You have to do it with the descriptor. Have a look at the corresponding "SPI Programming Guide" (e.g. http://www.corus.pro/pilotes/CorusX/X37/XP/ME/SPI%20Programming%20Guide.pdf) Here you can find how the sections are defined and how the section access is configurable. You can find details in chapter 4.1.4 where access to your BIOS region should be controlled in register "FLMSTR1—Flash Master 1 (Host CPU/ BIOS)". And as the descriptor has no data integrity checksum, you can just change the needed bits and give it a try.
But make sure you still have a way to flash your device with the external programmer to have a way to recover. I hope this helps. Werner -----Ursprüngliche Nachricht----- Von: Public Email Account <[email protected]> Gesendet: Montag, 15. Juli 2019 18:19 An: Zeh, Werner (DI MC MTS R&D HW 1) <[email protected]> Cc: [email protected] Betreff: Re: AW: [coreboot] Re: Question how to write protect flash Yes its sandy bridge. What is proper way to do this though. On flash descriptor (and if so, how?) or through coreboot option? Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, July 15, 2019 12:37 AM, [email protected] <[email protected]> wrote: > IIRC X220 uses Sandy Bridge. I think there is a flag somewhere in the > descriptor where you can lock down your BIOS-region as read-only for the x86 > host. > I never have tried it but in theory this should lead to errors on every write > attempt to the BIOS region therefore disabling write access to the flash from > OS/flashrom. > > Werner _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
