What is SPI flash in BIOS firmware?

SPI flash is the non-volatile chip that stores platform firmware. It may contain BIOS/UEFI code, NVRAM or variable store data, flash layout information, and sometimes other regions such as ME or GbE depending on the platform.

When people say “flash the BIOS”, they often mean an update file. In real firmware debugging, you need to separate the SPI flash chip, full SPI image, Flash Descriptor, BIOS Region, Firmware Volume, and UEFI variable store.

What can SPI flash contain?

On many PC and embedded x86 platforms, SPI flash is split into regions.

Not every platform has all of these regions. ARM and embedded platforms may use different layouts, but the debugging principle is the same: identify whether the file is a full image, a region image, or a capsule.

From SPI flash to firmware module

Full SPI image, BIOS region image, and capsule

When you receive a .bin or .cap file, the first question should be: which layer does this file represent?

Common wrong-flash failures

Practical failures include:

• The flash tool reports success, but the board still runs the old firmware.
• A BIOS Region image is treated as a full SPI image.
• A full image from another board overwrites MAC, serial number, board ID, or calibration data.
• BIOS update preserves NVRAM, so old BootOrder or Setup problems remain.
• A capsule is flashed raw and the platform no longer recognizes it correctly.
• Descriptor or protected ranges block writes, but the tool log is not clear enough.

Real debug case: flashing succeeds but the version does not change

You flash a file with a vendor tool or programmer. The tool reports success, but BIOS Setup still shows the old version.

Check in this order:

1. Identify whether the file is a capsule, BIOS region, or full SPI image.
2. Read back SPI flash after programming and compare bytes.
3. Check whether the write offset matches BIOS Region.
4. Check descriptor access, BIOS lock, and protected ranges.
5. Check whether the platform has dual BIOS, backup bank, or recovery bank.
6. Check which FV or variable BIOS Setup reads for the version string.
7. If update preserves NVRAM, check whether the version string is code data or variable data.

What to look for in source or tool logs

Security angle

SPI flash stores code and policy that run before the OS. If region protection is too open, a buggy tool or attacker may write BIOS Region or NVRAM. If the lock policy is too early or too strict, legitimate updates may fail. Review update flow, SMM write path, descriptor permissions, and protected ranges together.

Takeaway

SPI flash is the physical storage layer for firmware, but it contains several logical layers. When debugging BIOS update or firmware image issues, first identify the scope: full SPI, BIOS Region, FV, FFS, or capsule. Many “flash did not work” bugs are actually wrong-layer or wrong-region bugs.

☕ Ủng hộ tác giả

Nếu bài viết hữu ích, một ly cà phê nhỏ sẽ giúp mình tiếp tục viết thêm nội dung chất lượng.

MoMo

QR image
/images/support/momo-qr.png

PayPal

QR image
/images/support/paypal-qr.png

PayPay

QR image
/images/support/paypay-qr.png

Mở app MoMo → Mở PayPal → PayPayで送る →

Trên điện thoại, hãy nhấn nút bên dưới mỗi QR để mở app thanh toán.