update safety advice for ifdtool
reference the platform option needed in ifdtool, on some newer platforms; canoeboot doesn't have anything needing it, but this is generic nvmutil instructions, and nvmutil is compatible with gbe regions of many platforms Signed-off-by: Leah Rowe <leah@libreboot.org>master
Leah Rowe
Leah Rowe
parent
627c6400d2
commit
401d544b59
|
|
@ -163,12 +163,24 @@ with `make`, to get an ifdtool binary.
|
|||
|
||||
To make internal flashing possible later on, you might do:
|
||||
|
||||
ifdtool --unlock rom.bin
|
||||
ifdtool --unlock rom.bin # READ THE WARNING BELOW FIRST
|
||||
|
||||
**WARNING: On some newer platforms, please check `--platform` in `--help`:**
|
||||
|
||||
ifdtool --platform PLATFORM --unlock rom.bin
|
||||
|
||||
Running this command will create a modified image,
|
||||
named `rom.bin.new`. This file will have all regions set
|
||||
to read-write, per configuration in the Intel Flash Descriptor.
|
||||
|
||||
Note: if you want the original image to be modified, without needing to
|
||||
keep track of `rom.bin.new` as mentioned above, use the -O switch. For example,
|
||||
repeating the above command:
|
||||
|
||||
ifdtool --unlock rom.bin -O rom.bin
|
||||
|
||||
(add the `--platform` option if you need to)
|
||||
|
||||
In addition to unlocked regions, you may wish to *neuter* the
|
||||
Intel Management Engine, removing all the nasty spying features
|
||||
from it, using `me_cleaner`. See:
|
||||
|
|
@ -181,7 +193,7 @@ article, so you should read their documentation.
|
|||
|
||||
Now run this:
|
||||
|
||||
ifdtool -x rom.bin
|
||||
ifdtool -x rom.bin # For much newer platforms, add: --platform PLATFORM
|
||||
|
||||
Several files will be created, and the one you need to
|
||||
operate on is named `flashregion_3_gbe.bin` so please
|
||||
|
|
@ -191,7 +203,7 @@ Read the notes below about how to use the `nvmutil` program,
|
|||
operating on this file. When you're done, you can insert the
|
||||
modified GbE file back into your ROM image, like so:
|
||||
|
||||
ifdtool -i gbe:flashregion_3_gbe.bin rom.bin
|
||||
ifdtool -i gbe:flashregion_3_gbe.bin rom.bin # For much newer platforms, add: --platform PLATFORM
|
||||
|
||||
This will create the file `rom.bin.new`, which contains
|
||||
your modified GbE section with the NVM images inside; this
|
||||
|
|
@ -208,6 +220,16 @@ region, like so:
|
|||
|
||||
flashprog -p internal --ifd -i gbe -w rom.bin.new
|
||||
|
||||
**WARNING: If using `--ifd` in flashprog, note that flashprog probably doesn't
|
||||
have anything similar to the `--platform` option in ifdtool. Therefore, you
|
||||
way wish to specify the regions manually. You can do this quite simply, by:**
|
||||
|
||||
ifdtool -f layout.txt rom.bin # For much newer platforms, add: --platform PLATFORM
|
||||
|
||||
and instead of `--ifd` in flashprog, use:
|
||||
|
||||
flashprog -p internal -l layout.txt -i gbe -w rom.bin.new
|
||||
|
||||
If you're running flashprog from host CPU on the target
|
||||
system, and it's dual flash, you can just flash the
|
||||
concatenated image, which you created earlier by running
|
||||
|
|
|
|||
Loading…
Reference in New Issue