It's not a screw in Chromebooks any more, see vadim's excellent OSFC.io talk on how it works now.
I think the momentary switch would not be acceptable to anyone for cost and reliability reasons. The way chromebooks do the protection now is really well done. On Sat, Sep 29, 2018 at 8:26 AM Nico Huber <[email protected]> wrote: > On 9/28/18 4:18 AM, Sam Kuper wrote: > > On 28/09/2018, Peter Stuge <[email protected]> wrote: > >> Youness Alaoui wrote: > >>> avoid any malware writing to the flash > >> > >> Just disallow flash writes by the platform. Allow flash writes only > >> by dedicated hardware (maybe ChromeEC?) which implements a simple and > >> efficient security protocol. > > > > Relevant URL: > https://www.chromium.org/chromium-os/ec-development#TOC-Write-Protect > > This seems to state the opposite of what Peter suggested, i.e. the host > firmware is responsible of validating the EC firmware('s update) and > not the other way around. IMHO, a good idea. > > Nico > > -- > coreboot mailing list: [email protected] > https://mail.coreboot.org/mailman/listinfo/coreboot >
-- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
