diff options
author | Leah Rowe <info@minifree.org> | 2016-08-22 10:22:04 +0100 |
---|---|---|
committer | Leah Rowe <info@minifree.org> | 2016-08-22 10:22:04 +0100 |
commit | c679b19f0b0d95f587b3836c7bf867a932d3df28 (patch) | |
tree | a0529135e5901b3aff16987a2cf94c10752cb8ab /docs/security/dock.html | |
parent | 3ca295f25340344f5d42164bd134dbb9f5b0ff4c (diff) | |
download | librebootfr-c679b19f0b0d95f587b3836c7bf867a932d3df28.tar.gz librebootfr-c679b19f0b0d95f587b3836c7bf867a932d3df28.zip |
actually add the documentation directory. (I forgot git add in last commit)
Diffstat (limited to 'docs/security/dock.html')
-rw-r--r-- | docs/security/dock.html | 190 |
1 files changed, 190 insertions, 0 deletions
diff --git a/docs/security/dock.html b/docs/security/dock.html new file mode 100644 index 00000000..9b114ab2 --- /dev/null +++ b/docs/security/dock.html @@ -0,0 +1,190 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <style type="text/css"> + @import url('../css/main.css'); + </style> + + <title>Notes about DMA and the docking station (X60/T60)</title> +</head> + +<body> + <div class="section"> + <h1>Notes about DMA and the docking station (X60/T60)</h1> + </div> + + <div class="section"> +<pre> + +Use case: +--------- +Usually when people do full disk encryption, it's not really full disk, +instead they still have a /boot in clear. + +So an evil maid attack can still be done, in two passes: +1) Clone the hdd, Infect the initramfs or the kernel. +2) Wait for the user to enter its password, recover the password, +luksOpen the hdd image. + +I wanted a real full-disk encryption so I've put grub in flash and I +have the following: The HDD has a LUKS rootfs(containing /boot) on an +lvm partition, so no partition is in clear. + +So when the computer boots it executes coreboot, then grub as a payload. +Grub then opens the LUKS partition and loads the kernel and initramfs +from there. + +To prevent hardware level tempering(like reflashing), I used nail +polish with a lot of gilder, that acts like a seal. Then a high +resolution picture of it is taken, to be able to tell the difference. + +The problem: +------------ +But then comes the docking port issue: Some LPC pins are exported +there, such as the CLKRUN and LDRQ#. + +LDRQ# is "Encoded DMA/Bus Master Request": "Only needed by +peripherals that need DMA or bus mastering. Requires an +individual signal per peripheral. Peripherals may not share +an LDRQ# signal." + +So now DMA access is possible trough the dock connector. +So I want to be able to turn that off. + +If I got it right, the X60 has 2 superio, one is in the dock, and the +other one is in the laptop, so we have: + ________________ + _________________ | | +| | | Dock connector:| +|Dock: NSC pc87982|<--LPC--->D_LPC_DREQ0 | +|_________________| |_______^________| + | + | + | + | + ___________________|____ + | v | + | SuperIO: DLDRQ# | + | NSC pc87382 LDRQ# | + |___________________^____| + | + | + | + | + ___________________|___ + | v | + | Southbridge: LDRQ0 | + | ICH7 | + |_______________________| + + +The code: +--------- +Now if I look at the existing code, there is some superio drivers, like +pc87382 in src/superio/nsc, the code is very small. +The only interesting part is the pnp_info pnp_dev_info struct. + +Now if I look inside src/mainboard/lenovo/x60 there is some more +complete dock driver: + +Inside dock.c I see some dock_connect and dock_disconnect functions. + +Such functions are called during the initialisation (romstage.c) and +from the X60 SMI handler (smihandler.c). + +Questions: +---------- +1) Would the following be sufficent to prevent DMA access from the +outside: +> int dock_connect(void) +> { +> int timeout = 1000; +> + int val; +> + +> + if (get_option(&val, "dock") != CB_SUCCESS) +> + val = 1; +> + if (val == 0) +> + return 0; +> [...] +> } +> +> void dock_disconnect(void) { +> + if (dock_present()) +> + return; +> [...] +> } +2) Would an nvram option be ok for that? Should a Kconfig option be +added too? + +> config DOCK_AUTODETECT +> bool "Autodetect" +> help +> The dock is autodetected. If unsure select this option. +> +> config DOCK_DISABLED +> bool "Disabled" +> help +> The dock is always disabled. +> +> config DOCK_NVRAM_ENABLE +> bool "Nvram" +> help +> The dock autodetection is tried only if it is also enabled +> trough nvram. + +</pre> + </div> + + <div class="section"> + + <p> + Copyright © 2014, 2015 Leah Rowe <info@minifree.org><br/> + Permission is granted to copy, distribute and/or modify this document + under the terms of the GNU Free Documentation License, Version 1.3 + or any later version published by the Free Software Foundation; + with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. + A copy of the license can be found at <a href="../gfdl-1.3.txt">../gfdl-1.3.txt</a> + </p> + + <p> + Updated versions of the license (when available) can be found at + <a href="https://www.gnu.org/licenses/licenses.html">https://www.gnu.org/licenses/licenses.html</a> + </p> + + <p> + UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + </p> + <p> + TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + </p> + <p> + The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + </p> + + </div> + +</body> +</html> |