[Guide] Recover from failed BIOS flash using Raspberry PI

There is also a video version available further down this post made by “tpc010"

An update regarding the JSPI1 header on MSI motherboards is available at the end of this guide.

What is a Raspberry PI? http://www.raspberrypi.org/faqs

Using a Raspberry PI to reprogram a SPI BIOS Chip, this is a relatively simple and inexpensive way to recover from almost any failed BIOS flash, including bad ME FW update.
The Rasperry PI costs about 25$, you also need a SDHC card for OS minimum 2GB.

Before starting, make sure that:

  1. The chip is not electrically damaged, is 3.3V, (Check the datasheet for your chip)
  2. The chip is supported by the free software “Flashrom” (>LINK<). It has worked with all the chips i’ve tried so far. Note: It’s not recommended to use another SPI chip of different vendor or model. Same model in different case will work fine.
  3. (Failed ME Update) The chipset on the motherboard is new enough to have the ME firmware in the BIOS, some older chipsets use a seperate chip and that will be more complicated.


You will need:
  1. A Raspberry PI :slight_smile: this guide is made with a Model B, Works fine with Raspberry PI 2 also.
  2. A soldering iron is recomended.
  3. Four resistors, i use 150 Ohm, if that doesn’t work with your particular setup, try another value, these are for some protection of the GPIO port, but not required.
  4. A Capacitor, the value is not super important, i use 47 MicroFarad, if you don’t have one, you could try without it.
  5. One DIL-8 or 16 socket, and also what i used to make the connection to the RPI was an old “Front Panel Connector” (Power, reset, HDD and others) from an old computer chassis i have.

You can also use a PATA cable.
If you don’t have something similar, you would have to solder the wires directly on the RPI.

First thing to do is prepare the BIOS rom file, if you have a .cap file it needs to be converted to a standard rom first, for Asus this can be done with UEFITool to remove capsule header, just open your CAP file, click RMB on top tree item named “UEFI 2.0 Capsule” or “AMI Aptio Capsule” and select “Extract body…” action. The resulting file is a ROM without capsule header, now it’s a standard rom file, name it for this tutorial: " 1.rom” and copy it to a USB-stick.

On your Raspberry, download Flashrom http://www.flashrom.org i use the latest source and compile it for best chip support,
to compile, open a terminal run:

sudo apt-get install pciutils-dev

then in the terminal go to the directory you extracted flashrom to run:

sudo make

sudo make install

Then some config, in the terminal run:

sudo vi /etc/modprobe.d/raspi-blacklist.conf

Then press ‘i’ to be able to insert characters
Add ‘#’ in front of ‘blacklist spi-bcm2708’ to comment it out
Press ‘i’ again to exit insert mode
Exit the editor with ':wq’

It should look like this:


Then turn off your Raspberry.
Solder the wires, resistors and capacitor to the DIL socket, like in this schematic:



Connect to the GPIO pins:




Before any flashing, image file must be checked for sanity. Any ready-to-flash image file for Intel-based boards must have >this< format, and conformity to it must be explicitly checked.
It can be done manually using HexEditor (just look for 0x0FF0A55A signature on offset 0x10) or with UEFITool, that either shows opened ROM file as “Intel image” with Descriptor and other regions in it, or shows “XX region has intersection with YY region” message (common bug in descriptor configuration of modern Gigabyte boards).
Another requirement for any UEFI BIOS for any X86-based platform is that Volume Top File must be located so, that it’s last byte is also the last byte of the image, that is why ready-to-flash images with kilobytes of 0xFFs at the end are suspicious.
The size of image must be the same as the size of SPI chip.

Make sure everything looks Ok, insert the BIOS chip into the DIL socket, then power on the Raspberry.

Copy 1.rom to your Raspberry, i usually just put it in /tmp

On Linux what you type in a teminal is case sensitive.

