general change to mac adress perserving flashing

Signed-off-by: nestire <hannes@nitrokey.com>

Author: nestire

About/Historical-Legacy-Migration.md

@@ -99,10 +99,18 @@ mount-usb
 flashprog -p internal -w /media/PathToMaximizedRom.rom
 ```
 
+on board with Intel based Ethernet you might want to use: 
+
+```
+sudo flashrom -p internal --ifd -i bios -i me -i fd -w /media/PathToMaximizedRom.rom
+```
+
+to perserve the orignal mac adresse
+
 **Note**: Use `flashprog` on newer Heads firmware (2025+) or `flashrom` on older firmware versions, depending on what is available in your Heads system.
 
 On next reboot, Heads would guide you into factory resetting your USB Security dongle or import your previously generated public key matching your USB Security dongle's private key.
 
 It would then regenerate a TOTP/HOTP secret and sign /boot content. You would then have to define a new default boot and optionally renew/change your Disk Unlock Key to be released to to OS to unlock your encrypted OS installation to move forward.
 
-In the case nothing was found installed on your disk, Heads would propose you to boot from USB to install a new Operating System, prior of being able to do the above steps prior of booting into your system.
+In the case nothing was found installed on your disk, Heads would propose you to boot from USB to install a new Operating System, prior of being able to do the above steps prior of booting into your system.

Installing-and-Configuring/Upgrading.md

@@ -64,6 +64,16 @@ If you are installing Heads for the first time, you will need to perform an exte
 - Verifying file integrity.
 - Preparing for external flashing.
 
+You can use this command
+```shell
+    sudo flashrom -p ch341a_spi -c YYY -w [HEADS_ROM]
+```
+On boards with Intel-based Ethernet, this will also overwrite the GbE region in the BIOS, which stores the MAC address of the chip, with a forged one (MAC: 00:DE:AD:C0:FF:EE). This has the privacy benefit that the chip uses this shared MAC so it can't be used as a personal identifier for this exact board. The downside is that this can create connectivity problems on local networks if other heads boards with the same MAC address are present. To preserve the original MAC address of the board, use:
+
+```shell
+    sudo flashrom -p ch341a_spi -c YYY --ifd -i bios -i me -i fd -w [HEADS_ROM]
+```
+
 **Note**: This process is only required for the initial installation of Heads.
 
 ---
@@ -121,8 +131,7 @@ If you need to validate the current firmware integrity against the last flashed
 **Note on `CONFIG_FLASH_OPTIONS`**:
 - The `CONFIG_FLASH_OPTIONS` variable specifies the board-specific flash options to ensure proper handling of SPI regions during flashing. These options are defined in the board's configuration file.
 - Boards may specify different SPI regions to flash. For example:
-  - The `novacustom-v540tu` board preserves the `GBE` (Gigabit Ethernet) region, ensuring the manufacturing MAC address remains intact.
-  - The `x230-hotp-maximized` board overwrites the entire SPI flash, including the `GBE` region, replacing it with a generic configuration.
+  - All boards with intel based ethernet chips preserves the `GBE` (Gigabit Ethernet) region, ensuring the MAC address remains intact.
 - To inspect the flash options for your board, use the `env` command in the recovery shell:
   ```shell
   env