Relationship between AllowUnverifiedRo and software write protect

Support
5

Exact steps I took to best of my memory:

  1. use mrchromebox’s script to reflash the stock firmware (this was from the backup created by the script upon flashing the uefi firmware)
  2. script complained that it failed to re-enable software write protect (saying I might have to remove battery to make recovery work), but otherwise succeeded
  3. on first boot I got the the “scary” developer mode screen
  4. I inserted a recovery USB drive created from cros.tech
  5. reboot
  6. first recovery attempt failed at the very end
  7. I retried, this time it worked
  8. It booted into the normal (non-developer mode) setup.
  9. re-enabled developer mode
  10. issued ccd reset via Suzyqable
  11. tried to reboot but got nothing
  12. booted using the power button and f2 dance
  13. went into recovery mode and performed a WiFi recovery
  14. reboot didn’t work
  15. rebooted using power button and f2 dance
  16. it booted into non-developer mode
  17. reentered developer mode
  18. gsctool -a -o and pp button dance
  19. issued ccd reset factory via Suzyqable

next steps are troubleshooting:
20. flashrom --wp-region WP_RO --fmap
21. flashrom --wp-enable
22. successful reboot
23. set AllowUnverifiedRo:never
24. made sure to wait 15 minutes
25. successful boot
26. made the first post in this thread
27. flashrom --wp-disable
28. successful reboot
29. confusion
30. flashrom --wp-range 0,0
31. successful reboot
32. even more confusion
20. flashrom --wp-region WP_RO --fmap
21. flashrom --wp-enable

current flashrom --wp-status:

# flashrom --wp-status
flashrom v1.6.0-devel on Linux 6.6.88-08649-g7f9948e28f9a (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using default programmer "internal" with arguments "".
coreboot table found at 0x76845000.
Found chipset "Intel Alder Lake-N".
Enabling flash write... Warning: Setting BIOS Control at 0xdc from 0x8b to 0x89 failed.
New value is 0x8b.
SPI Configuration is locked down.
FREG0: Flash Descriptor region (0x00000000-0x00000fff) is read-only.
FREG1: BIOS region (0x003a0000-0x00ffffff) is read-write.
FREG2: Management Engine region (0x00001000-0x0039ffff) is read-only.
Not all flash regions are freely accessible by flashrom. This is most likely
due to an active ME. Please see https://flashrom.org/ME for details.
GPR0: Warning: 0x00001000-0x0014ffff is read-only.
At least some flash regions are write protected. For write operations,
you should use a flash layout and include only writable regions. See
manpage for more details.
OK.
Found GigaDevice flash chip "GD25Q128E/GD25B128E/GD25R128E/GD25Q127C" (16384 kB, Programmer-specific) on internal.
Protection range: start=0x00c00000 length=0x00400000 (upper 1/4)
Protection mode: hardware
SUCCESS

current ccd state:

ccd
State: Opened
Password: none
Flags: 0x00400004
Capabilities: 0x0000015555555555
  UartGscRxAPTx    Y 1=Always
  UartGscTxAPRx    Y 1=Always
  UartGscRxECTx    Y 1=Always
  UartGscTxECRx    Y 1=Always
  UartGscRxFpmcuTx Y 1=Always
  UartGscTxFpmcuRx Y 1=Always
  FlashAP          Y 1=Always
  FlashEC          Y 1=Always
  OverrideWP       Y 1=Always
  RebootECAP       Y 1=Always
  GscFullConsole   Y 1=Always
  UnlockNoReboot   Y 1=Always
  UnlockNoShortPP  Y 1=Always
  OpenNoTPMWipe    Y 1=Always
  OpenNoLongPP     Y 1=Always
  BatteryBypassPP  Y 1=Always
  I2C              Y 1=Always
  FlashRead        Y 1=Always
  OpenNoDevMode    Y 1=Always
  OpenFromUSB      Y 1=Always
  OverrideBatt     Y 1=Always
  AllowUnverifiedRo - 0=Default (Never)
Capabilities are modified.
TPM: dev_mode
Enabling fTPM on `roric` or `craasneto`