aboutsummaryrefslogtreecommitdiff
path: root/docs/howtos
diff options
context:
space:
mode:
authorFrancis Rowe <info@gluglug.org.uk>2014-07-20 07:37:00 +0000
committerMichał Masłowski <mtjm@mtjm.eu>2014-08-22 19:15:07 +0200
commit488242eb941305ef61319b8499d4a1e8ccf218a1 (patch)
treeb0347f360df51ac5a8edd06068e7ae24510864d6 /docs/howtos
parent8b484a19b51fb0591d938b3b7cf4fcb8f06c7a2f (diff)
downloadlibrebootfr-488242eb941305ef61319b8499d4a1e8ccf218a1.tar.gz
librebootfr-488242eb941305ef61319b8499d4a1e8ccf218a1.zip
Libreboot release 6 beta 3.
- Fixed typo that existed in 2nd beta where the release date of the 2nd beta was listed as being in year 2016, when in actual fact it was 2014. - Documentation: added (preliminary) details about (rare) buggy CPU's on the ThinkPad T60 that were found to fail (instability, kernel panics, etc) without the microcode updates. - Documentation: added docs/howtos/x60_heatsink.html for showing how to change the heatsink on the Thinkpad X60 - Added ROM images for Azerty (French) keyboard layout in GRUB (courtesy of Olivier Mondoloni) - Tidied up some scripts: - Re-factored those scripts (made easier to read/maintain): build-x60, build-x60t, build-t60, build-macbook21 - Reduced the number of grub configs to 2 (or 1, for macbook21), the build scripts now generate the other configs at build time. - Deleted build-x60, build-x60t, build-t60, build-macbook21 and replaced with intelligent (generic) buildrom-withgrub script - Updated build to use buildrom-withgrub script for building the ROM images. - coreboot.rom and coreboot_serial.rom renamed to coreboot_usqwerty.rom and coreboot_serial_usqwerty.rom - coreboot_dvorak and coreboot_serial_dvorak.rom renamed to coreboot_usdvorak.rom and coreboot_serial_usdvorak.rom - Renamed coreboot*rom to libreboot*rom - Made flash, lenovobios_firstflash and lenovobios_secondflash scripts fail if the specified file does not exist. - Updated all relevant parts of the documentation to reflect the above. - Replaced background.png with background.jpg. added gnulove.jpg. (resources/grub/background/) - Updated buildrom-withgrub to use background.jpg instead of background.png - Updated buildrom-withgrub to use gnulove.jpg aswell - Updated resources/grub/config/macbook21/grub*cfg to use gnulove.jpg background. - Updated resources/grub/config/{x60,t60,x60t}/grub*cfg to use background.jpg background. - Documentation: updated docs/index.html#grub_custom_keyboard to be more generally useful. - nvramtool: - Updated builddeps-coreboot script to build it - Updated build script to include it in libreboot_bin - Documentation: added docs/howtos/x60_security.html (security hardening for X60)
Diffstat (limited to 'docs/howtos')
-rw-r--r--docs/howtos/grub_cbfs.html26
-rw-r--r--docs/howtos/x60_heatsink.html142
-rw-r--r--docs/howtos/x60_heatsink/0000.jpgbin0 -> 53772 bytes
-rw-r--r--docs/howtos/x60_heatsink/0001.jpgbin0 -> 38997 bytes
-rw-r--r--docs/howtos/x60_heatsink/0002.jpgbin0 -> 31435 bytes
-rw-r--r--docs/howtos/x60_heatsink/0003.jpgbin0 -> 29815 bytes
