It seems that flashrom is able to flash the bios chip internally. This is
frightening. This means that malware or anything that gets sudo rights or
anyone who gets physical access to computer is able to rewrite the flash.
Dont say "if there is physical access to your computer, its game over" this is
now true. I have a way to tamper detect if the case was opened.
My question is. How can I make it where coreboot can only be flashed and
updated using the external SOIC clip on the bios chip? Without having to worry
about permanently locking it down. I want to be able to reflash coreboot and
seabios but only using an external flasher when needed. I want to block
internal flashing.
How can this be done? I have not found any documentation anywhere on how to do
this. The laptop is X220
Thank you
Sent with [ProtonMail](https://protonmail.com) Secure Email.
_______________________________________________
coreboot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
