On 01/10/2018, Youness Alaoui <[email protected]> wrote: >> [...] Youness and others at Purism: if you are reading this, please do >> spec a momentary switch to control flashing on future Librems. Your >> security-conscious users will thank you for it. > > Yes, I already suggested it for the next iteration.
Great! > It wouldn't be a switch though, but rather a low profile 90-degrees > jumper on the motherboard. This seems to imply that each time a Librem user wants to internally flash the ROM, she would have to: - power down the laptop(?); - implement ESD precautions; - remove the half a dozen or so tiny bottom case screws, without losing them, and without stripping their heads or threads or threaded inserts; - remove the bottom case; - move a tiny motherboard jumper to "write-enable", without losing it; - power up the laptop with the bottom case off(?); - run FlashROM (or equivalent); - power down the laptop again(?); - move the tiny motherboard jumper to "write-protect", without losing it; - push-fit the bottom case correctly; - insert the half a dozen or so tiny bottom case screws, without losing them, and without stripping their heads or threads or threaded inserts; - power the laptop back up(?). Surely, having a momentary switch next to the existing kill switches would be *much* more user-friendly! With such a switch, such a user would just have to: - hold the switch down while starting Flashrom (or equivalent); - release the switch and let the flashing process finish. > As for your question earlier about someone forgetting it. I would > assume that it would be easy to have the Heads menu show a big warning > to the user if it's left unprotected Your assumption fails against a BadHeads attack. > Right now, if you boot into linux while ignoring tampering, you get > your ttys in red, as a huge and very visible warning. Only in the absence of BadHeads. > Also, yes Sam, you did understand me perfectly, thanks! Great! :) -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
