Protectli VP2410 - enabling SMM BIOS write protection causes firmware corruption

[pkubaj]

Component

Dasharo firmware

Device

Protectli VP2410

Dasharo version

1.1.0

Dasharo Tools Suite version

No response

Brief summary

enabling SMM BIOS write protection causes firmware corruption on VP2410

How reproducible

100%

How to reproduce

Enable SMM BIOS write protection from Dasharo Security Options, save (press F10) and reboot.

Expected behavior

Device should boot.

Actual behavior

Device doesn't boot, power cycling doesn't help.

Screenshots

No response

Additional context

No response

Solutions you've tried

Reflashing externally makes the board work again.

[miczyg1]

It seems like MSR_SPCL_CHIPSET_USAGE does not exist on APL/GLK yet, while it does on JSL/EHL already.

Skipping the write to the MSR allow to boot and still prevents writing to the BIOS region:

root@DasharoToolsSuite:~# flashrom -p internal -w /tmp/coreboot.rom --ifd -i bios     
flashrom v1.2-1037-g5b4a5b4 on Linux 5.15.36-yocto-standard (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
coreboot table found at 0x69a37000.
Found chipset "Intel Gemini Lake".
Enabling flash write... Warning: BIOS region SMM protection is enabled!
Warning: Setting BIOS Control at 0xdc from 0xaa to 0x89 failed.
New value is 0xaa.
SPI Configuration is locked down.
FREG0: Flash Descriptor region (0x00000000-0x00000fff) is read-write.
FREG1: BIOS region (0x00001000-0x006fefff) is read-write.
FREG5: Device Expansion region (0x006ff000-0x007fffff) is read-write.
PROBLEMS, continuing anyway
Found Programmer flash chip "Opaque flash chip" (8192 kB, Programmer-specific) on internal.
Reading ich descriptor... done.
Using region: "bios".
Reading old flash chip contents... done.
Erasing and writing flash chip... Transaction error between offset 0x00310000 and 0x0030ffff (= 0x00310000 + -1)!
Reading current flash chip contents... done. Looking for another erase function.
Looking for another erase function.
Looking for another erase function.
Looking for another erase function.
Looking for another erase function.
Looking for another erase function.
Looking for another erase function.
No usable erase functions left.
FAILED!
Uh oh. Erase/write failed. Checking if anything has changed.
Reading current flash chip contents... done.
Good, writing to the flash chip apparently didn't do anything.
This means we have to add special support for your board, programmer or flash
chip. Please report this to the mailing list at [email protected] or on
IRC (see https://www.flashrom.org/Contact for details), thanks!
-------------------------------------------------------------------------------
You may now reboot or simply leave the machine running.

Writes to SPI flash in SMM are not affected, as expected (tested by disabling SMM BWP from setup, which causes an SMMSTORE SMI to write to flash).