Bug #556
openProbing flash chip discards the "Sector erase" opcode of "ichspi" programmer
0%
Description
The only difference between the flash content and the image file is an MRC cache at (20000:20fff). Writing to an N25Q128..3E with "internal" programmer correctly only get this area erased, as shown in the attached flashrom_n.log. However, as shown in the attached flashrom_w.log, writing to an W25Q128.V with "internal" programmer results a whole chip erase overhead.
flashrom_w.log shows that flashrom tries to manipulate write protection to W25Q128.V, but read from register 2 and 3 not supported by the "internal" programmer, but older version of flashrom can use smaller erase functions via "internal" programmer against W25Q128.V, and flashrom v1.4.0 can use smaller erase functions against W25Q128.V, and can manipulate write protection, via a serprog programmer(stm32-vserprog). It the incapability of "internal" programmer to manipulate write protection related to smaller erase functions being disabled? If so, is it possible to add an option to ignore the wp capability of the chip, as if wp is not implemented, provided that wp capability is known unused?
Files
Updated by Bill XIE 11 days ago
- File flashrom_ww.log flashrom_ww.log added
- Subject changed from Writing an W25Q128.V with "internal" programmer results a whole chip erase overhead to Probing flash chip with "internal" programmer
Updated by Bill XIE 11 days ago
- Subject changed from Probing flash chip with "internal" programmer to Probing flash chip discards the "Sector erase" opcode of "ichspi" programmer
The real culprit for the whole chip getting erased turns out to be that when probing flash chip, the original "Sector erase" opcode on op-pos 2 of "ichspi" programmer gets overwritten via reprogram_opcode_on_the_fly(), and never resumed, making only "Bulk erase" opcode available during actual writing phase.
Currently, explicitly specifying the chip model with "-c" option even without "Multiple flash chip definitions match the detected chip(s)" for the write operation could be used to walk around this bug, by preventing "Sector erase" opcode being overwritten during chip probing, as shown in flashrom_ww.log (as well as flashrom_n.log, for "N25Q128..3E" is unable to be differentiated with "MT25QL128" via chip probing, and explicitly specifying with "-c" is necessary to program "N25Q128..3E").
In order to fix this bug, the original "Sector erase" opcode may have to be restored after ich_spi_send_command() and ich_spi_send_multicommand().
Updated by Anastasia Klimchuk 6 days ago
Bill, thank you so much for reporting the bug, giving all the details, and all the logs, really appreciated!
I think the difference between probing everything VS probing for specific chip (with -c option) is that, one chip might just need 0x9f which is already in the default set of opcodes, so nothing to reprogram, all good.
When probing for everything, flashrom goes through all the chips and has to run all the probing functions, and this means a variety. From the logs, reprogramming opcodes happens 4 times. And at the end it's not restored back :(
I added comments to your patch ( https://review.coreboot.org/c/flashrom/+/84253 ).