From 95259e28ef047923258434898113d70c8e544eab Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Fri, 6 Nov 2015 22:43:29 +0000 Subject: convert documentation to texinfo --- docs/security/dock.texi | 151 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 docs/security/dock.texi (limited to 'docs/security/dock.texi') diff --git a/docs/security/dock.texi b/docs/security/dock.texi new file mode 100644 index 00000000..8595c586 --- /dev/null +++ b/docs/security/dock.texi @@ -0,0 +1,151 @@ +\input texinfo +@documentencoding UTF-8 + +@ifnottex +@paragraphindent 0 +@end ifnottex +@titlepage +@title Notes about DMA and the docking station (X60/T60) +@end titlepage + +@node Top +@top Notes about DMA and the docking station (X60/T60) + +@menu +* Notes about DMA and the docking station X60/T60:: +@end menu + +@node Notes about DMA and the docking station X60/T60 +@chapter Notes about DMA and the docking station (X60/T60) +@anchor{#notes-about-dma-and-the-docking-station-x60t60} + +@verbatim + +Use case: +--------- +Usually when people do full disk encryption, it's not really full disk, +instead they still have a /boot in clear. + +So an evil maid attack can still be done, in two passes: +1) Clone the hdd, Infect the initramfs or the kernel. +2) Wait for the user to enter its password, recover the password, +luksOpen the hdd image. + +I wanted a real full-disk encryption so I've put grub in flash and I +have the following: The HDD has a LUKS rootfs(containing /boot) on an +lvm partition, so no partition is in clear. + +So when the computer boots it executes coreboot, then grub as a payload. +Grub then opens the LUKS partition and loads the kernel and initramfs +from there. + +To prevent hardware level tempering(like reflashing), I used nail +polish with a lot of gilder, that acts like a seal. Then a high +resolution picture of it is taken, to be able to tell the difference. + +The problem: +------------ +But then comes the docking port issue: Some LPC pins are exported +there, such as the CLKRUN and LDRQ#. + +LDRQ# is "Encoded DMA/Bus Master Request": "Only needed by +peripherals that need DMA or bus mastering. Requires an +individual signal per peripheral. Peripherals may not share +an LDRQ# signal." + +So now DMA access is possible trough the dock connector. +So I want to be able to turn that off. + +If I got it right, the X60 has 2 superio, one is in the dock, and the +other one is in the laptop, so we have: + ________________ + _________________ | | +| | | Dock connector:| +|Dock: NSC pc87982|<--LPC--->D_LPC_DREQ0 | +|_________________| |_______^________| + | + | + | + | + ___________________|____ + | v | + | SuperIO: DLDRQ# | + | NSC pc87382 LDRQ# | + |___________________^____| + | + | + | + | + ___________________|___ + | v | + | Southbridge: LDRQ0 | + | ICH7 | + |_______________________| + + +The code: +--------- +Now if I look at the existing code, there is some superio drivers, like +pc87382 in src/superio/nsc, the code is very small. +The only interesting part is the pnp_info pnp_dev_info struct. + +Now if I look inside src/mainboard/lenovo/x60 there is some more +complete dock driver: + +Inside dock.c I see some dock_connect and dock_disconnect functions. + +Such functions are called during the initialisation (romstage.c) and +from the X60 SMI handler (smihandler.c). + +Questions: +---------- +1) Would the following be sufficent to prevent DMA access from the +outside: +> int dock_connect(void) +> { +> int timeout = 1000; +> + int val; +> + +> + if (get_option(&val, "dock") != CB_SUCCESS) +> + val = 1; +> + if (val == 0) +> + return 0; +> [...] +> } +> +> void dock_disconnect(void) { +> + if (dock_present()) +> + return; +> [...] +> } +2) Would an nvram option be ok for that? Should a Kconfig option be +added too? + +> config DOCK_AUTODETECT +> bool "Autodetect" +> help +> The dock is autodetected. If unsure select this option. +> +> config DOCK_DISABLED +> bool "Disabled" +> help +> The dock is always disabled. +> +> config DOCK_NVRAM_ENABLE +> bool "Nvram" +> help +> The dock autodetection is tried only if it is also enabled +> trough nvram. +@end verbatim + +Copyright © 2014, 2015 Francis Rowe @* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license can be found at @uref{../gfdl-1.3.txt,../gfdl-1.3.txt} + +Updated versions of the license (when available) can be found at @uref{https://www.gnu.org/licenses/licenses.html,https://www.gnu.org/licenses/licenses.html} + +UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + +TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + +The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability. + +@bye -- cgit v1.2.3-70-g09d2