To erase the chip (not needed on most chips) run:

sudo flashrom -E -V -p linux_spi:dev=/dev/spidev0.0

To begin flashing run:

sudo flashrom -w /tmp/1.rom -V -p linux_spi:dev=/dev/spidev0.0

If it does not detect the chip, may be not configured “raspi-blacklist.conf” try running these commands:

modprobe spi_bcm2708

modprobe spidev

if it still doesn’t work, check all the connections, make sure it’s supported by “flashrom”.

When it’s finished flashing and verifying:

Close the terminal, shutdown the Raspberry and remove the chip carefully from the DIL socket, put it back in the motherboard, and power up.

Note: When reprogramming a chip this way, you may lose the NICs MAC address, this can usually be restored in different ways, provided you have it somewhere, it can be a sticker on the MB or if you have a router it could still be in the log files.

Some information regarding the JSPI1 header on MSI motherboards.

I have now tested it and can confirm that it works, what i did was disconnect the Power and remove the battery, then i connected the GPIO pins, also 3.3v from the Raspberry to the appropriate pins on the motherboard, powered on the Raspberry and flashed it.
There is useful information about the JSPI1 header here.


Video version of this guide by "tpc010"



EDIT: Updated 07/11/2015
Thanks to “CodeRush” and “tpc010” for contributing valuable information to this guide.
|addpics|242-1-ddde.jpg,242-2-c07f.jpg,242-3-18d3.jpg,242-4-e73f.jpg,242-5-0b93.jpg|/addpics|

@ Pacman:

Thank you very much for posting this important Tutorial within the BIOS Modding section of my Forum.
Since the flash of a modified BIOS is one of the most risky things a PC or Notebook user can do, it is a very good idea to provide a Tutorial, which may help to recover a working BIOS in case of a previous BIOS flash failure.
That is why I have stickied the thread.

Regards
Fernando.

@Pacman , may I add some information and a bit of correction your guide? :slight_smile:
1. fd44cpr is not meant to be used that way. :slight_smile: Use UEFITool to remove capsule header, just open your CAP file, click RMB on top tree item named “UEFI 2.0 Capsule” or “AMI Aptio Capsule” and select “Extract body…” action. The resulting file is a ROM without capsule header.
2. Before any flashing, image file must be checked for sanity. Any ready-to-flash image file for Intel-based boards must have this format, and conformity to it must be explicitly checked.
It can be done manually using HexEditor (just look for 0x0FF0A55A signature on offset 0x10) or with UEFITool, that either shows opened ROM file as “Intel image” with Descriptor and other regions in it, or shows “XX region has intersection with YY region” message (common bug in descriptor configuration of modern Gigabyte boards).
Another requirement for any UEFI BIOS for any X86-based platform is that Volume Top File must be located so, that it’s last byte is also the last byte of the image, that is why ready-to-flash images with kilobytes of 0xFFs at the end are suspicious.
The size of image must be the same as the size of SPI chip, finally.
3. Keep in mind that despite of protocol and electrical compatibility of different SPI chips, the system will not boot from chip of another vendor or model without proper BIOS modification (VSCC table in descriptor, maybe additional PEI and DXE modules too), so it;s not recommended to use another SPI chip of different vendor or model. Same model in different case will work fine.
4. Resistors and capacitor are good to be present, but not required, and flashing will work fine without them.
Thanks for your great guide, it really helps others.

@CodeRush
Yes, thank you for your input, and for the great software you create :slight_smile:
I will update this guide soon, there are also some other things i have been meaning to change.

Brilliant tut. Thanks!

Hi Pacman,

Could you please elaborate on this:



Also, when I issue this command:



I get this error message:



I used sudo apt-get update and sudo apt-get upgrade.

I’m a newcomer to the Raspberry Pi and Linux, in general, so I presume I miss something basic.

Thanks!

vitya

@ vitya:
Welcome at Win-RAID Forum!

