-
-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to disable "SPI PR0 platform lockdown call" - SPI write protection from OS' flashrom #1657
Comments
@fhvyhjriur The Platform Locking PR0 (PR "zero") is enabled from Heads just before booting the final OS, preventing the OS from being able to write into SPI flash. This means that Heads is considered the only "internal flasher" (through GUI/recovery shell) unless deactivated through configuration options for a single boot so the final OS can write to flash. The idea with Heads with its internal flasher comes with its included tooling. Otherwise, if you really want to do that from final OS, requiring the OS to be booted with |
Crosslinked #1373 here for consistency and modified its OP post to point to screenshots showing UX to deactivate this if needed for single boot session. @fhvyhjriur closing this issue. Feel free to tag me if you disagree with the decision "closed as completed" If this is considered a documentation issue, feel free to propose improvements instead as a PR against heads-wiki project. Thank you. |
Thanks for showing me the ability to disable it like show in the pictures here #1373 (comment) Could you link #1373 (comment) somewhere on the website here? https://osresearch.net/Updating |
@fhvyhjriur ppease open seperately issues. Merged pull requests/closed issues are not the place to discuss issues or requests. Each things needing tracking should be seperated. If it's documentation related, it should be under heads-wiki. It should not be my burden to find things under closed pr/issues. If you are interested into a different outcome, you should be interested enough toake your issue visible and trackable to have a chance of being tackled in time. I opened #1665 I leave you with opening a documentation related issue under heads-wiki, or better, a pull request to fix the documentation with your own or the provided screenshot. Makes sense? |
I tried out current heads-maximized version on a Thinkpad X230. I like to flash with flashrom an other image, but this ability seem to be gone because now there is a SPI PRO lockdown call i can see in the logfiles.
It looks in the logfiles like when heads boot a OS, it enables this SPI lockdown. From the security point of view this is great functionality to have that was missing last time i tried out heads.
But now i cant flash own compiled coreboot images with flashrom like it was possible before.
I took a look a look at the FAQ https://osresearch.net/Updating#internal-flashing
I am not able to find information how to disable this SPI PRO lockdown call to flash with flashrom my own compiled images that are not maximized-images (i use "--image bios").
The text was updated successfully, but these errors were encountered: