[prev in list] [next in list] [prev in thread] [next in thread] 

List:       flashrom
Subject:    [flashrom] Re: Test went wrong on GD25Q32(B)
From:       Angel Pons <th3fanbus () gmail ! com>
Date:       2020-03-01 11:27:00
Message-ID: CABqd-o29wwKOB-Eg_YMtzn3_CGZ6EV8SZR=6bxAY7kzwn72GVQ () mail ! gmail ! com
[Download RAW message or body]

Hi Jakob & Bendik

On Sat, Feb 29, 2020 at 11:35 PM Jakob Kok <jakobskok95@gmail.com> wrote:
> 
> Dear Flashrom,
> 
> We are two master students working on our thesis and in that regard we are doing a \
> security analysis on an embedded device. The embedded device has an external flash \
> memory, and it is of the GD25Q32(B) series. We are using a Shikra as extracting \
> device (ft2232h). On your website, it states that this should be a tested and \
> verified flash chip. However, we get this error message in our experiment - and we \
> would really appreciate if you looked into this. 
> flashrom -p ft2232_spi:type=232H -r spidump.bin
> flashrom v1.2-2-g0f510a7 on Linux 5.2.0-kali2-amd64 (x86_64)
> flashrom is free software, get the source code at https://flashrom.org
> 
> Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
> Found Generic flash chip "unknown SPI chip (RDID)" (0 kB, SPI) on ft2232_spi.

This means that flashrom was able to detect something, but failed to
identify the flash chip. If the flash chip is still soldered onto the
circuit board, it is extremely likely that the embedded device's SoC
is getting powered through the programmer. Most designs do not have
any isolation between the flash chip and the rest of the voltage rail,
so powering the flash chip also powers the rest of the board. If the
SoC receives enough power to turn on (even partially), it will attempt
to access the SPI flash chip, and it will conflict with your
programmer accesses.

To overcome this issue, I personally recommend desoldering the flash
chip. Since no other circuit may interfere, it is much easier to
verify that reading works consistently, using flashrom's `-v` command
line switch. In addition, this reduces the risk of killing the device,
as no external power needs to be applied to the board. Connnecting the
flash chip backwards may make it overheat, but I have never seen a
flash chip die because of that.

> ===
> This flash part has status NOT WORKING for operations: PROBE READ ERASE WRITE
> The test status of this chip may have been updated in the latest development
> version of flashrom. If you are running the latest development version,
> please email a report to flashrom@flashrom.org if any of the above operations
> work correctly for you with this flash chip. Please include the flashrom log
> file for all operations you tested (see the man page for details), and mention
> which mainboard or programmer you tested in the subject line.
> Thanks for your help!
> Read is not working on this chip. Aborting.

This is a consequence of the flash chip not being detected. To avoid
any issues, flashrom considers it to not be working, so that no
potentially destructive accesses may occur. Once the flash chip is
detected properly, this message should not appear.

> Best regards,
> Jakob Stenersen Kok & Bendik Aalmen Markussen
> 
> _______________________________________________
> flashrom mailing list -- flashrom@flashrom.org
> To unsubscribe send an email to flashrom-leave@flashrom.org

Best regards, and happy hacking!

Angel Pons
_______________________________________________
flashrom mailing list -- flashrom@flashrom.org
To unsubscribe send an email to flashrom-leave@flashrom.org


[prev in list] [next in list] [prev in thread] [next in thread]