Recovering a bricked EFI
The EFI can be read and written using the stock operating system on a joggler with only a usb key and the "telnet hack".
To obtain the current EFI binary
modprobe fh dd if=/dev/fh of=/path/to/somefile
Note that a likely candidate for the destination is /mnt/efi.bin. /mnt is ro by default so you will need to unmount and remount it manually (for some reason the remount command (mount -o remount -o rw /mnt) does not work).
umount /mnt mount /dev/sda1 /mnt
To write to the EFI flash
Use with extreme care - don't use if you don't understand what this does!.
if you have not done so since boot you need to :
Then to write :
dd if=/path/to/some/file of=/dev/fh count=1 bs=1024k
Now, you probably came here because your EFI is "bricked".
To "unbrick" you need to have another similar or identical device that boots.
You must disassemble both devices and remove the bricked flash chip from the socket on the underside of the PCB, the latch pushes inward (away from the edge of the PCB) a small amount and then lifts.
Have the working device disassembled and boot it - this must be done fairly rapidly as the CPU and chipset are not being cooled by the heatsink. After a few seconds, flip out the flash chip and pop the bricked one in observing correct orientation. Now place the PCB back against the heatsink. Login via telnet once fully booted and use the above commands to flash the chip from your backup. You can now verify this chip works once again by rebooting.
It's probably a good idea to leave the devices in pieces if you intend to carry on activities liable to brick them again - or you will soon wear out the plastic lugs into which the screws fasten.