FYI: Pacman is Moderator at Station-Drivers.com and not very often online here.
If Pacman should not reply directly within the next 24 hours, I recommend to send him a PM.
This way he will get an information, that someone needs his personal support.

Regards
Fernando

Thanks, Fernando!

@vitya

Hi
I’m not at home but i’ll try to answer your questions.

Under title “Manual installation” on this page http://flashrom.org/Downloads
you will see how to compile latest source code.

About PCI-Utils, i Think not needed anymore, if you are using the latest Raspbian, you should be able to compile flashrom anyway.
If any missing package, the required packages are listed on the flashrom download page also.

When i get back home i will update this guide.

Thanks for your efforts helping me out!

I downloaded, extracted the sources, but when running make This is the error I get:

1
2
3
4
5
6
7
8
9
10
11
12
13
 
pi@dev ~/flashrom-0.9.7 $ sudo make
Checking for a C compiler... found.
Target arch is arm
Target OS is Linux
Checking for libpci headers... .test.c:3:21: fatal error: pci/pci.h: No such file or directory
compilation terminated.
not found.
 
Please install libpci headers (package pciutils-devel).
See README for more information.
 
make: *** [hwlibs] Error 1
 
 


Running sudo aptitude install flashrom produces the following output:

1
2
3
4
5
6
7
 
pi@dev ~ $ sudo aptitude install flashrom
Couldn't find any package whose name or description matched "flashrom"
Couldn't find any package whose name or description matched "flashrom"
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
 
 


Any idea?

thanks!

Possibly should be "sudo apt-get install pciutils-dev".
If not, try "libpci-dev"

Otherwise i will check as soon as i get home.

Yes, sudo apt-get install pciutils-dev works. Apparently, in your guide at the top it’s sudo apt-get install pciutils-devel.

In fact, now I was able to continue and successfully read/write/erase a BIOS just a couple of minute ago.

A big thank you for your time!

That is great, thank you for reporting back.

When i wrote this guide some of it was from memory, i have now corrected the text.

Hi
Thanks a lot for this guide, I could recover a bricked motherboard =)

Best regards

@ juantaka:

Welcome at Win-RAID Forum and thanks for your feedback!

Regards
Fernando

Hi Pacman, thank you for the guide! I have some trouble, hope you can help me.
I have a supported chip (w25q32) that is soldered on the motherboard (i have read of users that managed to flash soldered chips with BusPirate). I have soldered wires from raspberry directly to the chip, as long as i don’t have a soic clip. But I did not use neither the capacitor or the resistors. Anyway when i use flashrom it says “unkonwn flash chip (0kb, SPI)”.
Also I do not have at all the raspi-blacklist.config file (but I read somewhere else that if there is not, it should not be a problem), but anyway when I go under /dev the device spidev0.0 is present.
Can you help me? Should i use capacitor and resistors? could it be a problem of the config file?
Thank you

@Bugger Vance

Hi
It should work without the resistors and capacitors, but as far as i know you do have to configure the raspi-blacklist.config, or, "modprobe spi_bcm2708" "modprobe spidev"
Flashrom is obviously not seeing the chip.
Also, make sure that the battery is removed and the board is completely without Power,
and use latest Raspbian, some releases have had problems with SPI.

I find that with soldered in chips it is necessary that you disconnect (isolate) the Vcc leg of the SPI chip from the board (sometimes the WP and HLD legs may also need to be isolated but try it just disconnecting Vcc first). Since other components are connected to Vcc you are trying to power them from the limited supply via the Raspberry.

Can I use this method to flash this chip? MX25U6435FM2I-10G ( http://www.datasheet-pdf.com/datasheetdownload.php?id=829809 ) It needs 1.8V, not 3.3V. Does flashrom support parameters like these? “AFUWINx64.EXE BAYAP.F4 /P /B /REBOOT /egm:npslp”. Thanks

@ goaspy:

Although I cannot answer your question (has to be done by a Raspberry PI expert), I welcome you at Win-RAID Forum!

Regards
Fernando