diff options
Diffstat (limited to 'docs/security/dock.html')
-rw-r--r-- | docs/security/dock.html | 190 |
1 files changed, 0 insertions, 190 deletions
diff --git a/docs/security/dock.html b/docs/security/dock.html deleted file mode 100644 index 7657739..0000000 --- a/docs/security/dock.html +++ /dev/null @@ -1,190 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <meta charset="utf-8"> - <meta name="viewport" content="width=device-width, initial-scale=1"> - - <style type="text/css"> - @import url('../css/main.css'); - </style> - - <title>Notes about DMA and the docking station (X60/T60)</title> -</head> - -<body> - <div class="section"> - <h1>Notes about DMA and the docking station (X60/T60)</h1> - </div> - - <div class="section"> -<pre> - -Use case: ---------- -Usually when people do full disk encryption, it's not really full disk, -instead they still have a /boot in clear. - -So an evil maid attack can still be done, in two passes: -1) Clone the hdd, Infect the initramfs or the kernel. -2) Wait for the user to enter its password, recover the password, -luksOpen the hdd image. - -I wanted a real full-disk encryption so I've put grub in flash and I -have the following: The HDD has a LUKS rootfs(containing /boot) on an -lvm partition, so no partition is in clear. - -So when the computer boots it executes coreboot, then grub as a payload. -Grub then opens the LUKS partition and loads the kernel and initramfs -from there. - -To prevent hardware level tempering(like reflashing), I used nail -polish with a lot of gilder, that acts like a seal. Then a high -resolution picture of it is taken, to be able to tell the difference. - -The problem: ------------- -But then comes the docking port issue: Some LPC pins are exported -there, such as the CLKRUN and LDRQ#. - -LDRQ# is "Encoded DMA/Bus Master Request": "Only needed by -peripherals that need DMA or bus mastering. Requires an -individual signal per peripheral. Peripherals may not share -an LDRQ# signal." - -So now DMA access is possible trough the dock connector. -So I want to be able to turn that off. - -If I got it right, the X60 has 2 superio, one is in the dock, and the -other one is in the laptop, so we have: - ________________ - _________________ | | -| | | Dock connector:| -|Dock: NSC pc87982|<--LPC--->D_LPC_DREQ0 | -|_________________| |_______^________| - | - | - | - | - ___________________|____ - | v | - | SuperIO: DLDRQ# | - | NSC pc87382 LDRQ# | - |___________________^____| - | - | - | - | - ___________________|___ - | v | - | Southbridge: LDRQ0 | - | ICH7 | - |_______________________| - - -The code: ---------- -Now if I look at the existing code, there is some superio drivers, like -pc87382 in src/superio/nsc, the code is very small. -The only interesting part is the pnp_info pnp_dev_info struct. - -Now if I look inside src/mainboard/lenovo/x60 there is some more -complete dock driver: - -Inside dock.c I see some dock_connect and dock_disconnect functions. - -Such functions are called during the initialisation (romstage.c) and -from the X60 SMI handler (smihandler.c). - -Questions: ----------- -1) Would the following be sufficent to prevent DMA access from the -outside: -> int dock_connect(void) -> { -> int timeout = 1000; -> + int val; -> + -> + if (get_option(&val, "dock") != CB_SUCCESS) -> + val = 1; -> + if (val == 0) -> + return 0; -> [...] -> } -> -> void dock_disconnect(void) { -> + if (dock_present()) -> + return; -> [...] -> } -2) Would an nvram option be ok for that? Should a Kconfig option be -added too? - -> config DOCK_AUTODETECT -> bool "Autodetect" -> help -> The dock is autodetected. If unsure select this option. -> -> config DOCK_DISABLED -> bool "Disabled" -> help -> The dock is always disabled. -> -> config DOCK_NVRAM_ENABLE -> bool "Nvram" -> help -> The dock autodetection is tried only if it is also enabled -> trough nvram. - -</pre> - </div> - - <div class="section"> - - <p> - Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk><br/> - Permission is granted to copy, distribute and/or modify this document - under the terms of the GNU Free Documentation License, Version 1.3 - or any later version published by the Free Software Foundation; - with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. - A copy of the license can be found at <a href="../gfdl-1.3.txt">../gfdl-1.3.txt</a> - </p> - - <p> - Updated versions of the license (when available) can be found at - <a href="https://www.gnu.org/licenses/licenses.html">https://www.gnu.org/licenses/licenses.html</a> - </p> - - <p> - UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - </p> - <p> - TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - </p> - <p> - The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - </p> - - </div> - -</body> -</html> |