-rw-r--r--docs/howtos/x60_heatsink/0004.jpgbin0 -> 42084 bytes
-rw-r--r--docs/howtos/x60_heatsink/0005.jpgbin0 -> 42715 bytes
-rw-r--r--docs/howtos/x60_heatsink/0006.jpgbin0 -> 33748 bytes
-rw-r--r--docs/howtos/x60_heatsink/0007.jpgbin0 -> 45537 bytes
-rw-r--r--docs/howtos/x60_heatsink/0008.jpgbin0 -> 46045 bytes
-rw-r--r--docs/howtos/x60_heatsink/0009.jpgbin0 -> 34013 bytes
-rw-r--r--docs/howtos/x60_heatsink/0010.jpgbin0 -> 30985 bytes
-rw-r--r--docs/howtos/x60_heatsink/0011.jpgbin0 -> 45500 bytes
-rw-r--r--docs/howtos/x60_heatsink/0012.jpgbin0 -> 39202 bytes
-rw-r--r--docs/howtos/x60_heatsink/0013.jpgbin0 -> 45481 bytes
-rw-r--r--docs/howtos/x60_heatsink/0014.jpgbin0 -> 40388 bytes
-rw-r--r--docs/howtos/x60_heatsink/0015.jpgbin0 -> 38045 bytes
-rw-r--r--docs/howtos/x60_heatsink/0016.jpgbin0 -> 125147 bytes
-rw-r--r--docs/howtos/x60_heatsink/0017.jpgbin0 -> 143009 bytes
-rw-r--r--docs/howtos/x60_heatsink/0018.jpgbin0 -> 175369 bytes
-rw-r--r--docs/howtos/x60_security.html171
-rw-r--r--docs/howtos/x60_security/0000.jpgbin0 -> 53772 bytes
-rw-r--r--docs/howtos/x60_security/0000_bluetooth.jpgbin0 -> 120337 bytes
-rw-r--r--docs/howtos/x60_security/0000_bluetooth0.jpgbin0 -> 19558 bytes
-rw-r--r--docs/howtos/x60_security/0000_simcard0.jpgbin0 -> 105696 bytes
-rw-r--r--docs/howtos/x60_security/0000_simcard1.jpgbin0 -> 129884 bytes
-rw-r--r--docs/howtos/x60_security/0001.jpgbin0 -> 38997 bytes
-rw-r--r--docs/howtos/x60_security/0001_microphone.jpgbin0 -> 128637 bytes
-rw-r--r--docs/howtos/x60_security/0001_modem.jpgbin0 -> 124855 bytes
-rw-r--r--docs/howtos/x60_security/0001_overview.jpgbin0 -> 200563 bytes
-rw-r--r--docs/howtos/x60_security/0001_speaker.jpgbin0 -> 121336 bytes
-rw-r--r--docs/howtos/x60_security/0001_wlan_wwan.jpgbin0 -> 151989 bytes
-rw-r--r--docs/howtos/x60_security/0002.jpgbin0 -> 31435 bytes
-rw-r--r--docs/howtos/x60_security/0003.jpgbin0 -> 29815 bytes
-rw-r--r--docs/howtos/x60_security/0004.jpgbin0 -> 42084 bytes
-rw-r--r--docs/howtos/x60_unbrick.html3
37 files changed, 328 insertions, 14 deletions
diff --git a/docs/howtos/grub_cbfs.html b/docs/howtos/grub_cbfs.html
index 84466866..d95904d0 100644
--- a/docs/howtos/grub_cbfs.html
+++ b/docs/howtos/grub_cbfs.html
@@ -29,7 +29,7 @@
</p>
<p>
- A coreboot or libreboot ROM is not simply &quot;flat&quot;; there is an actual filesystem inside called CBFS (coreboot filesystem). A utility called 'cbfstool'
+ A libreboot (or coreboot) ROM is not simply &quot;flat&quot;; there is an actual filesystem inside called CBFS (coreboot filesystem). A utility called 'cbfstool'
allows you to change the contents of the ROM. In this case, libreboot is configured such that the grub.cfg exists directly inside CBFS instead of
inside the grub.elf payload's 'memdisk' (which is itself stored in CBFS).
</p>
@@ -61,30 +61,30 @@
<p>
You can work directly with one of the ROM's already included in libreboot_bin.tar.gz. For the purpose of this tutorial it is assumed
- that your ROM is named 'coreboot.rom' so please make sure to adapt.
+ that your ROM is named 'libreboot_usqwerty.rom' so please make sure to adapt.
