aboutsummaryrefslogtreecommitdiff
path: root/docs/hcl/c201.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/hcl/c201.html')
-rw-r--r--docs/hcl/c201.html45
1 files changed, 22 insertions, 23 deletions
diff --git a/docs/hcl/c201.html b/docs/hcl/c201.html
index 5a163b2a..995cee19 100644
--- a/docs/hcl/c201.html
+++ b/docs/hcl/c201.html
@@ -51,7 +51,6 @@
<div class="section">
<ul>
- <li><a href="#thescrew">Flash chip write protection: the screw</a></li>
<li><a href="#googlebastards">Google is bad. We do not endorse them.</a></li>
<li><a href="#os">Replace ChromeOS immediately!</a></li>
<li><a href="#videoblobs">Caution: Video acceleration requires a blob. Do not install it. Use software rendering.</a></li>
@@ -59,30 +58,9 @@
<li><a href="#ec">EC firmware is free software!</a></li>
<li><a href="#microcode">No microcode!</a></li>
<li><a href="#depthcharge">Depthcharge payload</a></li>
+ <li><a href="#thescrew">Flash chip write protection: the screw</a></li>
</ul>
</div>
-
-
- <div class="section">
- <h1 id="thescrew">Flash chip write protection: the screw</h1>
- <p>
- It's next to the flash chip. Unscrew it, and the flash chip is read-write. Screw it back in, and the flash chip is read-only.
- It's called the screw.
- </p>
- <p>
- <i>The screw</i> is accessible by removing other screws and gently prying off the upper shell, where the flash chip and the screw
- are then directly accessible. User flashing from software is possible, without having to externally re-flash, but the flash chip
- is SPI (SOIC-8 form factor) so you can also externally re-flash if you want to. In practise, you only need to externally re-flash
- if you brick the laptop; read <a href="../install/bbb_setup.html">../install/bbb_setup.html</a> for an example of how to set up
- an SPI programmer.
- </p>
- <p>
- Write protection is useful, because it prevents the firmware from being re-flashed by any malicious software that
- might become executed on your GNU/Linux system, as root. In other words, it can prevent a firmware-level <i>evil maid</i> attack. It's
- possible to write protect on all current libreboot systems, but chromebooks make it easy. The screw is such a stupidly
- simple idea, which all laptop designs should implement.
- </p>
- </div>
<div class="section">
<h1 id="googlebastards">Google is bad. We do not endorse them.</h1>
@@ -302,6 +280,27 @@
</div>
<div class="section">
+ <h1 id="thescrew">Flash chip write protection: the screw</h1>
+ <p>
+ It's next to the flash chip. Unscrew it, and the flash chip is read-write. Screw it back in, and the flash chip is read-only.
+ It's called the screw.
+ </p>
+ <p>
+ <i>The screw</i> is accessible by removing other screws and gently prying off the upper shell, where the flash chip and the screw
+ are then directly accessible. User flashing from software is possible, without having to externally re-flash, but the flash chip
+ is SPI (SOIC-8 form factor) so you can also externally re-flash if you want to. In practise, you only need to externally re-flash
+ if you brick the laptop; read <a href="../install/bbb_setup.html">../install/bbb_setup.html</a> for an example of how to set up
+ an SPI programmer.
+ </p>
+ <p>
+ Write protection is useful, because it prevents the firmware from being re-flashed by any malicious software that
+ might become executed on your GNU/Linux system, as root. In other words, it can prevent a firmware-level <i>evil maid</i> attack. It's
+ possible to write protect on all current libreboot systems, but chromebooks make it easy. The screw is such a stupidly
+ simple idea, which all laptop designs should implement.
+ </p>
+ </div>
+
+ <div class="section">
<p>
Copyright &copy; 2015 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>