1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
background:#fff;
color:#000;
font-family:sans-serif;
font-size:1em;
}
</style>
<title>Libreboot documentation: Security on the ThinkPad X60</title>
</head>
<body>
<header>
<h1>Security on the ThinkPad X60</h1>
<aside>Hardware modifications to enhance security on the ThinkPad X60. This tutorial is <b>incomplete</b> at the time of writing.</aside>
</header>
<p>Or go <a href="../index.html">back to main index</a></p>
<h2>Table of Contents</h2>
<ul>
<li><a href="#hardware_requirements">Hardware Requirements</a></li>
<li><a href="#software_requirements">Software Requirements</a></li>
<li><a href="#procedure">The procedure</a></li>
</ul>
<h1 id="hardware_requirements">Hardware requirements</h1>
<ul>
<li>An X60</li>
<li>screwdriver</li>
<li>(in a later version of this tutorial: soldering iron and scalpel)</li>
</ul>
<h1 id="software_requirements">Software requirements</h1>
<ul>
<li>none (at least in the scope of the article as-is)</li>
</ul>
<h1 id="procedure">Disassembly</h1>
<p>
Firstly remove the bluetooth (if your X60 has this):<br/>
The marked screws are underneath those stickers (marked in those 3 locations at the bottom of the LCD assembly):<br/>
<img src="x60_security/0000_bluetooth0.jpg" alt="" /><br/>
Now gently pry off the bottom part of the front bezel, and the bluetooth module is on the left (easily removable):<br/>
<img src="x60_security/0000_bluetooth.jpg" alt="" /><br/>
</p>
<p>
If your model was WWAN, remove the simcard (check anyway):<br/>
Uncover those 2 screws at the bottom:<br/>
<img src="x60_security/0000_simcard0.jpg" alt="" /><br/>
SIM card is in the marked location:<br/>
<img src="x60_security/0000_simcard1.jpg" alt="" /><br/>
Replacement: USB dongle.
</p>
<p>
Now get into the motherboard.
</p>
<p>
Remove those screws:<br/>
<img src="x60_security/0000.jpg" alt="" />
</p>
<p>
Push the keyboard forward (carefully):<br/>
<img src="x60_security/0001.jpg" alt="" />
</p>
<p>
Lift the keyboard up and disconnect it from the board:<br/>
<img src="x60_security/0002.jpg" alt="" />
</p>
<p>
Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:<br/>
<img src="x60_security/0003.jpg" alt="" />
</p>
<p>
You should now have this:<br/>
<img src="x60_security/0004.jpg" alt="" />
</p>
<p>
The following is a summary of what you will remove (already done to this machine):<br/>
<img src="x60_security/0001_overview.jpg" alt="" /><br/>
Note: the blue lines represent antenna cables and modem cables. You don't need to remove these, but you can if you want
(to make it tidier after removing other parts). I removed the antenna wires, the modem jack, the modem cable and
also (on another model) a device inside the part where the wwan antenna goes (wasn't sure what it was, but I knew it wasn't needed). <b>This is optional</b>
</p>
<p>
Remove the microphone (can desolder it, but you can also easily pull it off with you hands). Already removed here:<br/>
<img src="x60_security/0001_microphone.jpg" alt="" /><br/>
We do not know what the built-in microcode (on the CPU) is doing. The theory is that it could be programmed to take commands that do something
and then the CPU returns results. (meaning, remote security hole). So we remove it, just in case.<br/>
Replacement: external microphone on USB or line-in jack.
</p>
<p>
Remove the modem:<br/>
<img src="x60_security/0001_modem.jpg" alt="" /><br/>
(useless, obsolete device)
</p>
<p>
Remove the speaker:<br/>
<img src="x60_security/0001_speaker.jpg" alt="" /><br/>
Reason: combined with the microphone issue, this could be used to leak data.<br/>
Replacement: headphones/speakers (line-out) or external DAC (USB).
</p>
<p>
Remove the wlan (also remove wwan if you have it):<br/>
<img src="x60_security/0001_wlan_wwan.jpg" alt="" /><br/>
Reason: has direct (and very fast) memory access, and could (theoretically) leak data over a side-channel.
</p>
<h2>
Not covered yet:
</h2>
<ul>
<li>Disable cardbus/pcmcia (has fast/direct memory access)</li>
<li>Disable firewire (has fast/direct memory access)</li>
<li>Disable flashing the ethernet firmware</li>
<li>Disable SPI flash writes (can be re-enabled by unsoldering two parts)</li>
<li>Disable use of xrandr/edid on external monitor (cut 2 pins on VGA)</li>
<li>Disable docking station</li>
</ul>
<p>
Go to <a href="http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html">http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html</a>
or directly to the video: <a href="http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm">http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm</a>.
</p>
<p>
A lot of this tutorial is based on that video. Look towards the second half of the video to see how to do the abev.
</p>
<h2>
Also not covered yet:
</h2>
<ul>
<li>
Intrusion detection: randomized seal on screws (need to research)
</li>
<li>
Tips about preventing/mitigating risk of cold boot attack.
</li>
<li>
Software-based security hardening (GRUB trust/cryptomount, kernel LUKS/ecryptfs, etc).
</li>
<li>
General tips/advice and web links showing how to detect physical intrusions.
</li>
</ul>
<hr/>
<p>
Copyright © 2014 Francis Rowe, All Rights Reserved.<br/>
See <a href="../license.html">../license.html</a> for license conditions.
</p>
</body>
</html>
|
