canoeboot
/
cbwww
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update safety advice for ifdtool 

reference the platform option needed in ifdtool, on some newer
platforms; canoeboot doesn't have anything needing it, but this
is generic nvmutil instructions, and nvmutil is compatible
with gbe regions of many platforms

Signed-off-by: Leah Rowe <leah@libreboot.org>
master
Leah Rowe 2024-12-14 04:42:06 +00:00 committed by Leah Rowe
parent 627c6400d2
commit 401d544b59
1 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
site/docs/install/nvmutil.md
View File

@ -163,12 +163,24 @@ with `make`, to get an ifdtool binary.
To make internal flashing possible later on, you might do: To make internal flashing possible later on, you might do:
ifdtool --unlock rom.bin ifdtool --unlock rom.bin # READ THE WARNING BELOW FIRST
**WARNING: On some newer platforms, please check `--platform` in `--help`:**
ifdtool --platform PLATFORM --unlock rom.bin
Running this command will create a modified image, Running this command will create a modified image,
named `rom.bin.new`. This file will have all regions set named `rom.bin.new`. This file will have all regions set
to read-write, per configuration in the Intel Flash Descriptor. to read-write, per configuration in the Intel Flash Descriptor.
Note: if you want the original image to be modified, without needing to
keep track of `rom.bin.new` as mentioned above, use the -O switch. For example,
repeating the above command:
ifdtool --unlock rom.bin -O rom.bin
(add the `--platform` option if you need to)
In addition to unlocked regions, you may wish to *neuter* the In addition to unlocked regions, you may wish to *neuter* the
Intel Management Engine, removing all the nasty spying features Intel Management Engine, removing all the nasty spying features
from it, using `me_cleaner`. See: from it, using `me_cleaner`. See:
@ -181,7 +193,7 @@ article, so you should read their documentation.
Now run this: Now run this:
ifdtool -x rom.bin ifdtool -x rom.bin # For much newer platforms, add: --platform PLATFORM
Several files will be created, and the one you need to Several files will be created, and the one you need to
operate on is named `flashregion_3_gbe.bin` so please operate on is named `flashregion_3_gbe.bin` so please
@ -191,7 +203,7 @@ Read the notes below about how to use the `nvmutil` program,
operating on this file. When you're done, you can insert the operating on this file. When you're done, you can insert the
modified GbE file back into your ROM image, like so: modified GbE file back into your ROM image, like so:
ifdtool -i gbe:flashregion_3_gbe.bin rom.bin ifdtool -i gbe:flashregion_3_gbe.bin rom.bin # For much newer platforms, add: --platform PLATFORM
This will create the file `rom.bin.new`, which contains This will create the file `rom.bin.new`, which contains
your modified GbE section with the NVM images inside; this your modified GbE section with the NVM images inside; this
@ -208,6 +220,16 @@ region, like so:
flashprog -p internal --ifd -i gbe -w rom.bin.new flashprog -p internal --ifd -i gbe -w rom.bin.new
**WARNING: If using `--ifd` in flashprog, note that flashprog probably doesn't
have anything similar to the `--platform` option in ifdtool. Therefore, you
way wish to specify the regions manually. You can do this quite simply, by:**
ifdtool -f layout.txt rom.bin # For much newer platforms, add: --platform PLATFORM
and instead of `--ifd` in flashprog, use:
flashprog -p internal -l layout.txt -i gbe -w rom.bin.new
If you're running flashprog from host CPU on the target If you're running flashprog from host CPU on the target
system, and it's dual flash, you can just flash the system, and it's dual flash, you can just flash the
concatenated image, which you created earlier by running concatenated image, which you created earlier by running