Flashrom

Flashrom is a free and open-source utility for detecting, reading, writing, verifying, and erasing flash chips used in computers and embedded systems. It originated as a tool to recover and update firmware on motherboards and devices and has since been adopted by engineers, sysadmins, hardware hackers, and preservationists. The project is notable for broad hardware support, cross-platform portability, and a developer base drawn from multiple technical communities.

Overview

Flashrom began as a collaborative effort among independent developers, firmware reverse engineers, and contributors from projects such as OpenBSD, FreeBSD, and Linux kernel developers. Its goals align with initiatives from groups like Electronic Frontier Foundation advocates, archival efforts by institutions similar to the Library of Congress, and repair movements exemplified by iFixit. The software interfaces with vendors' flash devices used by manufacturers including Intel Corporation, AMD, Dell Technologies, Lenovo Group Limited, and HP Inc., and it has been referenced in security analyses by researchers associated with outfits like Google Project Zero and academic teams from Massachusetts Institute of Technology, University of Cambridge, and Carnegie Mellon University. Flashrom's roadmap and usage have intersected with standardization discussions at venues akin to Linux Foundation events and hardware initiatives such as Open Compute Project.

Features and Supported Hardware

Flashrom supports a wide array of flash chip families and programmers. It can operate with SPI flash chips from manufacturers like Winbond, Micron Technology, Samsung Electronics, STMicroelectronics, and Atmel (now Microchip Technology). Programmer hardware interfacing with Flashrom includes devices from Total Phase, Bus Pirate, Arduino, GoodFET, PX4, CH341A clones, and dedicated tools like the Dediprog series and TL866. Supported platforms range from x86 and ARM boards such as Raspberry Pi, BeagleBone Black, Intel NUC, and systems from ASUS, Gigabyte Technology, and Supermicro. The utility handles various buses and controllers including SPI controllers in chipsets from Intel Corporation southbridges, LPC interfaces found on Super I/O chips like those made by ITE Tech, and external interfaces via USB controllers from FTDI and Prolific Technology. Use cases include BIOS and UEFI firmware flashing on systems from Phoenix Technologies and American Megatrends, recovery of corrupted boot firmware on devices sold by Acer Inc. and Samsung Electronics, and firmware extraction in embedded platforms by vendors such as Texas Instruments and NXP Semiconductors. Flashrom's chip database and detection mechanisms reference datasheets and programming algorithms similar to those produced by JEDEC committees.

Installation and Usage

Installation pathways include building from source with toolchains provided by distributions like Debian, Ubuntu, Fedora Project, Arch Linux, openSUSE, and ports systems in FreeBSD and NetBSD. Prebuilt packages are sometimes available via repositories maintained by organizations such as Gentoo, NixOS, and Homebrew communities. Typical usage involves invoking the command-line client on systems running kernels like Linux kernel or kernels from FreeBSD projects, specifying programmer hardware or native kernel drivers produced by vendors including Intel Corporation or controller projects like spi-dev. Common workflows demonstrated at conferences like DEF CON, Black Hat, and USENIX include reading flash dumps, verifying images against known-good firmware from vendors like Dell Technologies or Lenovo Group Limited, and writing recovery images for devices manufactured by ASUS or HP Inc.. Advanced usage often pairs Flashrom with tools from Binwalk, U-Boot, and Coreboot for tasks such as extracting firmware components, building replacement firmware, or integrating with bootloader projects authored by contributors from organizations like Google LLC and academic labs.

Development and Community

Development takes place in distributed version control systems and collaboration platforms used by projects such as GitLab, GitHub, and mailing lists in the style of LKML conversations. Contributors have backgrounds in companies and institutions including Red Hat, Canonical (company), Intel Corporation, Broadcom Inc., ARM Holdings, and universities like ETH Zurich and Princeton University. The community engages at technical conferences such as FOSDEM, Chaos Communication Congress, and Linux Plumbers Conference. Documentation practices mirror efforts by projects like GNU Project documentation, and continuous integration and testing are sometimes carried out using infrastructure from Jenkins and container technologies like Docker and Kubernetes. The project coordinates with complementary initiatives including Coreboot, TianoCore, and reverse-engineering groups associated with REcon.

Security and Legal Issues

Flashing firmware entails risks and legal considerations that have been debated in contexts similar to DMCA exemptions, WIPO discussions, and right-to-repair legislation championed in jurisdictions such as United States, European Union, and United Kingdom. Security researchers from institutions like Google Project Zero, University of California, Berkeley, and private firms such as Qualys and Rapid7 have used Flashrom in vulnerability research into firmware attack surfaces found in platforms by Intel Corporation and AMD. The tool can aid both benign recovery and malicious tampering; therefore, usage policies in corporate environments from companies like Microsoft and Apple Inc. often restrict firmware modification to approved workflows. Responsible disclosure practices promoted by organizations including FIRST and CERT Coordination Center apply when Flashrom-based research reveals vulnerabilities. Legal risk also arises when interacting with proprietary firmware images produced by vendors such as Phoenix Technologies or American Megatrends', and operators should consider licensing and warranty implications set by manufacturers like Dell Technologies and HP Inc..

Category:Free software