From 401d544b59b04832815c2df67afb9eba5bc9a1e8 Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Sat, 14 Dec 2024 04:42:06 +0000 Subject: [PATCH] update safety advice for ifdtool reference the platform option needed in ifdtool, on some newer platforms; canoeboot doesn't have anything needing it, but this is generic nvmutil instructions, and nvmutil is compatible with gbe regions of many platforms Signed-off-by: Leah Rowe --- site/docs/install/nvmutil.md | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/site/docs/install/nvmutil.md b/site/docs/install/nvmutil.md index 851418e..ff95253 100644 --- a/site/docs/install/nvmutil.md +++ b/site/docs/install/nvmutil.md @@ -163,12 +163,24 @@ with `make`, to get an ifdtool binary. To make internal flashing possible later on, you might do: - ifdtool --unlock rom.bin + ifdtool --unlock rom.bin # READ THE WARNING BELOW FIRST + +**WARNING: On some newer platforms, please check `--platform` in `--help`:** + + ifdtool --platform PLATFORM --unlock rom.bin Running this command will create a modified image, named `rom.bin.new`. This file will have all regions set to read-write, per configuration in the Intel Flash Descriptor. +Note: if you want the original image to be modified, without needing to +keep track of `rom.bin.new` as mentioned above, use the -O switch. For example, +repeating the above command: + + ifdtool --unlock rom.bin -O rom.bin + +(add the `--platform` option if you need to) + In addition to unlocked regions, you may wish to *neuter* the Intel Management Engine, removing all the nasty spying features from it, using `me_cleaner`. See: @@ -181,7 +193,7 @@ article, so you should read their documentation. Now run this: - ifdtool -x rom.bin + ifdtool -x rom.bin # For much newer platforms, add: --platform PLATFORM Several files will be created, and the one you need to operate on is named `flashregion_3_gbe.bin` so please @@ -191,7 +203,7 @@ Read the notes below about how to use the `nvmutil` program, operating on this file. When you're done, you can insert the modified GbE file back into your ROM image, like so: - ifdtool -i gbe:flashregion_3_gbe.bin rom.bin + ifdtool -i gbe:flashregion_3_gbe.bin rom.bin # For much newer platforms, add: --platform PLATFORM This will create the file `rom.bin.new`, which contains your modified GbE section with the NVM images inside; this @@ -208,6 +220,16 @@ region, like so: flashprog -p internal --ifd -i gbe -w rom.bin.new +**WARNING: If using `--ifd` in flashprog, note that flashprog probably doesn't +have anything similar to the `--platform` option in ifdtool. Therefore, you +way wish to specify the regions manually. You can do this quite simply, by:** + + ifdtool -f layout.txt rom.bin # For much newer platforms, add: --platform PLATFORM + +and instead of `--ifd` in flashprog, use: + + flashprog -p internal -l layout.txt -i gbe -w rom.bin.new + If you're running flashprog from host CPU on the target system, and it's dual flash, you can just flash the concatenated image, which you created earlier by running