Hackability is always at odds with physical security.
The general rule of thumb for the security-paranoid is that once you lose sight of your device, you should assume it's been owned (any imaginable variant/combination of evil maid, DMA exploit thru a physical port, etc).
In recent years there has been a steady push to raise the bar (TPM, SecureBoot, etc). Whether that's effective for protecting the median user's privacy and security is a separate matter, but the side effect is of course that this is increasingly becoming a hurdle for power users, enthusiasts, OS developers, etc.
ARM Macs are at a very weird spot on this spectrum. On one hand, we have a new, bespoke, and undocumented system architecture, and keeping a macOS partition is a requirement to continue receiving firmware updates; on the other, Apple has left a clearly labeled escape hatch for OS developers, and kept it from accidentally breaking. You can't have a fully libre boot chain, but it's not like Lenovo (or most other PC vendors) would endorse that either.
Personal opinion: flash chips of all kinds should be write-protected so that even a clip flash does not work... but they should have an authentication mechanism with, say, a 64 bytes passphrase that the end-user gets on a keycard. That way you'd need a literal "evil maid" in the household of the owner to do any modifications that might compromise the device.
This is simultaneously complex, hostile to the consumer, and a non-solution to the given problem. Write protection protects the chip, not the computer. And, do you seriously expect anyone to remember where they put those cards? What happens when those computers get re-sold used, and the new owner doesn't get the card with the computer?
That doesnt solve stuff. I had to desolder the SOIC8 chip in an X220 because my programmer didnt like the power draw of the remaining attached circuitry that consumed additional power. I also upgraded OpenWrt Routers by soldering bigger RAM and bigger flash chips in the past
> I also upgraded OpenWrt Routers by soldering bigger RAM and bigger flash chips in the past
Sadly this is harder than it used to be because with devicetree the flash size is hardcoded, where before it was auto-detected (so previously you could swap the flash and continue to use stock firmware, not you need to compile custom firmware).
That just means the adversary will need to spend two dollars[0] and an extra 15 minutes replacing the flash IC, rather than reprogramming the existing device.
What you're describing isn't that much different than using cryptographic signatures. Give up control of the chip and let em write whatever they want to it, but only use the data if it was signed by some private key. This is better for libre too, because you can manage your own keys (presuming you can get root access to whatever low level controller reads and loads the flash).
From consumer electronics PoV, this is a complex and brittle measure; for simple on-board microcontrollers, write-protect could be established with a basic e-fuse. But even with e-fuses, we're talking fractions of a cent per unit, which adds up at scale - there will always be a cut-off point where a company will pursue margins instead.
These days most such chips have write protect in built in. They don't need efuses because they can just use flash bits and extra logic at negligible cost
I think that is nothing compared to what modern UEFI does. There are entire hardware drivers in UEFI. To protect against software evil maid attacks, you need to authenticate the device before you use it. So it has to be some type of challenge response protocol. It can be achieved with fido type keys or it can be HOTP/TOTP.
Fair point, we're already at the level of near full OS in the UEFI. Odds are good there's already full clock and crypto libs, so maybe it's not that much of an addition.
The general rule of thumb for the security-paranoid is that once you lose sight of your device, you should assume it's been owned (any imaginable variant/combination of evil maid, DMA exploit thru a physical port, etc).
In recent years there has been a steady push to raise the bar (TPM, SecureBoot, etc). Whether that's effective for protecting the median user's privacy and security is a separate matter, but the side effect is of course that this is increasingly becoming a hurdle for power users, enthusiasts, OS developers, etc.
ARM Macs are at a very weird spot on this spectrum. On one hand, we have a new, bespoke, and undocumented system architecture, and keeping a macOS partition is a requirement to continue receiving firmware updates; on the other, Apple has left a clearly labeled escape hatch for OS developers, and kept it from accidentally breaking. You can't have a fully libre boot chain, but it's not like Lenovo (or most other PC vendors) would endorse that either.