10 hours ago, Scott Robison said:
Modern systems have in large part (I think) migrated to more complicated hardware schemes so that there is room for multiple BIOS/ROM images in a single chip, so that in the event of an incomplete update, there is still a failsafe/unmodified version sitting next to the failed update. In the early days of field updatable chips, this was not the case. If you were only able to partially update the chip due to a power failure or some such, you very much would brick the device because you would have half of one BIOS and half of another (perhaps).
So the simple version would be a jumper to an EOR that inverts the high bit of the Flash ROM segment address, and a backup copy of system critical segments in segment 16 going up, so if you "brick" an update/mod, you move the jumper and the system boots?
Indeed, the "safe" update is to overwrite the backup copy, run the verify program, then switch the jumper and update the original updates. And the "safe" mod is to write the backups and switch the jumper and just don't mod the originals.
And if you got greedy and used those blocks for other thing, "oops, people shouldn't be greedy"?
Note that this assumes less than 16 segments of system critical segments, which I do indeed assume.