@nicole.faerber Is there some technical documentation around this? I’ve never worked with firmware or hardware, but I am a software engineer, so perhaps I could give this a shot if you can give me some code pointers.
As far as the BIOS goes:
-
It does look like the ChromeOS version of flashrom supports write protect.
-
This issue on flashrom’s Github lists some flashrom forks forks with write-protect patches, including coreboot’s fork.
-
In May 2022, write protect support for some chips was upstreamed to the official flashrom repository.
PureBoot uses flashrom version b1f858, which is from Sept. 24, 2020. Is it just a matter of updating Purism’s flashrom fork to a recent commit, and adding the write-protect option to the command-line arguments in the flashing script?