flashrom support broken

[ArtificialAmateur]

I've been having issue after issue of trying to get my BPv4 to properly flash dump.

v7.1 firmware: Hangs on Initializing buspirate_spi programmer

6.2-r1981 / v7.0 / v6.3-r2151: Chip either isnt detected half the time or the other half it reads the entire binary as all "0xFF" or "0x00".

I've swapped out my FT2232H in between each time to assure it isnt the target chip or the cables.

[USBEprom]

Hi.
Please, what exactly is the target chip you are dealing with?
What is the release of flashrom you are using?
What is the operating system you are running?
Thanks.

[ArtificialAmateur]

Please, what exactly is the target chip you are dealing with?

Winbond W25Q80DV

What is the release of flashrom you are using?

flashrom-1.1-rc1

What is the operating system you are running?

Debian 4.19.37-3 (2019-05-15)

[USBEprom]

Hi guys.
Today while I was doing some tests with some SPI memories I have sadly noticed that FLASHROM no longer works properly also with the Bus Pirate v3.
The latest working firmwares are version S_1-28102018.hex and U_1-28102018.hex which are located here:

http://dangerousprototypes.com/forum/index.php?topic=8498.msg67796#msg67796

All the firmwares released later do not work properly with FLASHROM probably due to some incompatibility introduced with the patch used to correct timing in the protocols 2-WIRE, 3-WIRE and 1-WIRE, as the culprit seems to be due to the management of delays:

#23 (comment)

Indeed, using the commands "&" and "%" of the Bus Pirate v3 directly from the terminal no delay is introduced as if they were ignored.
For its part FLASHROM in my case is able to recognize and read the chips but not to delete/write them.

http://dangerousprototypes.com/forum/index.php?topic=8498.msg70075#msg70075

Be seeing you.

U.Sb

[ipatch]

I spent a little time messing around with this issue this evening, and can confirm the latest flashrom v1.1 does not work with the latest compiled version of this firmware. I tried a different firmware from the dangerousprototypes forum, and could not get that to work either.

For the time being I downgraded flashrom from 1.1 to v1.0.1 and created a custom formula so flashrom would compile / build against the libftdi v1.4 library as opposed to the older v0.2 of the libftdi library.

And yes I tried flashrom with this firmware compiling against both the libftdi libraries and got the same results with both version of flashrom 1.1

I am able to successfully build the firmware from the master branch of this repo and use the mac pirate loader utility to load bootloader 4.3 and FW CE 7.1 and flashrom was able to dump the contents of a winbond flash chip.

All this was performed on macOS 10.13.6

For anyone else running into similar issues running macOS, I have a flashrom formula for homebrew here

[robertodormepoco]

Hi, same problem here

i had to go back to v6.1 (BP v3.5) and @ipatch custom formula allowed me to make flashrom work (though my rom is not recognized and does not seem to be in list :( )

for the sake of trying, using flashrom 1.1 i get this (that has an updated list of supported devices)

? /usr/local/Cellar/flashrom/1.1/bin/flashrom -p buspirate_spi:dev=/dev/tty.usbserial-A500E4N4,spispeed=1M -r flash.bin --verbose
flashrom v1.1 on Darwin 18.7.0 (x86_64)
flashrom is free software, get the source code at https://flashrom.org

flashrom was built with LLVM Clang 10.0.1 (clang-1001.0.46.4), little endian
Command line (5 args): /usr/local/Cellar/flashrom/1.1/bin/flashrom -p buspirate_spi:dev=/dev/tty.usbserial-A500E4N4,spispeed=1M -r flash.bin --verbose
Calibrating delay loop... OS timer resolution is 1 usecs, 2096M loops per second, 10 myus = 10 us, 100 myus = 115 us, 1000 myus = 1003 us, 10000 myus = 10020 us, 4 myus = 5 us, OK.
Initializing buspirate_spi programmer
Detected Bus Pirate hardware 3.5
Detected Bus Pirate firmware 6.1
Using SPI command set v2.
SPI speed is 1MHz
Bus Pirate v3 or newer detected. Set serial speed to 2M baud.
Warning: given baudrate 2000000 rounded down to 230400.

so I'd say that an old flashrom version/BP firmware is the way to go, sadly i can't confirm it is working 100% in my case due to the lack of supported device

[ipatch]

hi @robertodormepoco

this is the setup i'm currently using on my bus pirate. i have the, BPv3a from September 2009, and the software stack on my pirate is,

HiZ>i
Bus Pirate v3.a
Community Firmware v7.1 - goo.gl/gCzQnW [HiZ 1-WIRE UART I2C SPI 2WIRE 3WIRE PIC DIO] Bootloader v4.3
DEVID:0x0447 REVID:0x3003 (24FJ64GA00 2 A3)
http://dangerousprototypes.com
HiZ>

and i have flashrom pinned to v1.01 on my macbook running macOS 10.13.6

flashrom v1.0.1 on Darwin 17.7.0 (x86_64)
flashrom is free software, get the source code at https://flashrom.org

i don't remember if i tested on any Linux based distros, but the above mentioned setup allowed me to read/dump the contents of the winbond chip on my open bench logic sniffer.

