aboutsummaryrefslogtreecommitdiff
path: root/docs/security/dock.html
diff options
context:
space:
mode:
authorLeah Rowe <info@minifree.org>2016-08-22 10:22:04 +0100
committerLeah Rowe <info@minifree.org>2016-08-22 10:22:04 +0100
commitc679b19f0b0d95f587b3836c7bf867a932d3df28 (patch)
treea0529135e5901b3aff16987a2cf94c10752cb8ab /docs/security/dock.html
parent3ca295f25340344f5d42164bd134dbb9f5b0ff4c (diff)
downloadlibrebootfr-c679b19f0b0d95f587b3836c7bf867a932d3df28.tar.gz
librebootfr-c679b19f0b0d95f587b3836c7bf867a932d3df28.zip
actually add the documentation directory. (I forgot git add in last commit)
Diffstat (limited to 'docs/security/dock.html')
-rw-r--r--docs/security/dock.html190
1 files changed, 190 insertions, 0 deletions
diff --git a/docs/security/dock.html b/docs/security/dock.html
new file mode 100644
index 00000000..9b114ab2
--- /dev/null
+++ b/docs/security/dock.html
@@ -0,0 +1,190 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+
+ <style type="text/css">
+ @import url('../css/main.css');
+ </style>
+
+ <title>Notes about DMA and the docking station (X60/T60)</title>
+</head>
+
+<body>
+ <div class="section">
+ <h1>Notes about DMA and the docking station (X60/T60)</h1>
+ </div>
+
+ <div class="section">
+<pre>
+
+Use case:
+---------
+Usually when people do full disk encryption, it's not really full disk,
+instead they still have a /boot in clear.
+
+So an evil maid attack can still be done, in two passes:
+1) Clone the hdd, Infect the initramfs or the kernel.
+2) Wait for the user to enter its password, recover the password,
+luksOpen the hdd image.
+
+I wanted a real full-disk encryption so I've put grub in flash and I
+have the following: The HDD has a LUKS rootfs(containing /boot) on an
+lvm partition, so no partition is in clear.
+
+So when the computer boots it executes coreboot, then grub as a payload.
+Grub then opens the LUKS partition and loads the kernel and initramfs
+from there.
+
+To prevent hardware level tempering(like reflashing), I used nail
+polish with a lot of gilder, that acts like a seal. Then a high
+resolution picture of it is taken, to be able to tell the difference.
+
+The problem:
+------------
+But then comes the docking port issue: Some LPC pins are exported
+there, such as the CLKRUN and LDRQ#.
+
+LDRQ# is "Encoded DMA/Bus Master Request": "Only needed by
+peripherals that need DMA or bus mastering. Requires an
+individual signal per peripheral. Peripherals may not share
+an LDRQ# signal."
+
+So now DMA access is possible trough the dock connector.
+So I want to be able to turn that off.
+
+If I got it right, the X60 has 2 superio, one is in the dock, and the
+other one is in the laptop, so we have:
+ ________________
+ _________________ | |
+| | | Dock connector:|
+|Dock: NSC pc87982|&lt;--LPC---&gt;D_LPC_DREQ0 |
+|_________________| |_______^________|
+ |
+ |
+ |
+ |
+ ___________________|____
+ | v |
+ | SuperIO: DLDRQ# |
+ | NSC pc87382 LDRQ# |
+ |___________________^____|
+ |
+ |
+ |
+ |
+ ___________________|___
+ | v |
+ | Southbridge: LDRQ0 |
+ | ICH7 |
+ |_______________________|
+
+
+The code:
+---------
+Now if I look at the existing code, there is some superio drivers, like
+pc87382 in src/superio/nsc, the code is very small.
+The only interesting part is the pnp_info pnp_dev_info struct.
+
+Now if I look inside src/mainboard/lenovo/x60 there is some more
+complete dock driver:
+
+Inside dock.c I see some dock_connect and dock_disconnect functions.
+
+Such functions are called during the initialisation (romstage.c) and
+from the X60 SMI handler (smihandler.c).
+
+Questions:
+----------
+1) Would the following be sufficent to prevent DMA access from the
+outside:
+&gt; int dock_connect(void)
+&gt; {
+&gt; int timeout = 1000;
+&gt; + int val;
+&gt; +
+&gt; + if (get_option(&amp;val, &quot;dock&quot;) != CB_SUCCESS)
+&gt; + val = 1;
+&gt; + if (val == 0)
+&gt; + return 0;
+&gt; [...]
+&gt; }
+>
+&gt; void dock_disconnect(void) {
+&gt; + if (dock_present())
+&gt; + return;
+&gt; [...]
+&gt; }
+2) Would an nvram option be ok for that? Should a Kconfig option be
+added too?
+
+&gt; config DOCK_AUTODETECT
+&gt; bool "Autodetect"
+&gt; help
+&gt; The dock is autodetected. If unsure select this option.
+>
+&gt; config DOCK_DISABLED
+&gt; bool "Disabled"
+&gt; help
+&gt; The dock is always disabled.
+>
+&gt; config DOCK_NVRAM_ENABLE
+&gt; bool "Nvram"
+&gt; help
+&gt; The dock autodetection is tried only if it is also enabled
+&gt; trough nvram.
+
+</pre>
+ </div>
+
+ <div class="section">
+
+ <p>
+ Copyright &copy; 2014, 2015 Leah Rowe &lt;info@minifree.org&gt;<br/>
+ Permission is granted to copy, distribute and/or modify this document
+ under the terms of the GNU Free Documentation License, Version 1.3
+ or any later version published by the Free Software Foundation;
+ with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
+ A copy of the license can be found at <a href="../gfdl-1.3.txt">../gfdl-1.3.txt</a>
+ </p>
+
+ <p>
+ Updated versions of the license (when available) can be found at
+ <a href="https://www.gnu.org/licenses/licenses.html">https://www.gnu.org/licenses/licenses.html</a>
+ </p>
+
+ <p>
+ UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
+ EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
+ AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
+ IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
+ WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
+ ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
+ KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
+ ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
+ </p>
+ <p>
+ TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
+ TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
+ NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
+ INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
+ COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
+ USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
+ ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
+ DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
+ IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
+ </p>
+ <p>
+ The disclaimer of warranties and limitation of liability provided
+ above shall be interpreted in a manner that, to the extent
+ possible, most closely approximates an absolute disclaimer and
+ waiver of all liability.
+ </p>
+
+ </div>
+
+</body>
+</html>