop out of their channels.

The cheapest clips, with the pins that go straight through, however, didn't seem to do this. To make space to attach individual header hookup wires to the pins at the top of the cheap clip, I bent the pin tops left and right, in an alternating pattern.

Flashrom is excellent software. I just used it yesterday to flash Coreboot on a new Thinkpad X230, using a SOIC8 clip and Raspberry Pi, to replace the proprietary Lenovo BIOS and run me_cleaner. Huge thanks to the developers!

> new

as in used, but you just brought it?

Brand new, from seller "Deus PC" on Newegg at a cost of $649.

Been using this for so many years! The last time I used it I was able to update the BIOS on a Supermicro board that only supported the processor I bought through a BIOS update. Some quick googling, a couple of jumper wires, a Raspberry Pi, and I was up and running within a few minutes.

I used Flashrom and a Raspberry Pi to save a dead motherboard. BIOS chips with properly flashed image are easy to find on eBay and whatnot, but it was rewarding to solve the problem myself.

Cool project, very handy auto detection of memory chip model. I used it recently to flash on-board spi flash on ice40 fpga devkit.

Can this be used to easily disable ME?

Short answer: no.

Longer answer: You cannot fully disable the ME (the system won't boot) but you can use me_cleaner https://github.com/corna/me_cleaner to remove parts of the ME firmware that you don't want. "However, ... flashing back the modified [ME firmware] is usually not trivial, as the Intel ME firmware region is often non-writable from the OS (and it's not a safe option anyways), requiring the use of an external SPI programmer."

You're right in most cases, although it's doable on very old hardware. Depending on your use case that may be an acceptable tradeoff.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact