from what I recall, the driver was trying to be responsible and lock SPI write access by default, but due to the off-by-one, ended up setting the 'inverse' bit on the 2nd status register of some chips, which reversed the RO and RW regions of the chip. This naturally led to the EFI variables not being able to be saved/changed, the firmware not being able to be updated, and in some cases failure to boot due to either the ME or MRC regions being locked.
I ran into this issue on Braswell ChromeOS devices using W25Q64FV/DV compatible chips; my workaround was to modify Chromium flashrom to clear the inverse bit on devices with the 2nd status register when doing --wp-disable so I'd always be able to update the firmware on affected devices.
Nico -- did this ever get fixed in the upstream kernel? From what I saw, the "fixed" Ubuntu ISO simply omitted the driver in the kernel config/build