Long story short my BMC is corrupted on my SuperMicro motherboard causing me not to be able to POST. I am wondering if use of the Bus Pirate can help me reflash the BMC on the motherboard to fix it? Issue is I am not versed too well on this all, so any and all help for this would be appreciated!
2 Likes
Hi Aden,
Had to read up a bit on BMC.
It seems like the BMC has SPI flash, at least in theory.
I assume the flash is this 8 pin SOIC chip. Look for a largish 8 (could be 16) pin chip near the BMC, it probably says “Winbond” or is printed with a part number containing “25Q”
If the chip was in a socket it would be very easy to reprogram it with the flash command, assuming you can get the firmware in a raw unencrypted form.
However all the images I’ve seen show a surface mounted SOIC chip. Then you have two routes
- Unsolder the chip and program it in an adapter.
This is tricky because all the little 0201 and 1005 components surrounding it will just blow off the board unless you have some real skills. I’m sure I could not do it successfully without a lot of practice.
- Program it in circuit.
The issue here is that the BMC may be occupying/talking to the flash chip and then you won’t be able to program it successfully. You’d need to figure out how to hold the BMC or the whole motherboard in a reset state, then program the flash chip.
You can check the CS pin of the flash chip with a scope, logic analyzer or even a multimeter to see if it is twitching (being used by the BMC) or steady high (idle). Make note of the voltage because you’ll need to program it at the same voltage.
You might get lucky and the BMC reads the flash into RAM and then doesn’t touch the chip again, or maybe the corrupt state leaves the flash idle. In this case you can clip probe hooks onto the 4 SPI pins and program the firmware.
Isolating the flash so nothing else is trying to use it is the difficult part of in circuit programming, and a full suite of skills in its own right.
To summarize:
- If it has a common/typical SPI flash chip the Bus Pirate can program those in multiple ways (flash command, flashrom, etc), but programming is not the difficult part.
- Isolating the flash chip so you can do the programming is the difficult bit.
- You’d also need to confirm that you can get the firmware, either from the manufacturer or another working board of the same type. Manufacturers might do something sleazy like encrypt the firmware and decrypt via the BMC during updates.
2 Likes