Hi,

On Wed, Nov 24, 2021 at 05:37:05PM +0100, Francisco Blas Izquierdo Riera (klondike) wrote:

Currently, the vendor ID reported by the chipset is checked before to
avoid accidentally programming devices from unsupported vendors with
a different NVM structure.

Certain Thunderbolt devices store the vendor ID in the NVM, therefore
if the NVM has become corrrupted the device will report an invalid
vendor ID and reflashing will be impossible on GNU/Linux even if the
device can boot in safe mode.

How this can happen? The NVM upgrade verifies the signature of the new
NVM and does not allow upgrade if it does not match. Only way I can see
this happens is that the NVM is flashed directly to the flash chip
through some external tool like dediprog, or the NVM was corrupted
before it was signed at Intel which should not happen either (but OK,
mistakes can happen).

Can you give some more details about the issue? Which device it is and
how did the NVM ended being invalid?