add some warning to the t480 board config about the TPM GPIO reset attack

https://mkukri.xyz/2024/06/01/tpm-gpio-fail.html
Signed-off-by: gaspar-ilom <gasparilom@riseup.net>

boards/t480-hotp-maximized/t480-hotp-maximized.config

@@ -1,5 +1,12 @@
 # Configuration for a T480 running Qubes 4.2.3 and other Linux Based OSes (through kexec)
 #
+# CAVEATS:
+# This board is vulnerable to a TPM reset attack, i.e. the PCRs are reset while the system is running.
+# This attack can be used to bypass measured boot when an attacker succeeds at modifying the SPI flash.
+# Also it can be used to extract FDE keys from a TPM.
+# The related coreboot issue contains more information: https://ticket.coreboot.org/issues/576
+# Make sure you understand the implications of the attack for your threat model before using this board.
+#
 # Includes
 # - Deactivated+neutered+deguarded ME and expanded consequent IFD BIOS regions 
 # - Forged GBE MAC address to 00:DE:AD:C0:FF:EE MAC address (if not extracting gbe.bin from backup with blobs/xx80/extract.sh)

boards/t480-maximized/t480-maximized.config

@@ -1,5 +1,12 @@
 # Configuration for a T480 running Qubes 4.2.3 and other Linux Based OSes (through kexec)
 #
+# CAVEATS:
+# This board is vulnerable to a TPM reset attack, i.e. the PCRs are reset while the system is running.
+# This attack can be used to bypass measured boot when an attacker succeeds at modifying the SPI flash.
+# Also it can be used to extract FDE keys from a TPM.
+# The related coreboot issue contains more information: https://ticket.coreboot.org/issues/576
+# Make sure you understand the implications of the attack for your threat model before using this board.
+#
 # Includes
 # - Deactivated+neutered+deguarded ME and expanded consequent IFD BIOS regions 
 # - Forged GBE MAC address to 00:DE:AD:C0:FF:EE MAC address (if not extracting gbe.bin from backup with blobs/xx80/extract.sh)