diff options
Diffstat (limited to 'docs/hardware/dock.md')
-rw-r--r-- | docs/hardware/dock.md | 151 |
1 files changed, 0 insertions, 151 deletions
diff --git a/docs/hardware/dock.md b/docs/hardware/dock.md deleted file mode 100644 index d5f694ac..00000000 --- a/docs/hardware/dock.md +++ /dev/null @@ -1,151 +0,0 @@ -% Notes about DMA and the docking station (X60/T60) - - Use case: - --------- - Usually when people do full disk encryption, it's not really full disk, - instead they still have a /boot in clear. - - So an evil maid attack can still be done, in two passes: - 1) Clone the hdd, Infect the initramfs or the kernel. - 2) Wait for the user to enter its password, recover the password, - luksOpen the hdd image. - - I wanted a real full-disk encryption so I've put grub in flash and I - have the following: The HDD has a LUKS rootfs(containing /boot) on an - lvm partition, so no partition is in clear. - - So when the computer boots it executes coreboot, then grub as a payload. - Grub then opens the LUKS partition and loads the kernel and initramfs - from there. - - To prevent hardware level tempering(like reflashing), I used nail - polish with a lot of gilder, that acts like a seal. Then a high - resolution picture of it is taken, to be able to tell the difference. - - The problem: - ------------ - But then comes the docking port issue: Some LPC pins are exported - there, such as the CLKRUN and LDRQ#. - - LDRQ# is "Encoded DMA/Bus Master Request": "Only needed by - peripherals that need DMA or bus mastering. Requires an - individual signal per peripheral. Peripherals may not share - an LDRQ# signal." - - So now DMA access is possible trough the dock connector. - So I want to be able to turn that off. - - If I got it right, the X60 has 2 superio, one is in the dock, and the - other one is in the laptop, so we have: - ________________ - _________________ | | - | | | Dock connector:| - |Dock: NSC pc87982|<--LPC--->D_LPC_DREQ0 | - |_________________| |_______^________| - | - | - | - | - ___________________|____ - | v | - | SuperIO: DLDRQ# | - | NSC pc87382 LDRQ# | - |___________________^____| - | - | - | - | - ___________________|___ - | v | - | Southbridge: LDRQ0 | - | ICH7 | - |_______________________| - - The code: - --------- - Now if I look at the existing code, there is some superio drivers, like - pc87382 in src/superio/nsc, the code is very small. - The only interesting part is the pnp_info pnp_dev_info struct. - - Now if I look inside src/mainboard/lenovo/x60 there is some more - complete dock driver: - - Inside dock.c I see some dock_connect and dock_disconnect functions. - - Such functions are called during the initialisation (romstage.c) and - from the X60 SMI handler (smihandler.c). - - Questions: - ---------- - 1) Would the following be sufficent to prevent DMA access from the - outside: - > int dock_connect(void) - > { - > int timeout = 1000; - > + int val; - > + - > + if (get_option(&val, "dock") != CB_SUCCESS) - > + val = 1; - > + if (val == 0) - > + return 0; - > [...] - > } - > - > void dock_disconnect(void) { - > + if (dock_present()) - > + return; - > [...] - > } - 2) Would an nvram option be ok for that? Should a Kconfig option be - added too? - - > config DOCK_AUTODETECT - > bool "Autodetect" - > help - > The dock is autodetected. If unsure select this option. - > - > config DOCK_DISABLED - > bool "Disabled" - > help - > The dock is always disabled. - > - > config DOCK_NVRAM_ENABLE - > bool "Nvram" - > help - > The dock autodetection is tried only if it is also enabled - > trough nvram. - -Copyright © 2014, 2015 Leah Rowe <info@minifree.org>\ -Permission is granted to copy, distribute and/or modify this document -under the terms of the Creative Commons Attribution-ShareAlike 4.0 -International license or any later version published by Creative -Commons; A copy of the license can be found at -[../cc-by-sa-4.0.txt](../cc-by-sa-4.0.txt) - -Updated versions of the license (when available) can be found at -<https://creativecommons.org/licenses/by-sa/4.0/legalcode> - -UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE EXTENT -POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS AND -AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND -CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, IMPLIED, STATUTORY, -OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, WARRANTIES OF TITLE, -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, -ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OR ABSENCE -OF ERRORS, WHETHER OR NOT KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF -WARRANTIES ARE NOT ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT -APPLY TO YOU. - -TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE TO YOU -ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE) OR -OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, -PUNITIVE, EXEMPLARY, OR OTHER LOSSES, COSTS, EXPENSES, OR DAMAGES -ARISING OUT OF THIS PUBLIC LICENSE OR USE OF THE LICENSED MATERIAL, EVEN -IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES, -COSTS, EXPENSES, OR DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT -ALLOWED IN FULL OR IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - -The disclaimer of warranties and limitation of liability provided above -shall be interpreted in a manner that, to the extent possible, most -closely approximates an absolute disclaimer and waiver of all liability. - |