Embedded Connectivity
Intel network controllers, Firmware, and drivers support systems
848 Discussions

How to disable flash security on I210

JWang114
Beginner
2,930 Views

Hi,

I try to disable flash security on I210 via Lanconfig tool. (Flash Validity and Protected Fields (Word 0x12) - bit 13 : NVM_SEC_EN)

And don't know how to do.

The NVM_SEC_EN original value on my I210 is disable (0b) , but when I try to flash other image , I forgot to edit the bit to 0b on the new image.

(The new image : Dev_Start_I210_Copper_NCSI_4Mb_A2_3.25_0.03.bin)

Once I flashed the new image with NVM_SEC_EN bit is 1b , I cannot choose write / erase / verify options in Lanconfig tool any more , also cannot change the bit due to its a read only bit.

And refer to I210 datasheet , I pulling down the pin 12 to disable the security mode then try to flash other image via Lanconfig , but the option of flash is gone.

I really no any idea for setting NVM_SEC_EN bit to 0b.

The only way is flashing original image via programmer?

 

Any help would be very thankful.

 

Best Regards

Jaba

 

0 Kudos
3 Replies
CarlosAM_INTEL
Moderator
1,143 Views

Hello jaba88,

Thank you for contacting the Intel Embedded Community,

In order to help you, please review the information related to the answer of the question 2.23 on page 11 of the http://www.intel.com/content/dam/www/public/us/en/documents/faqs/ethernet-controller-i210-i211-faq.pdf Intel(R) Ethernet Controller I210/I211 Frequently Asked Questions.

Please let us know if this information is useful to you.

Best Regards,

Carlos_A.

0 Kudos
JWang114
Beginner
1,143 Views

Hi Carlos A,

The document mention that "Pin 12 on the I210 is designated for the purpose of overriding the security feature. To override the security when it is in effect, a pull down resistor can be applied to that pin.".

It means when I pulling down pin 12 , I can change the bit of "NVM_SEC_EN" from 1b to 0b via Lanconfig tool?

But when I pulling pin 12 , my I210 will be a blank flash and not allow me to change any content of image even cannot flash to others image.

(In the other words, the option of flash is gone in Lanconfig when I pulling down pin 12.)

If I misunderstood anything ,please let me know.

Thank a lot!

0 Kudos
CarlosAM_INTEL
Moderator
1,143 Views

Hello jaba88,

Thanks for your update.

Pulling down pin 12 means a physical connection to GND on the NVM_SI pin. This is usually done with a jumper.

This cannot be done through Lanconf, as it is not a bit in the EEPROM image. Setting the NVM_SEC_EN bit actually breaks the security signing of the NVM image, invalidating the image.

If the FLASH chip is empty, we don't think it matters if the security is enabled (pin 12 being pulled high). If you have an existing image, then you can upgrade the NVM to a newer version without a PD on pin 12. Any other EEPROM changes need to have the pin pulled to GND.

Please let us know if this information is useful to you.

Best Regards,

Carlos_A.

0 Kudos
Reply