not sure why you cut off the 2nd sentence to that question, it’s the larger impediment to validating the EC firmware.
on SPI flash chips, there are registers on the chips which allow for specific address ranges to be marked as protected/read-only, and a bit to enable/disable write protection. The !WP pin (active low) on the chip, when grounded, prevents writing to those registers. The DIP switches control the state of the !WP pin on the main firmware and EC firmware flash chips.
Now, we need a way to set the protected address ranges and enable write protection. That’s handled by flashrom, but the main (upstream) version we use doesn’t support this feature yet (it’s WIP). Google’s fork of flashrom does, but the implementation is messy and there’s a few other reasons we’re not using it.