USE THIS ASAP, NO MATTER WHETHER YOU ARE ENROLLED OR NOT.

you first have to disable WP, which can be done on most devices by booting the device with the battery disconnected (only before tsunami). if your board is dedede, you may need to use an alternative method; see here: Supported Devices

next, go into any root shell (it can be sh1mmer or the developer mode shell) and run this command:
/usr/share/vboot/bin/set_gbb_flags.sh 0x8090

do

Not

use "reset gbb flags" after this

now, you are free to enroll as much as you'd like, and you can unenroll again by simply using "unenroll" in sh1mmer and using these steps:

1. use "unenroll" in sh1mmer (it will show an error but that doesn't matter)

2. exit sh1mmer and boot up, press ctrl+d to enter developer mode

3. once it completes, use ctrl+alt+shift+r to powerwash

4. after powerwash, immediately go to the ctrl+alt+f2 (forward) shell, login as "root" and run these commands:
tpm_manager_client take_ownership # fuck reddit users xd
cryptohome --action=remove_firmware_management_parameters

both commands should say success, otherwise there has been an error and you should downgrade to v110 or lower

5. press ctrl+alt+f1 (back), use ctrl+alt+shift+r to powerwash again

6. profit

optionally, you can run this command to disable write protect permanently (or until FWMP is created again):
gsctool -a -F enable && reboot

if the command fails, it is either because WP is currently enabled or FWMP is present.

your device will reboot, and it will take up to 1 minute for it to boot up for some reason. it will also put you back into verified mode (this is a known issue)