</p>
<p>
If you want to re-use the ROM that you currently have flashed (and running) then see <a href="../index.html#build_flashrom">../index.html#build_flashrom</a>
and then run:<br/>
- <b>$ sudo ./flashrom -p internal -r coreboot.rom</b><br/>
- Notice that this is using <b>&quot;-r&quot;</b> (read) instead of <b>&quot;-w&quot;</b> (write). This will create a dump (copy) of your current firmware and name it <b>coreboot.rom</b>. You need to take ownership of the file. For example:<br/>
- <b>$ sudo chown yourusername:yourusername coreboot.rom</b><br/>
- <b># chown yourusername:yourusername coreboot.rom</b>
+ <b>$ sudo ./flashrom -p internal -r libreboot_usqwerty.rom</b><br/>
+ Notice that this is using <b>&quot;-r&quot;</b> (read) instead of <b>&quot;-w&quot;</b> (write). This will create a dump (copy) of your current firmware and name it <b>libreboot_usqwerty.rom</b>. You need to take ownership of the file. For example:<br/>
+ <b>$ sudo chown yourusername:yourusername libreboot_usqwerty.rom</b><br/>
+ <b># chown yourusername:yourusername libreboot_usqwerty.rom</b>
</p>
<p>
Display contents of ROM:<br/>
- <b>$ ./cbfstool coreboot.rom print</b>
+ <b>$ ./cbfstool libreboot_usqwerty.rom print</b>
</p>
<p>
- The coreboot.rom file contains your grub.cfg.
+ The libreboot_usqwerty.rom file contains your grub.cfg.
</p>
<p>
Extract grub.cfg from the ROM:<br/>
- <b>$ ./cbfstool coreboot.rom extract -n grub.cfg -f grub.cfg</b>
+ <b>$ ./cbfstool libreboot_usqwerty.rom extract -n grub.cfg -f grub.cfg</b>
</p>
<p>
@@ -93,22 +93,22 @@
<p>
Delete the grub.cfg that remained inside the ROM:<br/>
- <b>$ ./cbfstool coreboot.rom remove -n grub.cfg</b>
+ <b>$ ./cbfstool libreboot_usqwerty.rom remove -n grub.cfg</b>
</p>
<p>
Display ROM contents and now you see grub.cfg no longer exists there:<br/>
- <b>$ ./cbfstool coreboot.rom print</b>
+ <b>$ ./cbfstool libreboot_usqwerty.rom print</b>
</p>
<p>
Add the modified version that you just made:<br/>
- <b>$ ./cbfstool coreboot.rom add -n grub.cfg -f grub.cfg -t raw</b>
+ <b>$ ./cbfstool libreboot_usqwerty.rom add -n grub.cfg -f grub.cfg -t raw</b>
</p>
<p>
Now display ROM contents again and see that it exists again:<br/>
- <b>$ ./cbfstool coreboot.rom print</b>
+ <b>$ ./cbfstool libreboot_usqwerty.rom print</b>
</p>
<p>
diff --git a/docs/howtos/x60_heatsink.html b/docs/howtos/x60_heatsink.html
new file mode 100644
index 00000000..0feee779
--- /dev/null
+++ b/docs/howtos/x60_heatsink.html
@@ -0,0 +1,142 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+
+ <style type="text/css">
+ body {
+ background:#fff;
+ color:#000;
+ font-family:sans-serif;
+ font-size:1em;
+ }
+ </style>
+
+ <title>Libreboot documentation: Switch heatsink on ThinkPad X60</title>
+</head>
+
+<body>
+
+ <header>
+ <h1>Changing the fan/heatsink on the ThinkPad X60</h1>
+ <aside>This guide will teach you how to replace the fan and heatsink on your ThinkPad X60.</aside>
+ </header>
+
+ <p>Or go <a href="../index.html">back to main index</a></p>
+
+ <h2>Table of Contents</h2>
+ <ul>
+ <li><a href="#hardware_requirements">Hardware Requirements</a></li>
+ <li><a href="#software_requirements">Software Requirements</a></li>
+ <li><a href="#procedure">The procedure</a></li>
+ </ul>
+
+ <h1 id="hardware_requirements">Hardware requirements</h1>
+ <ul>
