diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/hcl/c201.html | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/docs/hcl/c201.html b/docs/hcl/c201.html index 5a163b2..995cee1 100644 --- a/docs/hcl/c201.html +++ b/docs/hcl/c201.html @@ -51,7 +51,6 @@ <div class="section"> <ul> - <li><a href="#thescrew">Flash chip write protection: the screw</a></li> <li><a href="#googlebastards">Google is bad. We do not endorse them.</a></li> <li><a href="#os">Replace ChromeOS immediately!</a></li> <li><a href="#videoblobs">Caution: Video acceleration requires a blob. Do not install it. Use software rendering.</a></li> @@ -59,30 +58,9 @@ <li><a href="#ec">EC firmware is free software!</a></li> <li><a href="#microcode">No microcode!</a></li> <li><a href="#depthcharge">Depthcharge payload</a></li> + <li><a href="#thescrew">Flash chip write protection: the screw</a></li> </ul> </div> - - - <div class="section"> - <h1 id="thescrew">Flash chip write protection: the screw</h1> - <p> - It's next to the flash chip. Unscrew it, and the flash chip is read-write. Screw it back in, and the flash chip is read-only. - It's called the screw. - </p> - <p> - <i>The screw</i> is accessible by removing other screws and gently prying off the upper shell, where the flash chip and the screw - are then directly accessible. User flashing from software is possible, without having to externally re-flash, but the flash chip - is SPI (SOIC-8 form factor) so you can also externally re-flash if you want to. In practise, you only need to externally re-flash - if you brick the laptop; read <a href="../install/bbb_setup.html">../install/bbb_setup.html</a> for an example of how to set up - an SPI programmer. - </p> - <p> - Write protection is useful, because it prevents the firmware from being re-flashed by any malicious software that - might become executed on your GNU/Linux system, as root. In other words, it can prevent a firmware-level <i>evil maid</i> attack. It's - possible to write protect on all current libreboot systems, but chromebooks make it easy. The screw is such a stupidly - simple idea, which all laptop designs should implement. - </p> - </div> <div class="section"> <h1 id="googlebastards">Google is bad. We do not endorse them.</h1> @@ -302,6 +280,27 @@ </div> <div class="section"> + <h1 id="thescrew">Flash chip write protection: the screw</h1> + <p> + It's next to the flash chip. Unscrew it, and the flash chip is read-write. Screw it back in, and the flash chip is read-only. + It's called the screw. + </p> + <p> + <i>The screw</i> is accessible by removing other screws and gently prying off the upper shell, where the flash chip and the screw + are then directly accessible. User flashing from software is possible, without having to externally re-flash, but the flash chip + is SPI (SOIC-8 form factor) so you can also externally re-flash if you want to. In practise, you only need to externally re-flash + if you brick the laptop; read <a href="../install/bbb_setup.html">../install/bbb_setup.html</a> for an example of how to set up + an SPI programmer. + </p> + <p> + Write protection is useful, because it prevents the firmware from being re-flashed by any malicious software that + might become executed on your GNU/Linux system, as root. In other words, it can prevent a firmware-level <i>evil maid</i> attack. It's + possible to write protect on all current libreboot systems, but chromebooks make it easy. The screw is such a stupidly + simple idea, which all laptop designs should implement. + </p> + </div> + + <div class="section"> <p> Copyright © 2015 Francis Rowe <info@gluglug.org.uk><br/> |