Skip to content

Intel Flash regions

Introduction

In modern Intel platforms, the SPI flash is home to multiple different firmwares, and is shared between several masters. The SPI flash is divided into regions, each containing different firmware or configuration for a different purpose.

This document describes the intricacies of SPI flash regions and explains when and which regions to flash. This documentation is specific to Intel-based platforms and may not apply to all platforms.

Regions

Intel Flash Descriptor

The IFD region is always located in the first sectors of the SPI flash and contains the layout of the flash. It also describes the access permissions for each master (which may be the host processor, Intel ME, and Intel Gigabit Ethernet). It can be considered the "partition table" equivalent for SPI Flash.

On Dasharo platforms, this region is typically set to writable by the host processor, to allow certain features which require modifying the flash descriptor. Other, proprietary firmware implementations often lock this region, in which case external flashing is required.

To enable parsing of regions described by the IFD in flashrom, append --ifd to your flashrom command. This argument is required if you want to flash specific regions described by the IFD, like BIOS, ME, GBE or the IFD itself.

To include the IFD region in a flashrom read or write operation, append -i fd to your flashrom command

Intel Gigabit Ethernet

The Gigabit Ethernet (GbE) region is present on platforms which feature the Intel i219 series of network interfaces. This region describes the configuration of the network adapter, including the MAC address.

This region should not be touched unless necessary, for example, if you're trying to change the MAC address of the platform.

To include the GbE region in a flashrom read or write operation, append -i gbe to your flashrom command.

Intel Management Engine

The Management Engine (ME) region contains the ME's firmware and configuration. This region is updated as part of regular BIOS updates.

On Dasharo platforms, this region is typically left writable by the host to allow runtime firmware updates. On proprietary firmware implementations, this region may be read and / or write protected, in which case external flashing is required.

To include the ME region in a flashrom read or write operation, append -i me to your flashrom command.

BIOS

The BIOS region is where the host firmware resides. This region is updated as part of regular BIOS updates.

On Dasharo firmware, the region is typically unlocked for reading and flashing, but some parts of it may be write-protected using PRx registers.

If you have the following in your flashrom output:

PR0: Warning: 0x001c0000-0x01ffffff is read-only.

then part of the BIOS region is protected and is not writable. On Dasharo firmware, this lock can usually be disabled by disabling BIOS Boot Medium Lock in the UEFI setup menu. On proprietary firmware implementations, look for a similarly named option, but your mileage may vary. Otherwise, external flashing is required.

To include the BIOS region in a flashrom read or write operation, append -i bios to your flashrom command.