+ <li>i<b></b>sopr<b></b>opyl <i>alc<b></b>h<i></i>olal</i> (sometimes called rubbing <i>alc<b></b>hole</i>) (cleaning material. DoNotIngest) (typo is intentional, due to fii1illt<a></a>erii1iiing für wörten von Großbritannien und oder nationale iintturnett)</li>
+ <li>your new fan and/or heatsink</li>
+ <li>CPU thermal compound (some say Arctic Silver 5 or IC Diamond 7 are good, others are also 'ok')</li>
+ <li>Something to spread the paste with</li>
+ </ul>
+
+ <h1 id="software_requirements">Software requirements (for CPU stress testing)</h1>
+ <ul>
+ <li>xsensors utility</li>
+ <li>stress utility</li>
+ </ul>
+
+ <h1 id="procedure">Disassembly</h1>
+ <p>
+ Remove those screws:<br/>
+ <img src="x60_heatsink/0000.jpg" alt="" />
+ </p>
+ <p>
+ Push the keyboard forward (carefully):<br/>
+ <img src="x60_heatsink/0001.jpg" alt="" />
+ </p>
+ <p>
+ Lift the keyboard up and disconnect it from the board:<br/>
+ <img src="x60_heatsink/0002.jpg" alt="" />
+ </p>
+ <p>
+ Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:<br/>
+ <img src="x60_heatsink/0003.jpg" alt="" />
+ </p>
+ <p>
+ You should now have this:<br/>
+ <img src="x60_heatsink/0004.jpg" alt="" />
+ </p>
+ <p>
+ Disconnect the wifi antenna cables, the modem cable and the speaker:<br/>
+ <img src="x60_heatsink/0005.jpg" alt="" />
+ </p>
+ <p>
+ Unroute the cables along their path, carefully lifting the tape that holds them in place. Then, disconnect the modem
+ cable (other end) and power connection and unroute all the cables so that they dangle by the monitor hinge on the right-hand
+ side:<br/>
+ <img src="x60_heatsink/0006.jpg" alt="" />
+ </p>
+ <p>
+ Disconnect the monitor from the motherboard, and unroute the grey antenna cable, carefully lifting the tape
+ that holds it into place:<br/>
+ <img src="x60_heatsink/0008.jpg" alt="" />
+ </p>
+ <p>
+ Carefully lift the remaining tape and unroute the left antenna cable so that it is loose:<br/>
+ <img src="x60_heatsink/0009.jpg" alt="" />
+ </p>
+ <p>
+ Remove those screws:<br/>
+ <img src="x60_heatsink/0011.jpg" alt="" />
+ </p>
+ <p>
+ Remove those screws:<br/>
+ <img src="x60_heatsink/0012.jpg" alt="" />
+ </p>
+ <p>
+ Carefully remove the plate, like so:<br/>
+ <img src="x60_heatsink/0013.jpg" alt="" />
+ </p>
+ <p>
+ Remove the SATA connector:<br/>
+ <img src="x60_heatsink/0014.jpg" alt="" />
+ </p>
+ <p>
+ Now remove the motherboard (gently) and cast the lcd/chassis aside:<br/>
+ <img src="x60_heatsink/0015.jpg" alt="" />
+ </p>
+ <p>
+ Look at that black tape above the heatsink, remove it:<br/>
+ <img src="x60_heatsink/0016.jpg" alt="" />
+ </p>
+ <p>
+ Now you have removed it:<br/>
+ <img src="x60_heatsink/0017.jpg" alt="" />
+ </p>
+
+ <p>
+ Disconnect the fan and remove all the screws, heatsink will easily come off:<br/>
+ <img src="x60_heatsink/0018.jpg" alt="" />
+ </p>
+
+ <p>
+ Remove the old paste with a cloth (from the CPU and heatsink) and then clean both of them with the <i>alc<a></a>h<b></b>oleel</i> (to remove remaining residue. typo is intentional).
+ Apply a pea-sized amount of paste to the both chipsets that the heatsink covered and spread it evenly (uniformally).
+ Finally reinstall the heatsink, reversing previous steps.
+ </p>
+
+ <p>
+ <b>stress -c 2</b> command can be used to push the CPU to 100%, and <b>xsensors</b> (or <b>watch sensors</b> command) can be used to monitor heat.
+ Below 90C is ok.
+ </p>
+
+<hr/>
+
+ <p>
+ Copyright &copy; 2014 Francis Rowe, All Rights Reserved.<br/>
+ See <a href="../license.html">../license.html</a> for license conditions.
