Step 1)
Turn off the laptop; open the back case; and remove its battery (This is important because we use the external power and don't want to have any internal power source).
Step 2)
Locate the EFI chip on the motherboard. It is a Small Outline Integrated Circuit (SOIC) with 8 pins. The EFI chip on my laptop is a SST25VF032B-50-4C-S2AF - 32 Mbit SPI Serial Flash.
Step 3)
Just simply Google the name of the chip, you will find its datasheet.
http://www.datasheet.hk/view_download.php?id=1281512&file=0111\sst25vf032b_1179241.pdf
http://www.datasheet.hk/view_download.php?id=1914926&file=0458\sst25vf032b-80-4i-s2af_6370277.pdf
Understand the pins of the SOIC.
Step 4)
Get a 8 pin clip, a BusPirate, a mini-B USB cable, and a number of probes
Step 5)
Figure out how the BusPirate connects to the clip and SOIC: which pin connects to which one.
Pin layout of the BusPrirate
http://dangerousprototypes.com/docs/Bus_Pirate_I/O_Pin_Descriptions
Also, I think this is a nice figure to connect a 8 pin SOIC with the BusPirate. I believe all of the 8 pin SOIC has the same pin layout.
Note that WF# (write protect), HOLD# (hold), and VDD (power supply) connects to +3.3v line.
Step 6)
Connects the SOIC chip with the clip; connects the Buspirate to another machine. I used a Dell laptop with Ubuntu 14.04 LTS installed.
Step 7)
Read the EFI chip. There are two ways to read the flash. First, we can can use a serial console to manual read the chip. Second, we can use tool like flashrom to read it if flashrom supports it.
Method 1:
Install minicom to read the serial console. Configure the minicom by run $ minicom -s. You can add $sudo to save the setup as default. Also, don't configure F - Hardware Flow Control.
Press the Enter key, you should get a shell prompt. Next, configure the BusPirate to read SPI.
HiZ>?
-- show help
HiZ>m
-- change mode
HiZ>5
-- select SPI as the mode
HiZ>5
-- set speed as 1MHz
HiZ>[Enter]
-- set clock polarity as Idle low, which is default
HiZ>[Enter]
-- set output clock edge as Active to idle, which is default
HiZ>[Enter]
-- set Input sample phase as Middle, which is default
HiZ>[Enter]
-- set CS as /CS, which is default
HiZ>2
-- select output type as Normal (H=3.3v, L=GND)
SPI is read to use.
Method 2:
Go to flashrom website: http://flashrom.org/Supported_hardware
Search your chip to see if it is supported. For example, the EFI chip, SST25VF032B, on my MacBook Pro is supported.
Install flashrom, use it to read the EFI chip.
$ ./flashrom -p buspiratespi:dev=/dev/ttyUSB0,spispeed=1M -r efi.rom
This command specify to use the BubPirate as the programmer to read the EFI chip. Try this command multiple times because the USB cable may not have enough power to read it. Also, try to change the SPI speed to 256K or other values. See the man page of flashrom for more details.
If the reading is not successful, you may want to use the minicom to configure the buspirate first, then use the flashrom to read it.
