Difference between revisions of "Goodbios"

From Technologia Incognita
Jump to: navigation, search
Line 30: Line 30:
 
* Flash chip with coreboot
 
* Flash chip with coreboot
 
* Unsolder ethernet port (this disables Intel/AMT)
 
* Unsolder ethernet port (this disables Intel/AMT)
 +
 +
 +
''' Components '''
 +
* http://www.hmcelectronics.com/product/Pomona/5250
 +
* http://enterpoint.co.uk/products/modules/ft4232-module/
 +
 +
''' Documentation '''
 +
* http://libreboot.org/docs/howtos/x60_security.html
 +
* https://blog.patternsinthevoid.net/replacing-a-thinkpad-x60-bootflash-chip.html
 +
* http://www.coreboot.org/Thinkpad_X60s
 +
* http://libreboot.org/docs/index.html#config_x60

Revision as of 19:08, 19 October 2014

Projects
Participants
Skills Soldering, Software, hardware
Status Active
Niche Other
Purpose Fun

Idea: http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html

A commodity laptop is analyzed to identify exposed attack surfaces and is then secured on both the hardware and the firmware level against permanent modifications by malicious software as well as quick drive-by hardware attacks by evil maids, ensuring that the machine always powers up to a known good state and significantly raising the bar for an attacker who wants to use the machine against its owner.

I bought an Thinkpad x60s in order to harden it against people trying to backdoor the machine when i'm shorter than 20 minutes away from my laptop. This page will document what I have done and how you can do the same thing and not brick your system!

WARNING - THERE IS A POSSIBILITY YOU MIGHT BRICK YOUR MACHINE!

Needed:

Salvaged:

  • Modem card.
  • WIFI card
  • Motherboard Speaker

TODO:


Components

Documentation