Showing posts with label BIOS. Show all posts
Showing posts with label BIOS. Show all posts
Friday, June 19, 2015
What is the booting process for x86 machines
http://www.dewassoc.com/kbase/hard_drives/master_boot_record.htm
Wednesday, November 19, 2014
Reading the EFI chip from MacBook Pro
I have a MacBook Pro 2009, and its Model No. is A1286. Next, I will explain how to read the EFI chip externally.
Step 1)
Turn off the laptop; open the back case; and remove its battery (This is important because we use the external power and don't want to have any internal power source).
Step 2)
Locate the EFI chip on the motherboard. It is a Small Outline Integrated Circuit (SOIC) with 8 pins. The EFI chip on my laptop is a SST25VF032B-50-4C-S2AF - 32 Mbit SPI Serial Flash.
Step 3)
Just simply Google the name of the chip, you will find its datasheet.
http://www.datasheet.hk/view_download.php?id=1281512&file=0111\sst25vf032b_1179241.pdf
http://www.datasheet.hk/view_download.php?id=1914926&file=0458\sst25vf032b-80-4i-s2af_6370277.pdf
Understand the pins of the SOIC.
Step 4)
Get a 8 pin clip, a BusPirate, a mini-B USB cable, and a number of probes
Step 5)
Figure out how the BusPirate connects to the clip and SOIC: which pin connects to which one.
Pin layout of the BusPrirate
http://dangerousprototypes.com/docs/Bus_Pirate_I/O_Pin_Descriptions
Also, I think this is a nice figure to connect a 8 pin SOIC with the BusPirate. I believe all of the 8 pin SOIC has the same pin layout.
Note that WF# (write protect), HOLD# (hold), and VDD (power supply) connects to +3.3v line.
Step 6)
Connects the SOIC chip with the clip; connects the Buspirate to another machine. I used a Dell laptop with Ubuntu 14.04 LTS installed.
Step 7)
Read the EFI chip. There are two ways to read the flash. First, we can can use a serial console to manual read the chip. Second, we can use tool like flashrom to read it if flashrom supports it.
Method 1:
Install minicom to read the serial console. Configure the minicom by run $ minicom -s. You can add $sudo to save the setup as default. Also, don't configure F - Hardware Flow Control.
Press the Enter key, you should get a shell prompt. Next, configure the BusPirate to read SPI.
HiZ>?
-- show help
HiZ>m
-- change mode
HiZ>5
-- select SPI as the mode
HiZ>5
-- set speed as 1MHz
HiZ>[Enter]
-- set clock polarity as Idle low, which is default
HiZ>[Enter]
-- set output clock edge as Active to idle, which is default
HiZ>[Enter]
-- set Input sample phase as Middle, which is default
HiZ>[Enter]
-- set CS as /CS, which is default
HiZ>2
-- select output type as Normal (H=3.3v, L=GND)
SPI is read to use.
Method 2:
Go to flashrom website: http://flashrom.org/Supported_hardware
Search your chip to see if it is supported. For example, the EFI chip, SST25VF032B, on my MacBook Pro is supported.
Install flashrom, use it to read the EFI chip.
$ ./flashrom -p buspiratespi:dev=/dev/ttyUSB0,spispeed=1M -r efi.rom
This command specify to use the BubPirate as the programmer to read the EFI chip. Try this command multiple times because the USB cable may not have enough power to read it. Also, try to change the SPI speed to 256K or other values. See the man page of flashrom for more details.
If the reading is not successful, you may want to use the minicom to configure the buspirate first, then use the flashrom to read it.
Step 1)
Turn off the laptop; open the back case; and remove its battery (This is important because we use the external power and don't want to have any internal power source).
Step 2)
Locate the EFI chip on the motherboard. It is a Small Outline Integrated Circuit (SOIC) with 8 pins. The EFI chip on my laptop is a SST25VF032B-50-4C-S2AF - 32 Mbit SPI Serial Flash.
Step 3)
Just simply Google the name of the chip, you will find its datasheet.
http://www.datasheet.hk/view_download.php?id=1281512&file=0111\sst25vf032b_1179241.pdf
http://www.datasheet.hk/view_download.php?id=1914926&file=0458\sst25vf032b-80-4i-s2af_6370277.pdf
Understand the pins of the SOIC.
Step 4)
Get a 8 pin clip, a BusPirate, a mini-B USB cable, and a number of probes
Step 5)
Figure out how the BusPirate connects to the clip and SOIC: which pin connects to which one.
Pin layout of the BusPrirate
http://dangerousprototypes.com/docs/Bus_Pirate_I/O_Pin_Descriptions
Also, I think this is a nice figure to connect a 8 pin SOIC with the BusPirate. I believe all of the 8 pin SOIC has the same pin layout.
Note that WF# (write protect), HOLD# (hold), and VDD (power supply) connects to +3.3v line.
Step 6)
Connects the SOIC chip with the clip; connects the Buspirate to another machine. I used a Dell laptop with Ubuntu 14.04 LTS installed.
Step 7)
Read the EFI chip. There are two ways to read the flash. First, we can can use a serial console to manual read the chip. Second, we can use tool like flashrom to read it if flashrom supports it.
Method 1:
Install minicom to read the serial console. Configure the minicom by run $ minicom -s. You can add $sudo to save the setup as default. Also, don't configure F - Hardware Flow Control.
Press the Enter key, you should get a shell prompt. Next, configure the BusPirate to read SPI.
HiZ>?
