Oh boy, lots of emails to answer! So first, thanks for everyone who shared their input, I very much appreciate it.
> I think you can decide what hardware your products include, right? I meant dedicated hardware on the mainboard. Yes, but I'm currently looking for a solution to existing hardware, not for the next laptop Purism produces. And by 'dedicated hardware' I thought you meant only allow users to update their BIOS using an external SPI flasher, which would be impractical of course. > > > > It's not just the part. A single simple part like that has all kinds of > > follow-on effects that are not obvious unless you've been at a company > > which designs and builds consumer electronics. > > Thank you for the perspective. I do understand that changing one > component can affect others. > > Purism isn't a typical laptop company. The addition of hardware > switches, to control webcam, mic and Wi-Fi, is one of the USPs for > their Librem models. These undoubtedly had knock-on effects for the > BOM. Purism was undeterred by that. In that context... > > I'm just asking for one more switch. > > So, Youness and others at Purism: if you are reading this, please do > spec a momentary switch to control flashing on future Librems. Your > security-conscious users will thank you for it. Yes, I already suggested it for the next iteration. It wouldn't be a switch though, but rather a low profile 90-degrees jumper on the motherboard. As for your question earlier about someone forgetting it. I would assume that it would be easy to have the Heads menu show a big warning to the user if it's left unprotected (I assume there would be a way to detect if WP# is 1/0 through a GPIO (or other method) without being able to use that GPIO to override the WP# value). Right now, if you boot into linux while ignoring tampering, you get your ttys in red, as a huge and very visible warning. Also, yes Sam, you did understand me perfectly, thanks! > > -- > coreboot mailing list: [email protected] > https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
