Does hardware firmware programming always work?

[Haswellx86]

I was writing a paragraph but I guess I could ask it straight away. I might be doing firmware modification of the motherboard because of reasons and if something goes wrong, I want it to be recoverable.

 

This HP laptop is a premium business laptop with "HP Sure Start" which automatically recovers the firmware in case of an integrity violation. The worst part is that I couldn't get it to manually recover the firmware. That is not possible in case of Sure Start. This Sure Start thing seems high level and I don't trust it. In case if my motherboard is bricked, is it possible to flash a new firmware through hardware means? What methods are there like, USB and what? And with the stuff they do with business laptops, I have a feeling they might not support firmware programming. I don't know. What does it take to be able to support it? Can I know it myself? And if Sure Start takes action on integrity violations, can I even modify the firmware like that?

 

Is it okay to run this command in Linux to force check if IFR editing is supported? I have been told that is could brick my system.

 

flashrom -p internal:laptop=force_I_want_a_brick --wp-disable

or

flashrom -p internal:laptop=this_is_not_a_laptop --wp-disable

 

[Nayr438]

If you are modifying the firmware of a chip you want to create a backup before you do anything preferably via a chip programmer, for pc bios chips I use a cheap CH431A programmer.  Just be aware that on some boards, not all, you have to desolder the chip to interact with it due to other components drawing to much power on the same circuit.

I specifically have this one https://www.amazon.com/gp/product/B07SHSL9X9 and it's windows driver and programmer can be found at https://github.com/Keeyees/CH341A-Manual-NEW-JP/tree/main, tho you can also use flashrom with it on linux.

[Haswellx86]

@Nayr438

 

What are the chances programming is not supported, or does that not happen? And desolder the chip? That's a lot of pain and risk. I don't have the tools and I will be going to a repair shop for it.

 

8 minutes ago, Nayr438 said:

tho you can also use flashrom with it on linux.

I asked about the risk earlier. I need to force disable write protection on my system.

[Dutch_Master]

BIOS chips are protected against tampering, so hardware level programming won't help you. Learn to live with that untrusted feature or tell your employer to get a machine w/o that functionality. (and probably get sacked the day after Pick your battles carefully!)

[Nayr438]

15 hours ago, Haswellx86 said:

@Nayr438

 

What are the chances programming is not supported, or does that not happen? And desolder the chip? That's a lot of pain and risk. I don't have the tools and I will be going to a repair shop for it.

 

I asked about the risk earlier. I need to force disable write protection on my system.

The system could reject changes to the bios ROM which could be a whole other rabbit hole, I've personally never ran into this but I have also never ran into HP sure start and I don't tend to use modified images. I mostly do this for system repairs, you would be surprised how often a bios flash revives a seemingly dead board.

 

You are modifying a core component, there is risk involved. Without a direct backup and a way to directly flash it back to the chip the system could become a paperweight. Just a note as well, most bios images from manufacturer websites can not be flashed with a chip programmer, you either need a direct backup from the current device or you have to dump it from another system, which for a repair shop could mean buying another board.

 

As far the wp bit you may not be able to change that from software but a programmer should bypass it as pulls the wp pin high, but again you may need to remove the chip. Doing this should retain its wp status for ro verification. You can also check the board itself as some do have a wp jumper of some sort. If the wp bit is disabled and the system expects it to be enabled then again it could brick it. If anything doing this via just software could potentially be riskier making recovery more difficult, you can easily make hardware changes but software relies on making it back to a point where it can be modified again which may never occur.