Thanks for the informative response kakaroto!
Isn’t there a cbmem command which will tell me if my most recent write was successful, and what the currently-installed version number is?
For example, if I update coreboot with a new version, I should be able to use cbmem to read whether the installed version of coreboot changed successfully, right? I realize that if the attacker was sophisticated enough then this too could be fake, but I think automatically updating the backdoored coreboot version based on previous flash attempts is probably too sophisticated an attack for me to worry about it being likely.
I appreciate your help!
Also, BTW:
According to other people at Purism, all i7-based 13-inch Librems are 13v3. So now I’m getting conflicting information on whether mine is 13v2 or 13v3 lol… But I was previously assured that mine was 13v3 because it uses a core i7, regardless of TPM.
I really hope my changelog suggestion can be considered so we don’t have this confusion with future librems. 