"It’s true that Apple goes to great lengths to lock down their devices from attackers, but like with Google and other proprietary vendors, those locks also lock you out."
@alcinnz I really wish the Chromebook's firmware write disabling screw was on more devices 😑. (but ChromeOS sucks. I run a real OS on mine)
yes, it means evil maid attacks are possible, but I want to rewrite my bootloaders if I want to, dammit!
@ddipaola That screw sounds like a good idea. So you screw it in and it'll block your BIOS settings changing until you unscrew it?
@alcinnz yep! the screw is in by default and bridges two pads on the PCB that forces the write pin of the SPI flash ROM (containing the firmware) to "off". when the user wants to enable firmware writes, remove the screw, then put it back in to guarantee that even malware with root access can't flash the chip!
@alcinnz citation on the write-protect screw: https://libreboot.org/docs/install/c201.html#removing-the-write-protect-screw