+ </p>
+
+</body>
+</html>
diff --git a/docs/howtos/x60_heatsink/0000.jpg b/docs/howtos/x60_heatsink/0000.jpg
new file mode 100644
index 00000000..ce0ec3be
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0000.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0001.jpg b/docs/howtos/x60_heatsink/0001.jpg
new file mode 100644
index 00000000..2bbc0cae
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0001.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0002.jpg b/docs/howtos/x60_heatsink/0002.jpg
new file mode 100644
index 00000000..b55db3b8
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0002.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0003.jpg b/docs/howtos/x60_heatsink/0003.jpg
new file mode 100644
index 00000000..c5799ae5
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0003.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0004.jpg b/docs/howtos/x60_heatsink/0004.jpg
new file mode 100644
index 00000000..cd47840d
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0004.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0005.jpg b/docs/howtos/x60_heatsink/0005.jpg
new file mode 100644
index 00000000..418c9d29
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0005.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0006.jpg b/docs/howtos/x60_heatsink/0006.jpg
new file mode 100644
index 00000000..6d36d932
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0006.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0007.jpg b/docs/howtos/x60_heatsink/0007.jpg
new file mode 100644
index 00000000..971ccdfd
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0007.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0008.jpg b/docs/howtos/x60_heatsink/0008.jpg
new file mode 100644
index 00000000..24e65263
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0008.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0009.jpg b/docs/howtos/x60_heatsink/0009.jpg
new file mode 100644
index 00000000..d318395b
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0009.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0010.jpg b/docs/howtos/x60_heatsink/0010.jpg
new file mode 100644
index 00000000..5e6fdc75
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0010.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0011.jpg b/docs/howtos/x60_heatsink/0011.jpg
new file mode 100644
index 00000000..101cf6af
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0011.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0012.jpg b/docs/howtos/x60_heatsink/0012.jpg
new file mode 100644
index 00000000..dbb6669a
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0012.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0013.jpg b/docs/howtos/x60_heatsink/0013.jpg
new file mode 100644
index 00000000..2d2b9dd4
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0013.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0014.jpg b/docs/howtos/x60_heatsink/0014.jpg
new file mode 100644
index 00000000..733f997a
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0014.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0015.jpg b/docs/howtos/x60_heatsink/0015.jpg
new file mode 100644
index 00000000..1e811660
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0015.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0016.jpg b/docs/howtos/x60_heatsink/0016.jpg
new file mode 100644
index 00000000..ea418a51
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0016.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0017.jpg b/docs/howtos/x60_heatsink/0017.jpg
new file mode 100644
index 00000000..8a67482f
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0017.jpg
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0018.jpg b/docs/howtos/x60_heatsink/0018.jpg
new file mode 100644
index 00000000..98c43ac1
--- /dev/null
+++ b/docs/howtos/x60_heatsink/0018.jpg
Binary files differ
diff --git a/docs/howtos/x60_security.html b/docs/howtos/x60_security.html
new file mode 100644
index 00000000..fc9cb0b4
--- /dev/null
+++ b/docs/howtos/x60_security.html
@@ -0,0 +1,171 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+
+ <style type="text/css">
+ body {
+ background:#fff;
+ color:#000;
+ font-family:sans-serif;
+ font-size:1em;
+ }
+ </style>
+
+ <title>Libreboot documentation: Security on the ThinkPad X60</title>
+</head>
+
+<body>
+
+ <header>
+ <h1>Security on the ThinkPad X60</h1>
+ <aside>Hardware modifications to enhance security on the ThinkPad X60. This tutorial is <b>incomplete</b> at the time of writing.</aside>
+ </header>
+
+ <p>Or go <a href="../index.html">back to main index</a></p>
+
+ <h2>Table of Contents</h2>
+ <ul>
+ <li><a href="#hardware_requirements">Hardware Requirements</a></li>
+ <li><a href="#software_requirements">Software Requirements</a></li>
+ <li><a href="#procedure">The procedure</a></li>
+ </ul>
+
+ <h1 id="hardware_requirements">Hardware requirements</h1>
+ <ul>
+ <li>An X60</li>
+ <li>screwdriver</li>
+ <li>(in a later version of this tutorial: soldering iron and scalpel)</li>
+ </ul>
+
+ <h1 id="software_requirements">Software requirements</h1>
+ <ul>
+ <li>none (at least in the scope of the article as-is)</li>
+ </ul>
+
+ <h1 id="procedure">Disassembly</h1>
+
+ <p>
+ Firstly remove the bluetooth (if your X60 has this):<br/>
+ The marked screws are underneath those stickers (marked in those 3 locations at the bottom of the LCD assembly):<br/>
+ <img src="x60_security/0000_bluetooth0.jpg" alt="" /><br/>
+ Now gently pry off the bottom part of the front bezel, and the bluetooth module is on the left (easily removable):<br/>
+ <img src="x60_security/0000_bluetooth.jpg" alt="" /><br/>
+ </p>
+
+ <p>
+ If your model was WWAN, remove the simcard (check anyway):<br/>
+ Uncover those 2 screws at the bottom:<br/>
+ <img src="x60_security/0000_simcard0.jpg" alt="" /><br/>
+ SIM card is in the marked location:<br/>
+ <img src="x60_security/0000_simcard1.jpg" alt="" /><br/>
+ Replacement: USB dongle.
