From c679b19f0b0d95f587b3836c7bf867a932d3df28 Mon Sep 17 00:00:00 2001
From: Leah Rowe <info@minifree.org>
Date: Mon, 22 Aug 2016 10:22:04 +0100
Subject: actually add the documentation directory. (I forgot git add in last
 commit)

---
 docs/security/dock.html | 190 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 190 insertions(+)
 create mode 100644 docs/security/dock.html

(limited to 'docs/security/dock.html')

diff --git a/docs/security/dock.html b/docs/security/dock.html
new file mode 100644
index 00000000..9b114ab2
--- /dev/null
+++ b/docs/security/dock.html
@@ -0,0 +1,190 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+
+	<style type="text/css">
+		@import url('../css/main.css');
+	</style>
+
+	<title>Notes about DMA and the docking station (X60/T60)</title>
+</head>
+
+<body>
+	<div class="section">
+		<h1>Notes about DMA and the docking station (X60/T60)</h1>
+	</div>
+
+	<div class="section">
+<pre>
+
+Use case:
+---------
+Usually when people do full disk encryption, it's not really full disk,
+instead they still have a /boot in clear.
+
+So an evil maid attack can still be done, in two passes:
+1) Clone the hdd, Infect the initramfs or the kernel.
+2) Wait for the user to enter its password, recover the password,
+luksOpen the hdd image.
+
+I wanted a real full-disk encryption so I've put grub in flash and I
+have the following: The HDD has a LUKS rootfs(containing /boot) on an
+lvm partition, so no partition is in clear.
+
+So when the computer boots it executes coreboot, then grub as a payload.
+Grub then opens the LUKS partition and loads the kernel and initramfs
+from there.
+
+To prevent hardware level tempering(like reflashing), I used nail
+polish with a lot of gilder, that acts like a seal. Then a high
+resolution picture of it is taken, to be able to tell the difference.
+
+The problem:
+------------
+But then comes the docking port issue: Some LPC pins are exported
+there, such as the CLKRUN and LDRQ#.
+
+LDRQ# is "Encoded DMA/Bus Master Request": "Only needed by
+peripherals that need DMA or bus mastering. Requires an
+individual signal per peripheral. Peripherals may not share
+an LDRQ# signal."
+
+So now DMA access is possible trough the dock connector.
+So I want to be able to turn that off.
+
+If I got it right, the X60 has 2 superio, one is in the dock, and the
+other one is in the laptop, so we have:
+                            ________________
+ _________________         |                |
+|                 |        | Dock connector:|
+|Dock: NSC pc87982|&lt;--LPC---&gt;D_LPC_DREQ0    |
+|_________________|        |_______^________|
+                                   |
+                                   |
+                                   |
+                                   |
+                ___________________|____
+               |                   v    |
+               | SuperIO:        DLDRQ# |
+               | NSC pc87382     LDRQ#  |
+               |___________________^____|
+                                   |
+                                   |
+                                   |
+                                   |
+                ___________________|___
+               |                   v   |
+               | Southbridge:    LDRQ0 |
+               | ICH7                  |
+               |_______________________|
+
+
+The code:
+---------
+Now if I look at the existing code, there is some superio drivers, like
+pc87382 in src/superio/nsc, the code is very small. 
+The only interesting part is the pnp_info pnp_dev_info struct.
+
+Now if I look inside src/mainboard/lenovo/x60 there is some more
+complete dock driver:
+
+Inside dock.c I see some dock_connect and dock_disconnect functions.
+
+Such functions are called during the initialisation (romstage.c) and
+from the X60 SMI handler (smihandler.c).
+
+Questions:
+----------
+1) Would the following be sufficent to prevent DMA access from the
+outside:
+&gt; int dock_connect(void)
+&gt; {
+&gt;          int timeout = 1000;
+&gt; +        int val;
+&gt; +        
+&gt; +        if (get_option(&amp;val, &quot;dock&quot;) != CB_SUCCESS)
+&gt; +                val = 1;
+&gt; +        if (val == 0)
+&gt; +                return 0;
+&gt;          [...]
+&gt; }
+>
+&gt; void dock_disconnect(void) {
+&gt; +        if (dock_present())
+&gt; +                return;
+&gt;          [...]
+&gt; }
+2) Would an nvram option be ok for that? Should a Kconfig option be
+added too?
+
+&gt; config DOCK_AUTODETECT
+&gt;         bool "Autodetect"
+&gt;         help
+&gt;           The dock is autodetected. If unsure select this option.
+>
+&gt; config DOCK_DISABLED
+&gt;         bool "Disabled"
+&gt;         help
+&gt;           The dock is always disabled.
+>
+&gt; config DOCK_NVRAM_ENABLE
+&gt;         bool "Nvram"
+&gt;         help
+&gt;           The dock autodetection is tried only if it is also enabled
+&gt; trough nvram.
+
+</pre>
+	</div>
+
+	<div class="section">
+
+		<p>
+			Copyright &copy;  2014, 2015 Leah Rowe &lt;info@minifree.org&gt;<br/>
+			Permission is granted to copy, distribute and/or modify this document
+			under the terms of the GNU Free Documentation License, Version 1.3
+			or any later version published by the Free Software Foundation;
+			with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
+			A copy of the license can be found at <a href="../gfdl-1.3.txt">../gfdl-1.3.txt</a>
+		</p>
+
+		<p>
+			Updated versions of the license (when available) can be found at
+			<a href="https://www.gnu.org/licenses/licenses.html">https://www.gnu.org/licenses/licenses.html</a>
+		</p>
+
+		<p>
+			UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
+			EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
+			AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
+			ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
+			IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
+			WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
+			PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
+			ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
+			KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
+			ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
+		</p>
+		<p>
+			TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
+			TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
+			NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
+			INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
+			COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
+			USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
+			ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
+			DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
+			IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
+		</p>
+		<p>
+			The disclaimer of warranties and limitation of liability provided
+			above shall be interpreted in a manner that, to the extent
+			possible, most closely approximates an absolute disclaimer and
+			waiver of all liability.
+		</p>
+		
+	</div>
+
+</body>
+</html>
-- 
cgit v1.2.3-70-g09d2