[ipatch]

a little bump on this, I can no longer read an SPI flashchip using flashrom while mixing and matching various versions of flashrom, bp firmware, ftdi drivers on macos.

[Skirmisher]

New BP user here (Sparkfun's v3.6a). Was working on flashing a Macronix chip, took a while to get it hooked up correctly (various silly issues) but flashrom would detect it. However, when trying to write to it, it would hang after detection before even getting to the initial read (i.e. before printing out "Reading old flash chip contents..."). I had installed BP firmware 7.1 (specifically this tag because it was convenient), and after reading this thread I went back and installed the last "official" firmware, 6.1. After doing that and retrying, flashrom no longer hung and could read/erase/write the chip correctly.

This was with flashrom version 1.2, libftdi version 1.4, on Fedora 32.

Edit: Firmware 6.3 works with flashrom as well.

[USBEprom]

@Skirmisher

About the Bus Pirate revision v3, from http://dangerousprototypes.com/forum/index.php?topic=8498.msg70075#msg70075

the latest firmwares that are working with FLASHROM are version S_1-28102018.hex and U_1-28102018.hex which are located here:

http://dangerousprototypes.com/forum/index.php?topic=8498.msg67796#msg67796

Direct download from here:

http://dangerousprototypes.com/forum/index.php?action=dlattach;topic=8498.0;attach=9896

All the firmwares v7.x for the Bus Pirate v3 released later, until the aforementioned version S_1-28102018.hex and U_1-28102018.hex and later, do not work properly with FLASHROM probably due to some incompatibility introduced with the patch used to correct timing in the protocols 2-WIRE, 3-WIRE and 1-WIRE, as the culprit seems to be due to the management of delays:

#23 (comment)

Indeed, using the commands "&" and "%" of the Bus Pirate v3 directly from the terminal no delay is introduced as if they were ignored.
For its part FLASHROM in my case is able to recognize and read the chips but not to delete/write them.

http://dangerousprototypes.com/forum/index.php?topic=8498.msg70075#msg70075

---

From http://dangerousprototypes.com/forum/index.php?topic=8498.msg70165#msg70165

there are also S_1-29092019.hex and U_1-29092019.hex that are exactly the same S_1-28102018.hex and U_1-28102018.hex as before but rebuilt with the agatti fix for avrdude in spi.c. (http://dangerousprototypes.com/forum/index.php?topic=8498.msg70164#msg70164)

Direct download from here:

http://dangerousprototypes.com/forum/index.php?action=dlattach;topic=8498.0;attach=15167

---

Firmwares busPirate-JTAG_SAFE_1.hex and busPirate_JTAG_UNSAFE_1.hex (http://dangerousprototypes.com/forum/index.php?topic=8498.msg71171#msg71171 ) which have the JTAG fix from issue 134 (#134) provided by Gabriel Smith as from his commit dated 21 May 2020, both of them are not working with FLASHROM, just same as those you wrote (https://github.com/gdamjan/Bus_Pirate/releases/tag/v.test2).

---

You are right the old firmwares v6.x work with FLASHROM and also the firmwares v7.x up to the releases written in the opening.

[gipi]

I'm trying to use flashrom with the Bus Pirate but I'm struggling a lot and from this thread is not clear if is enough to flash the versions indicated (thing that I've done) or is necessary a particular version of flashrom.

I'm using an Ubuntu 20.04.2 LTS with flashrom 1.2-5; my Bus Pirate has the following setup

SPI>i
Bus Pirate v3.a
Community Firmware v7.1 - goo.gl/gCzQnW [HiZ 1-WIRE UART I2C SPI 2WIRE 3WIRE KEYB LCD PIC DIO] Bootloader v4.4
DEVID:0x0447 REVID:0x3046 (24FJ64GA00 2 B8)
http://dangerousprototypes.com
CFG1:0xFFDF CFG2:0xFF7F
*----------*
Pinstates:
1.(BR)	2.(RD)	3.(OR)	4.(YW)	5.(GN)	6.(BL)	7.(PU)	8.(GR)	9.(WT)	0.(Blk)
GND	3.3V	5.0V	ADC	VPU	AUX	CLK	MOSI	CS	MISO
P	P	P	I	I	I	O	O	O	I	
GND	3.29V	4.98V	0.00V	0.00V	L	L	H	H	H	
POWER SUPPLIES ON, Pull-up resistors OFF, Normal outputs (H=3.3v, L=GND)
MSB set: MOST sig bit first, Number of bits read/write: 8
a/A/@ controls AUX pin
SPI (spd ckp ske smp csl hiz)=( 4 0 1 0 1 0 )
*----------*

and doesn't hang when used with flashrom (that from my understanding was the issue indicated in this thread)

$ sudo flashrom -p buspirate_spi:dev=/dev/ttyUSB0
flashrom v1.2 on Linux 5.6.0-1028-oem (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.

