Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
Thinkpad T450 hardware attack / TPM protection
Thinkpad T450 hardware attack / TPM protection
Dear all,
This is my first post on the forum, so I would like to thank you for the hard work and nice information.
I am planning to purchase a Thinkpad T430 or T440 (with a preference for the T440).
I will be running GNU/Linux only, probably with a custom static kernel.
1) My first question is as regards hardware attack, especially firmware replacement.
How is Thinkpad protected against firmware replacement on hardware: keyboard, sound, hard drive, display, network, etc... ?
I am aware that UEFI secure boot should provide a minimal protection.
Can a low-privilege user run a firmware replacement tool and bypass the TPM?
In other words, is firmware protected by the TPM?
2) After purchasing a ThinkPad, can I query firmware versions to make sure these are "genuine" ?
Kind regards,
ThinkOfIt
This is my first post on the forum, so I would like to thank you for the hard work and nice information.
I am planning to purchase a Thinkpad T430 or T440 (with a preference for the T440).
I will be running GNU/Linux only, probably with a custom static kernel.
1) My first question is as regards hardware attack, especially firmware replacement.
How is Thinkpad protected against firmware replacement on hardware: keyboard, sound, hard drive, display, network, etc... ?
I am aware that UEFI secure boot should provide a minimal protection.
Can a low-privilege user run a firmware replacement tool and bypass the TPM?
In other words, is firmware protected by the TPM?
2) After purchasing a ThinkPad, can I query firmware versions to make sure these are "genuine" ?
Kind regards,
ThinkOfIt
Last edited by thinkofit on Sun Jan 08, 2017 8:15 am, edited 1 time in total.
Re: Thinkpad T430 / T440 hardware attack / TPM protection
Finally, I will probably buy a T450 a it is more recent.
How is firmware protected on the T450?
Thank you.
How is firmware protected on the T450?
Thank you.
-
- *Senior* Admin
- Posts: 7615
- Joined: Tue Apr 13, 2004 9:40 pm
- Location: San Francisco -> Florida -> Georgia
- Contact:
Re: Thinkpad T450 hardware attack / TPM protection
hello thinkofit..
good user name you chose..
and welcome to the forum..
i must admit that yours is the first i have ever heard of a firmware attack on ANY computer..
BUT it seems i have been hibernating too much..
so googling found THIS articla in infoworld magazine:
http://www.infoworld.com/article/261811 ... tacks.html
it seems such things are possible but might have to be aimed at a particular bit of hardware rather than the general population of computers..
so, your inquiry is interesting and lets see what other forum members think about this issue..
good user name you chose..
and welcome to the forum..
i must admit that yours is the first i have ever heard of a firmware attack on ANY computer..
BUT it seems i have been hibernating too much..
so googling found THIS articla in infoworld magazine:
http://www.infoworld.com/article/261811 ... tacks.html
it seems such things are possible but might have to be aimed at a particular bit of hardware rather than the general population of computers..
so, your inquiry is interesting and lets see what other forum members think about this issue..
Bill Morrow, kept by parrots & cockatoos
Sysop - forum.thinkpads.com
*
She was not what you would call refined,
She was not what you would call unrefined,
She was the type of person who kept a parrot.
~~~Mark Twain~~~
Sysop - forum.thinkpads.com
*
She was not what you would call refined,
She was not what you would call unrefined,
She was the type of person who kept a parrot.
~~~Mark Twain~~~
-
- Admin Emeritus
- Posts: 23825
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: Thinkpad T450 hardware attack / TPM protection
Intel's dirty tactics with VPro and ME are definitely an attack on/via hardware.
They allow access to your hardware from outside, even if it is switched off!
https://semiaccurate.com/2012/05/15/int ... nightmare/
https://hardware.slashdot.org/story/16/ ... t-audit-it
http://hackaday.com/2016/01/22/the-trou ... nt-engine/
They allow access to your hardware from outside, even if it is switched off!
https://semiaccurate.com/2012/05/15/int ... nightmare/
https://hardware.slashdot.org/story/16/ ... t-audit-it
http://hackaday.com/2016/01/22/the-trou ... nt-engine/
Lovely day for a Guinness! (The Real Black Stuff)
Lenovo: X240, X250, T440p, T480, M900 Tiny.
PS: the old Boardroom website is still available on the Wayback Machine.
Lenovo: X240, X250, T440p, T480, M900 Tiny.
PS: the old Boardroom website is still available on the Wayback Machine.
Re: Thinkpad T450 hardware attack / TPM protection
Thanks for all these information that I was not aware of.
I am quite surprised that the vPro extension might be an embedded system able to take control of the computer.
If this is confirmed, large companies (ex : in Energy, Banking, Automation, etc ...) are not going to like it.
We have to admit that in our world nothing is really secret for governments.
A probem arises if Chinese and Russian governments have access to these technologies.
With an electronic microscope and proper software, you can probably disassemble the code and understand how it works.
There may come a time when China and Russia may be able to break in our computers (Western I mean) in the US, France, U.-K., Germany, etc ...
Well-played Intel. This is all a mess ...
Secure platforms probably require a very limited system, using simple boards or embedded platforms.
Everything else is NOT secure.
I am quite surprised that the vPro extension might be an embedded system able to take control of the computer.
If this is confirmed, large companies (ex : in Energy, Banking, Automation, etc ...) are not going to like it.
We have to admit that in our world nothing is really secret for governments.
A probem arises if Chinese and Russian governments have access to these technologies.
With an electronic microscope and proper software, you can probably disassemble the code and understand how it works.
There may come a time when China and Russia may be able to break in our computers (Western I mean) in the US, France, U.-K., Germany, etc ...
Well-played Intel. This is all a mess ...
Secure platforms probably require a very limited system, using simple boards or embedded platforms.
Everything else is NOT secure.
-
- Similar Topics
- Replies
- Views
- Last post
-
-
Thinkpad 755 HDD reformat/factory reset
by getarest2000 » Wed Oct 18, 2023 8:30 pm » in Off-Topic Stuff - 6 Replies
- 3998 Views
-
Last post by Edward Mendelson
Fri Oct 20, 2023 9:16 am
-
-
-
Thinkpad T400 Audio issues
by Flameboi420 » Thu Oct 19, 2023 12:59 am » in ThinkPad T400/T410/T420 and T500/T510/T520 Series - 3 Replies
- 2354 Views
-
Last post by RealBlackStuff
Thu Nov 02, 2023 7:10 am
-
-
-
Thinkpad T490 not powering on
by omonim88 » Mon Oct 23, 2023 5:12 am » in ThinkPad T430-T490 / T530-T590 Series - 2 Replies
- 2419 Views
-
Last post by keithsketchley
Mon Feb 26, 2024 10:17 am
-
-
-
FS: ThinkPad T440p
by PiZzA EnGiNeEr » Tue Oct 31, 2023 3:43 pm » in Marketplace - Forum Members only - 2 Replies
- 1885 Views
-
Last post by PiZzA EnGiNeEr
Sat Nov 04, 2023 2:52 pm
-
Who is online
Users browsing this forum: No registered users and 37 guests