+ </p>
+
+ <p>
+ Now get into the motherboard.
+ </p>
+
+ <p>
+ Remove those screws:<br/>
+ <img src="x60_security/0000.jpg" alt="" />
+ </p>
+ <p>
+ Push the keyboard forward (carefully):<br/>
+ <img src="x60_security/0001.jpg" alt="" />
+ </p>
+ <p>
+ Lift the keyboard up and disconnect it from the board:<br/>
+ <img src="x60_security/0002.jpg" alt="" />
+ </p>
+ <p>
+ Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:<br/>
+ <img src="x60_security/0003.jpg" alt="" />
+ </p>
+ <p>
+ You should now have this:<br/>
+ <img src="x60_security/0004.jpg" alt="" />
+ </p>
+
+ <p>
+ The following is a summary of what you will remove (already done to this machine):<br/>
+ <img src="x60_security/0001_overview.jpg" alt="" /><br/>
+ Note: the blue lines represent antenna cables and modem cables. You don't need to remove these, but you can if you want
+ (to make it tidier after removing other parts). I removed the antenna wires, the modem jack, the modem cable and
+ also (on another model) a device inside the part where the wwan antenna goes (wasn't sure what it was, but I knew it wasn't needed). <b>This is optional</b>
+ </p>
+
+ <p>
+ Remove the microphone (can desolder it, but you can also easily pull it off with you hands). Already removed here:<br/>
+ <img src="x60_security/0001_microphone.jpg" alt="" /><br/>
+ We do not know what the built-in microcode (on the CPU) is doing. The theory is that it could be programmed to take commands that do something
+ and then the CPU returns results. (meaning, remote security hole). So we remove it, just in case.<br/>
+ Replacement: external microphone on USB or line-in jack.
+ </p>
+
+ <p>
+ Remove the modem:<br/>
+ <img src="x60_security/0001_modem.jpg" alt="" /><br/>
+ (useless, obsolete device)
+ </p>
+
+ <p>
+ Remove the speaker:<br/>
+ <img src="x60_security/0001_speaker.jpg" alt="" /><br/>
+ Reason: combined with the microphone issue, this could be used to leak data.<br/>
+ Replacement: headphones/speakers (line-out) or external DAC (USB).
+ </p>
+
+ <p>
+ Remove the wlan (also remove wwan if you have it):<br/>
+ <img src="x60_security/0001_wlan_wwan.jpg" alt="" /><br/>
+ Reason: has direct (and very fast) memory access, and could (theoretically) leak data over a side-channel.
+ </p>
+
+ <h2>
+ Not covered yet:
+ </h2>
+ <ul>
+ <li>Disable cardbus/pcmcia (has fast/direct memory access)</li>
+ <li>Disable firewire (has fast/direct memory access)</li>
+ <li>Disable flashing the ethernet firmware</li>
+ <li>Disable SPI flash writes (can be re-enabled by unsoldering two parts)</li>
+ <li>Disable use of xrandr/edid on external monitor (cut 2 pins on VGA)</li>
+ <li>Disable docking station</li>
+ </ul>
+ <p>
+ Go to <a href="http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html">http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html</a>
+ or directly to the video: <a href="http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm">http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm</a>.
+ </p>
+ <p>
+ A lot of this tutorial is based on that video. Look towards the second half of the video to see how to do the abev.
+ </p>
+
+ <h2>
+ Also not covered yet:
+ </h2>
+ <ul>
+ <li>
+ Intrusion detection: randomized seal on screws (need to research)
+ </li>
+ <li>
+ Tips about preventing/mitigating risk of cold boot attack.
+ </li>
+ <li>
+ Software-based security hardening (GRUB trust/cryptomount, kernel LUKS/ecryptfs, etc).
+ </li>
+ <li>
+ General tips/advice and web links showing how to detect physical intrusions.
