[EHL] FPT tool not working properly about slimbootloader HOT 5 CLOSED

Hi Sharkblue,

Please check Test ID SPI_07 in RDC# 617151 to know how to get FPT tool work.

from slimbootloader.

Hi Stanley,

From the Debug FSP log, if the SPI flash write protection was sucessful disabled? I just want to make sure.

I am following the instructions from "System Tools - Intel® Converged Security Engine Firmware 15.40 User guide" to run FPT.
I had look through the SPI_07 as you suggested.

by the log, the FPT fails on specific block 5644 when erase, if its conflict with "CSE manufacturing mode"?

ps: "mtdinfo /dev/mtd0" still show the device is "writeable: false"

from slimbootloader.

Hi Sharkblue,

You may misunderstand about the SPI flash write protection and FPT.

For SPI Flash Write Protection: Intel does not recommend any customer to disable it. Let me repeat what Maurice mentioned in a related thread first:.

For security concerns, SBL will lock down SPI flash write-protect at the end of Stage2 for normal boot flow.
And as a result, it prevents any SPI write access from OS or application. So flashrom won't work by default.

However, if you fully understand the security risk, or the platform is used in a debug / testing environment, and you want to allow runtime SPI write in OS, it is also possible to disable SPI write protection in SBL. But it is not recommended in production since any malware in OS might be able to write to the flash.

For FPT: FPT (in SPI_07 case) is to check the design of Flash Descriptor Override (per board).

from slimbootloader.

For further questions related to FPT, please file an IPS case, because FPT is not released by SBL project and the mix use of FPT with PchLockDownBiosInterface/PchLockDownBiosLock is not a standard use case so you may need some help from CSE team via IPS case.

from slimbootloader.

well, thanks a lot!

from slimbootloader.