Other #554
closedDo not follow ch1p's guide on flashing Thinkpad W530 with only 8MB chip!!
0%
Description
I had to learn this the hard way and (literally) pay the price (for it to be repaired) for following this guide (both on their own website and a reddit post). I often make tweaks to my coreboot config which often breaks my system by not being able to boot, and thus requires a fully disassembly to access the 4MB chip to externally flash. As you can imagine, doing this every time I mess up is annoying, and so the idea that I could do it with just the 8MB chip, which is easily accessible, was very attractive.
Right off the bat, I'll say this this method causes so many problems and going through the pain and frustration is not worth the convenience of not doing full disassembly. I was in contact with ch1p who was very helpful in trying to help me out. However, it must be said that this guide should NOT be followed!
This completely messes up the bios chips' firmware tabling, making it impossible to internally or externally flash (while the chips were still on the motherboard). You cannot read or write from either of the chips, and the 8MB chip thinks it 4MB.
I would get errors like this:
Reading old flash chip contents... done.
Erasing and writing flash chip... FAILED at 0x00000000! Expected=0xff, Found=0x16, failed byte count from 0x00000000-0x00000fff: 0x1000
ERASE FAILED!
Reading current flash chip contents... done. Looking for another erase function.
FAILED at 0x00000000! Expected=0xff, Found=0x16, failed byte count from 0x00000000-0x0000ffff: 0x10000
ERASE FAILED!
Reading current flash chip contents... done. Looking for another erase function.
FAILED at 0x00000000! Expected=0xff, Found=0x16, failed byte count from 0x00000000-0x0000ffff: 0x10000
ERASE FAILED!
Reading current flash chip contents... done. Looking for another erase function.
FAILED at 0x00000000! Expected=0xff, Found=0x16, failed byte count from 0x00000000-0x003fffff: 0x400000
ERASE FAILED!
Reading current flash chip contents... done. Looking for another erase function.
FAILED at 0x00000000! Expected=0xff, Found=0x16, failed byte count from 0x00000000-0x003fffff: 0x400000
ERASE FAILED!
Reading current flash chip contents... done. Looking for another erase function.
Looking for another erase function.
Looking for another erase function.
No usable erase functions left.
FAILED!
Uh oh. Erase/write failed. Checking if anything has changed.
Reading current flash chip contents... done.
Apparently at least some data has changed.
Your flash chip is in an unknown state.
Please report this to the mailing list at flashrom@flashrom.org or
on IRC (see https://www.flashrom.org/Contact for details), thanks!
Thanks to this github issue, I figured the only way to fix this was to have the chips physically removed and then flash them. Since I can't solder, I paid someone to do it (they charge for disassembly, so saved by dissembling myself and giving them just the motherboard).
The bad news is the 8MB always thinks it's 4MB, so impossible to externally flash that chip. The good news is the 4MB chip is perfectly fine, which is great because that's the chip for the actually bios. From there, you can internally flash (both chips), so that problem sorts itself out.
I had to pay someone to fix the mess that the guide caused. If someone with a Thinkpad W530 happens to stumble upon this post, you will save yourself time, pain and money by ignoring the guide and just dealing with full disassembly. It's not worth it.
Updated by Matt DeVillier 3 months ago
- Status changed from New to Rejected
This completely messes up the bios chips' firmware tabling, making it impossible to internally or externally flash (while the chips were still on the motherboard). You cannot read or write from either of the chips, and the 8MB chip thinks it 4MB.
I'm not sure what you did, but the instructions you followed would not do what you claimed. Changing the IFD so that only the 8MB chip is used cannot possibly affect the ability to flash the chip externally. External flashing doesn't care about or even read the IFD (unless you use the --ifd -i xxx
param).
Some boards with multiple chips share a CS line and need extra care to ensure that you're reading from the correct one, and that sounds like what you ran into -- nothing to do with changing the IFD.
