libreboot

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit 6bc8463ed5b019bd63b8e652974f05389ab5b39f
parent 4a88928776a188f5c77839605b0f4fa43d268165
Author: Francis Rowe <info@gluglug.org.uk>
Date:   Tue, 13 Oct 2015 04:29:14 +0100

docs/hcl/c201.html: talk about the screw at the bottom of the page

Diffstat:
docs/hcl/c201.html | 45++++++++++++++++++++++-----------------------
1 file changed, 22 insertions(+), 23 deletions(-)

diff --git a/docs/hcl/c201.html b/docs/hcl/c201.html @@ -51,7 +51,6 @@ <div class="section"> <ul> - <li><a href="#thescrew">Flash chip write protection: the screw</a></li> <li><a href="#googlebastards">Google is bad. We do not endorse them.</a></li> <li><a href="#os">Replace ChromeOS immediately!</a></li> <li><a href="#videoblobs">Caution: Video acceleration requires a blob. Do not install it. Use software rendering.</a></li> @@ -59,30 +58,9 @@ <li><a href="#ec">EC firmware is free software!</a></li> <li><a href="#microcode">No microcode!</a></li> <li><a href="#depthcharge">Depthcharge payload</a></li> + <li><a href="#thescrew">Flash chip write protection: the screw</a></li> </ul> </div> - - - <div class="section"> - <h1 id="thescrew">Flash chip write protection: the screw</h1> - <p> - It's next to the flash chip. Unscrew it, and the flash chip is read-write. Screw it back in, and the flash chip is read-only. - It's called the screw. - </p> - <p> - <i>The screw</i> is accessible by removing other screws and gently prying off the upper shell, where the flash chip and the screw - are then directly accessible. User flashing from software is possible, without having to externally re-flash, but the flash chip - is SPI (SOIC-8 form factor) so you can also externally re-flash if you want to. In practise, you only need to externally re-flash - if you brick the laptop; read <a href="../install/bbb_setup.html">../install/bbb_setup.html</a> for an example of how to set up - an SPI programmer. - </p> - <p> - Write protection is useful, because it prevents the firmware from being re-flashed by any malicious software that - might become executed on your GNU/Linux system, as root. In other words, it can prevent a firmware-level <i>evil maid</i> attack. It's - possible to write protect on all current libreboot systems, but chromebooks make it easy. The screw is such a stupidly - simple idea, which all laptop designs should implement. - </p> - </div> <div class="section"> <h1 id="googlebastards">Google is bad. We do not endorse them.</h1> @@ -302,6 +280,27 @@ </div> <div class="section"> + <h1 id="thescrew">Flash chip write protection: the screw</h1> + <p> + It's next to the flash chip. Unscrew it, and the flash chip is read-write. Screw it back in, and the flash chip is read-only. + It's called the screw. + </p> + <p> + <i>The screw</i> is accessible by removing other screws and gently prying off the upper shell, where the flash chip and the screw + are then directly accessible. User flashing from software is possible, without having to externally re-flash, but the flash chip + is SPI (SOIC-8 form factor) so you can also externally re-flash if you want to. In practise, you only need to externally re-flash + if you brick the laptop; read <a href="../install/bbb_setup.html">../install/bbb_setup.html</a> for an example of how to set up + an SPI programmer. + </p> + <p> + Write protection is useful, because it prevents the firmware from being re-flashed by any malicious software that + might become executed on your GNU/Linux system, as root. In other words, it can prevent a firmware-level <i>evil maid</i> attack. It's + possible to write protect on all current libreboot systems, but chromebooks make it easy. The screw is such a stupidly + simple idea, which all laptop designs should implement. + </p> + </div> + + <div class="section"> <p> Copyright &copy; 2015 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>