Update descriptions about e6400-flash-unlock

It also bypasses SMM BIOS lock protections by disabling SMIs
(Dell's BIOS doesn't set a certain bit in the chipset leaving
it vulnerable to this) in addition to telling the EC to set
the descriptor override.

site/docs/install/e6400.md

@@ -78,14 +78,16 @@ is included in that program's directory, or you can read it online here:
 
 <https://browse.libreboot.org/lbmk.git/plain/util/e6400-flash-unlock/README.md>
 
-Literally just run that program, and do what it says. You run it once, and
+Literally just run that program, and do what it says. You run it once, and shut
-shut down, and when you do, the system brings itself back up automatically.
+down, and when you do, the system brings itself back up automatically.  Then
-Then you run it and flash it unlocked. Then you run it again. The source code
+you run it and flash it unlocked. Then you run it again. The source code is
-is intuitive enough that you can easily get the gist of it; it's writing some
+intuitive enough that you can easily get the gist of it; it's writing some EC
-EC commands. The EC on this machine is hooked up to the `GPIO33` signal,
+commands and changing some chipset config bits. The EC on this machine is
-sometimes called `HDA_DOCK_EN`, which sets the flash descriptor override
+hooked up to the `GPIO33` signal, sometimes called `HDA_DOCK_EN`, which sets
-thus disabling any flash protection by the IFD - Dell's BIOS doesn't set any
+the flash descriptor override thus disabling any flash protection by the IFD.
-other type of protection either, such as writing to Protected Range registers.
+It also bypasses the SMM BIOS lock protection by disabling SMIs, and Dell's
+BIOS doesn't set any other type of protection either such as writing to
+Protected Range registers.
 
 With this method, you can probably flash it within 5 minutes. Again, zero
 disassembly required!

site/news/e6400.md

@@ -45,8 +45,9 @@ Software flashing possible! (no disassembly)
 
 tl;dr Nicholas is a genius, but he spent time studying the board, finding that
 the EC is hooked up to GPIO33 which allows for flash descriptor override. He
-successfully reverse engineered a command that can be used to disable
+successfully reverse engineered a command that can be used to disable IFD
-protections, allowing installation of Libreboot.
+protections, and discovered that the SMM BIOS lock protection could be
+bypassed, allowing installation of Libreboot.
 
 This is without needing to disassemble. No clip required.
 

site/news/libreboot20230423.md

@@ -86,12 +86,12 @@ Build system changes:
   in Parabola GNU+Linux, courtesy of Riku Viitanen (`Riku_V` on Libreboot IRC)
 * `util/nvmutil`: sorted includes alphabetically; `sys/` first (puffy!)
 * `util/e6400-flash-unlock`: New utility for Dell Latitude E6400 added, written
-  by Nicholas Chin (`nic3-14159` on Libreboot IRC). It writes EC commands to
+  by Nicholas Chin (`nic3-14159` on Libreboot IRC). It sends EC commands to
-  unlock the flash, pulling `GPIO33`/`HDA_DOCK_EN` to a low logic state. This
+  pull a GPIO connected to `GPIO33`/`HDA_DOCK_EN` in the chipset to a low logic
-  disables IFD-based flash protections. On Dell E6400, the EC is hooked up to
+  state, disabling IFD-based flash protections. Additionally, it bypasses the
-  GPIO33 and Dell's own BIOS offers no other protections, so the machine can
+  SMM BIOS lock protection by disabling SMIs, and since Dell's own BIOS offers
-  be flashed *entirely with software on the host CPU*, from Dell BIOS to
+  no other protections, the machine can be flashed *entirely with software on
-  Libreboot! See:
+  the host CPU*, from Dell BIOS to Libreboot! See:
   <https://browse.libreboot.org/lbmk.git/tree/util/e6400-flash-unlock>
 * GRUB payload: `grub.cfg` menu timeout now 30s, not 5s
 * `blobutil/download`: support downloading KBC1126-based EC firmware for HP