-- show help
HiZ>m
-- change mode
HiZ>5
-- select SPI as the mode
HiZ>5
-- set speed as 1MHz
HiZ>[Enter]
-- set clock polarity as Idle low, which is default
HiZ>[Enter]
-- set output clock edge as Active to idle, which is default
HiZ>[Enter]
-- set Input sample phase as Middle, which is default
HiZ>[Enter]
-- set CS as /CS, which is default
HiZ>2
-- select output type as Normal (H=3.3v, L=GND)
SPI is read to use.
Method 2:
Go to flashrom website: http://flashrom.org/Supported_hardware
Search your chip to see if it is supported. For example, the EFI chip, SST25VF032B, on my MacBook Pro is supported.
Install flashrom, use it to read the EFI chip.
$ ./flashrom -p buspiratespi:dev=/dev/ttyUSB0,spispeed=1M -r efi.rom
This command specify to use the BubPirate as the programmer to read the EFI chip. Try this command multiple times because the USB cable may not have enough power to read it. Also, try to change the SPI speed to 256K or other values. See the man page of flashrom for more details.
If the reading is not successful, you may want to use the minicom to configure the buspirate first, then use the flashrom to read it.
Thursday, November 7, 2013
Good summary of SRTM and DRTM
http://security.hsr.ch/mse/projects/2011_Root_of_Trust_for_Measurement.pdf
Friday, April 5, 2013
How does BIOS work
From: http://www.biosren.com/thread-3075-1-1.html
| 这个过程.....虽然我大体知道但是也说不清楚。还是帮你看了哈总结出来的贴给你看哈: 1. 当机器被打开时,等电源稳定之后,电源会发送一个“加电成功信号”给芯片,以启动时钟生成器(8284); 2. 然后,CPU重新自设定为初试状态,开始准备运行。当CPU最初被启动的时候,系统RAM中是空的,没有任何内容可供执行。当然CPU设计者也知道这一点,所以他们对CPU进行了预先编程,以让CPU在这个阶段总是去查找系统BIOSROM中的一个固定的位置,以启动BIOS BootProgram,这个位置为FFFF0h,这个位置是UMA临近结尾的位置。之所以选择这个位置是因为,这样就不会引起由于ROM的大小改变而造成的兼容性问题。既然FFFF0h到UMA结束的位置之后16个字节,所以这里只放置着一个Jump指令,以进一步跳转到真正的BIOSstartup program的位置。(不同的BIOS厂商可以将其放在不同的位置,只需要通过Jump指定就可以了)。 3. 然后BIOS开始实施Power-OnSelf Test(POST),在这个过程中,如果遇到任何错误,Booting处理就会结束,机器会被挂起。 4. 然后BIOS开始查找显示卡。精确的说,是查找被内建在BIOS内部的显示卡程序,并执行它,它通常被放在C0000h的内存位置,它的作用是初始化显示卡。绝大多数的现代显示卡都能够在显示器上显示它的相关信息。这就是为什么当我们开机的时候,首先会在显示器的顶端会出现关于显示卡的信息。 5. 然后BIOS会查看其它设备的ROM,看一看这些设备之中哪些存在着BIOS,通常能够在C8000h的位置找到IDE/ATA硬盘的BIOS,并执行它们。如果找到任何其它设备的BIOSes,它们也会被执行。 6. 然后BIOS显示它的启动屏幕。 7. 然后BIOS开始做进一步的检测,包括我们可以看到的内存容量检测。在这个阶段,如果BIOS遇到任何错误,BIOS将会在屏幕上显示它的错误信息。 8. 然后BIOS会根据自己的"系统资源列表“,来对系统资源进行进一步的检测以确定究竟那些系统资源(设备)被安装在机器上。有些计算机会逐步显示这些被检测到的设备。 9. 如果BIOS支持Plug&play标准,它将会检测和配置Plug&play设备,并显示这些它找到的设备。 10. 等着一些检测结束之后,BIOS会在系统屏幕上列出一个检测总结。 11. 然后BIOS开始寻找一个启动设备,你可以通过配置BIOS来决定其搜索的顺序,这些设备包括FloppyDisk(A),或者Hard Disk(C),甚至还可以包括CD-ROM Driver或者其它设备。 12. 当找到响应的启动设备之后,BIOS将会查找Boot信息以开始OS的启动过程。如果它找到了一个HardDisk,它将会查找一个位于Cylinder 0, Head 0, Sector 1的Master BootRecord(硬盘的第一个扇区),如果它找到的是Floppy Disk,它也会读区软盘的第一个扇区。 13. 如果找不到任何启动设备,系统将会显示一条错误信息,然后冻结系统。如果找到了响应的启动设备,BIOS会将读到的扇区放在内存7C00h的位置,并跳转到那里执行它。从此以后,就有硬件启动阶段进入了OS启动阶段。 总之,这个阶段有大量的事情要做,比如自检,初始化各种芯片,控制器,与端口;包括显示器,内存,键盘,软驱,串口等等;在这个过程中BIOS将检测到的数据放置于1K到2K的RAM,这个区域因此也被称为BIOS Data Area;同时还将中断向量以及BIOS程序运行所需要的Stack设置置于0到1K的RAM。最终,POST执行INT 19h中断,找到可以启动的磁盘,并将boot程序装入内存7C00h,并将控制权交给OS的boot程序。 也不知是否正确。 |
Wednesday, August 22, 2012
Subscribe to:
Posts (Atom)