(I also tried using different speeds for SPI but without any improvements).

Lastly I tried to issue some manual commands found in unknown forum in order to understand if it's the Bus Pirate itself burned and I discovered that the chip interacts correctly

SPI>W
POWER SUPPLIES ON
Clutch engaged!!!
SPI>[0x9f r:3]
/CS ENABLED
WRITE: 0x9F 
READ: 0xE0 0x40 0x14 
/CS DISABLED
SPI>[0x90 0x00 0x00 0x00 r:2]
/CS ENABLED
WRITE: 0x90 
WRITE: 0x00 
WRITE: 0x00 
WRITE: 0x00 
READ: 0xE0 0x13 
/CS DISABLED

I would like to know if there is something obvious that I'm missing or it's (a new) bug and in case if someone gives me some indications I could also fix it.

[gipi]

I tried to look a little bit into the flashrom code, comparing the setup of the Bus Pirate in it with a hand made script and I found that with the following change in the file buspirate_spi.c (function buspirate_spi_init())

	/* Set SPI config: output type, idle, clock edge, sample */
-	bp_commbuf[0] = 0x80 | 0xa;
+	bp_commbuf[0] = 0x80 | 0x8;

a flash device is found. It's configuration related with the CKE configuration parameter.

BTW it seems strange that such code, that appears to be pretty "old", haven't caused problem before.

[wakass]

I tried to look a little bit into the flashrom code, comparing the setup of the Bus Pirate in it with a hand made script and I found that with the following change in the file buspirate_spi.c (function buspirate_spi_init())

	/* Set SPI config: output type, idle, clock edge, sample */
-	bp_commbuf[0] = 0x80 | 0xa;
+	bp_commbuf[0] = 0x80 | 0x8;

a flash device is found. It's configuration related with the CKE configuration parameter.

BTW it seems strange that such code, that appears to be pretty "old", haven't caused problem before.

Worked for me as well. 👍

[rub3rth]

I'll bump this if that's allright
I have the same problem but no fixes mentioned in this thread works, does anybody have an idea on where this issue stands today? I'm on a 3.5 board and the "S_1-28102018.hex " firmware linked in this thread and I can't get flashrom to read any chips.
I'm trying with a couple, all of them listed as supported in flashrom. I've tried with virtually every firmware version I've found and all flashrom versions available both with and without the change in buspirate_spi.c mentioned by @gipi but nothing works (except for version 1.2, for some reason it doesn't compile but throws an error regarding const to enum conversion). Has anybody gotten this to work lately?

[AreYouLoco]

I had the same problems with flashrom. I used buspirate just yesterday. I ended up with I think version 6.3beta that was the last one that worked with flashrom. When I am back from work I could send it to you. But I think its in repo.

…

On February 4, 2022 9:01:46 AM UTC, rub3rth ***@***.***> wrote: I'll bump this if that's allright I have the same problem but no fixes mentioned in this thread works, does anybody have an idea on where this issue stands today? I'm on a 3.5 board and the "S_1-28102018.hex " firmware linked in this thread and I can't get flashrom to read any chips. I'm trying with a couple, all of them listed as supported in flashrom. I've tried with virtually every firmware version I've found and all flashrom versions available both with and without the change in buspirate_spi.c mentioned by @gipi but nothing works (except for version 1.2, for some reason it doesn't compile but throws an error regarding const to enum conversion). Has anybody gotten this to work lately?

[rub3rth]

Thanks for answering, I'll do another check with that firmware I guess. Did you use the latest version of flashrom, with or without any changes to the source?

[AreYouLoco]

I use flashrom from debian bookworm repository with no modifications to the package. Not sure which version is it.

…

On February 4, 2022 9:48:00 AM UTC, rub3rth ***@***.***> wrote: Thanks for answering, I'll do another check with that firmware I guess. Did you use the latest version of flashrom, with or without any changes to the source?

[rub3rth]

Allright I understand, well, I guess the only difference left would be version of the board? I have a v3.5, now loaded with 6.3beta and using the same flashrom - no device found still! Thanks for you help though, I'm all out of ideas
EDIT: Forget what I said, I tried with the wrong flashrom-binary after the firmware rollback, now it works!
If anyone should be in the same shoes, the 6.3beta firmware for the BPv3 works with the latest version of flashrom. Thank you so much for the help AreYouLoco!

[hassan-salloum]

@gipi i wold like to re-open this topic guys, i have similar issue :
I am capable to identify the the SPI flash ID =0x152020 (ST M25P16) manually:

but not with flashrom:

I am using kali linux:

And i am using bus-pirate:

any suggestion please ? also where can i found the : flashrom code, that you mentioned about
Thank you

[gipi]

@VraiHack the code is here