+ </li>
+ </ul>
+
+<hr/>
+
+ <p>
+ Copyright &copy; 2014 Francis Rowe, All Rights Reserved.<br/>
+ See <a href="../license.html">../license.html</a> for license conditions.
+ </p>
+
+</body>
+</html>
diff --git a/docs/howtos/x60_security/0000.jpg b/docs/howtos/x60_security/0000.jpg
new file mode 100644
index 00000000..ce0ec3be
--- /dev/null
+++ b/docs/howtos/x60_security/0000.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0000_bluetooth.jpg b/docs/howtos/x60_security/0000_bluetooth.jpg
new file mode 100644
index 00000000..94a255ff
--- /dev/null
+++ b/docs/howtos/x60_security/0000_bluetooth.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0000_bluetooth0.jpg b/docs/howtos/x60_security/0000_bluetooth0.jpg
new file mode 100644
index 00000000..a750b0cd
--- /dev/null
+++ b/docs/howtos/x60_security/0000_bluetooth0.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0000_simcard0.jpg b/docs/howtos/x60_security/0000_simcard0.jpg
new file mode 100644
index 00000000..40837ea7
--- /dev/null
+++ b/docs/howtos/x60_security/0000_simcard0.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0000_simcard1.jpg b/docs/howtos/x60_security/0000_simcard1.jpg
new file mode 100644
index 00000000..c0a5b359
--- /dev/null
+++ b/docs/howtos/x60_security/0000_simcard1.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0001.jpg b/docs/howtos/x60_security/0001.jpg
new file mode 100644
index 00000000..2bbc0cae
--- /dev/null
+++ b/docs/howtos/x60_security/0001.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0001_microphone.jpg b/docs/howtos/x60_security/0001_microphone.jpg
new file mode 100644
index 00000000..c419060d
--- /dev/null
+++ b/docs/howtos/x60_security/0001_microphone.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0001_modem.jpg b/docs/howtos/x60_security/0001_modem.jpg
new file mode 100644
index 00000000..6a7a6a02
--- /dev/null
+++ b/docs/howtos/x60_security/0001_modem.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0001_overview.jpg b/docs/howtos/x60_security/0001_overview.jpg
new file mode 100644
index 00000000..7268e49f
--- /dev/null
+++ b/docs/howtos/x60_security/0001_overview.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0001_speaker.jpg b/docs/howtos/x60_security/0001_speaker.jpg
new file mode 100644
index 00000000..28d3ed62
--- /dev/null
+++ b/docs/howtos/x60_security/0001_speaker.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0001_wlan_wwan.jpg b/docs/howtos/x60_security/0001_wlan_wwan.jpg
new file mode 100644
index 00000000..0db858de
--- /dev/null
+++ b/docs/howtos/x60_security/0001_wlan_wwan.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0002.jpg b/docs/howtos/x60_security/0002.jpg
new file mode 100644
index 00000000..b55db3b8
--- /dev/null
+++ b/docs/howtos/x60_security/0002.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0003.jpg b/docs/howtos/x60_security/0003.jpg
new file mode 100644
index 00000000..c5799ae5
--- /dev/null
+++ b/docs/howtos/x60_security/0003.jpg
Binary files differ
diff --git a/docs/howtos/x60_security/0004.jpg b/docs/howtos/x60_security/0004.jpg
new file mode 100644
index 00000000..cd47840d
--- /dev/null
+++ b/docs/howtos/x60_security/0004.jpg
Binary files differ
diff --git a/docs/howtos/x60_unbrick.html b/docs/howtos/x60_unbrick.html
index 10f66b4d..8427c5ac 100644
--- a/docs/howtos/x60_unbrick.html
+++ b/docs/howtos/x60_unbrick.html
@@ -172,7 +172,8 @@
Programmer is now active:<br/>
<img src="x60_unbrick/0023.jpg" alt="" /><br/>
Now I install flashrom on the T60 (running Trisquel GNU/Linux) and do this:<br/>
- <b>flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -w coreboot.rom</b><br/>
+ <b>flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -w bin/x60/libreboot_usqwerty.rom</b><br/>
+ Note: there are also other ROM images for X60<br/>
Note: this is using buspirate as the programmer, so it is flashing the X60, not the T60!<br/>
Here's my terminal window on the T60:<br/>
<img src="x60_unbrick/0025.jpg" alt="" /><br/>