diff --git a/boards/t480-hotp-maximized/t480-hotp-maximized.config b/boards/t480-hotp-maximized/t480-hotp-maximized.config
index a04bf8ff..876c1482 100644
--- a/boards/t480-hotp-maximized/t480-hotp-maximized.config
+++ b/boards/t480-hotp-maximized/t480-hotp-maximized.config
@@ -1,5 +1,12 @@
 # Configuration for a T480 running Qubes 4.2.3 and other Linux Based OSes (through kexec)
 #
+# CAVEATS:
+# This board is vulnerable to a TPM reset attack, i.e. the PCRs are reset while the system is running.
+# This attack can be used to bypass measured boot when an attacker succeeds at modifying the SPI flash.
+# Also it can be used to extract FDE keys from a TPM.
+# The related coreboot issue contains more information: https://ticket.coreboot.org/issues/576
+# Make sure you understand the implications of the attack for your threat model before using this board.
+#
 # Includes
 # - Deactivated+neutered+deguarded ME and expanded consequent IFD BIOS regions 
 # - Forged GBE MAC address to 00:DE:AD:C0:FF:EE MAC address (if not extracting gbe.bin from backup with blobs/xx80/extract.sh)
diff --git a/boards/t480-maximized/t480-maximized.config b/boards/t480-maximized/t480-maximized.config
index 5e6a8d1e..71be0ed7 100644
--- a/boards/t480-maximized/t480-maximized.config
+++ b/boards/t480-maximized/t480-maximized.config
@@ -1,5 +1,12 @@
 # Configuration for a T480 running Qubes 4.2.3 and other Linux Based OSes (through kexec)
 #
+# CAVEATS:
+# This board is vulnerable to a TPM reset attack, i.e. the PCRs are reset while the system is running.
+# This attack can be used to bypass measured boot when an attacker succeeds at modifying the SPI flash.
+# Also it can be used to extract FDE keys from a TPM.
+# The related coreboot issue contains more information: https://ticket.coreboot.org/issues/576
+# Make sure you understand the implications of the attack for your threat model before using this board.
+#
 # Includes
 # - Deactivated+neutered+deguarded ME and expanded consequent IFD BIOS regions 
 # - Forged GBE MAC address to 00:DE:AD:C0:FF:EE MAC address (if not extracting gbe.bin from backup with blobs/xx80/extract.sh)