Updated by Evgeny Zinoviev 3 months ago
Oh come on, please stop spreading FUD. First on reddit, now here. I actually submitted the W530 coreboot port, and I developed this ifd-changing trick in order to simplify my life when I had to reflash frequently, as I had to do it really many many times. And I never have had anything like that. And btw, I confirm that on W530 chips do share the CS line, it's even described in coreboot docs: https://doc.coreboot.org/mainboard/lenovo/w530.html. This is why your 8 MiB chip was identified as the 4 MiB one. Nothing to do with ifd layout.
If you wish, you can publish our correspondence, where I'm trying to help you fix your situation, here, in full, I don't mind. And let the other devs judge.
That being said, I agree that changing ifd layout is not something that should be recommended to every user, since it's very fragile and you must fully understand what you do, and why you do it. It's better to refer to coreboot documentation (1, 2, 3).
Updated by Anonymous 3 months ago ยท Edited
Matt DeVillier wrote in #note-1:
I'm not sure what you did, but the instructions you followed would not do what you claimed.
Massive blind spot on my part - forgot to write what caused it.
I followed the guide completely, and the actual flashing was successful. After doing further tinkering on my config, did an internal flash, which resulted in this:
flashrom unknown on Linux 6.1.0-21-amd64 (x86_64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
coreboot table found at 0x7fe6e000.
Found chipset "Intel QM77".
Enabling flash write... SPI Configuration is locked down.
FREG0: Flash Descriptor region (0x00000000-0x00000fff) is read-write.
FREG1: BIOS region (0x00500000-0x007fffff) is read-write.
FREG2: Management Engine region (0x00003000-0x004fffff) is read-write.
FREG3: Gigabit Ethernet region (0x00001000-0x00002fff) is read-write.
Enabling hardware sequencing due to multiple flash chips detected.
OK.
Found Programmer flash chip "Opaque flash chip" (12288 kB, Programmer-specific) on internal.
Reading old flash chip contents... Transaction error between offset 0x00800000 and 0x0080003f (= 0x00800000 + 63)!
FAILED.
Then everything else followed from that.
Evgeny Zinoviev wrote in #note-2:
where I'm trying to help you fix your situation
I just said you were being very helpful, but that this method ultimately caused more problems for me than it solved.
Simon Dominic wrote:
I was in contact with ch1p who was very helpful in trying to help me out.
Updated by Nico Huber 3 months ago
Hmmm, that guide could use a section how to update coreboot from then on. But other than that it seems absolutely fine.
Simon, all your problems beyond that (not knowing how to get flashrom to write the update, not being able to flash externally) are regrettable, but not caused by the guide. The probably best help with flashing you can get on IRC. I know that's not obvious with all the coreboot communication channels, but we could certainly have helped you with both internal and external flashing. Without anyone having to pay somebody.
chips do share the CS line
Technically, they have floating CS lines. It's a deficiency of some boards that you always have to connect both chips' CS, one to VCC (preferably through a resistor) the other to the programmer.
Updated by Evgeny Zinoviev 3 months ago
I just said you were being very helpful
I know, I saw, thank you for that. I'm just saying that IFD is not the problem... I gave you correct (I believe) instructions on how to fix it.
Flashrom was unable to flash 0x00800000 and above because there were no such region in the ifd layout, so, I guess, it just wasn't mapped in memory. So the obvious fix was to adjust the ifd layout, allocating the 00800000:00bfffff
to something harmless like pd
and leaving all other regions intact, then flash only the new fd
region, then power off the machine, then power it back on (new ifd takes effect only on cold boot, thus we need this power cycle), and then you could flash above 0x00800000
.
Obviously, you had to change the ifd layout again, so that the new bios
would now be 00500000:00bfffff
(as it originally was) instead of 00500000:007fffff
, and flash new fd
and new bios
, all that using the right ROM image of course.
Then, after one more power cycle, it all should've been working. What went wrong on your side, I have no idea...
Technically, they have floating CS lines. It's a deficiency of some boards that you always have to connect both chips' CS, one to VCC (preferably through a resistor) the other to the programmer.
Yeah, thanks for pointing that out.