-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/18/2016 03:17 PM, [email protected] wrote: > Some laptops such as dell latitudes/precisions have a "master > recovery password" that is generated from the current serial number > of the laptop (so do thinkpads) "Cannot be bypassed" - well you > could always clip on a eprom writer to the chip correct? I assume > then you could force it to spill. > > Entering the password on a latitude/precision then resets the > serial number and you have to re-enter it, you're now thinking that > you could simply do this to make a code that no one knows however > on the pre-boot authentication screen it helpfully provides the > current serial number. > > BIOS passwords and PBA schemes are simply another layer in > security, ideally you would have both a password and a smart-card > so somebody can't simply do shoulder surfing password recovery and > then be able to steal your laptop. (Most business laptops have a > contact-smart card reader). > > > Yes you should switch off ME, although "Disabled" means something > different to intel than it does to you and me - it isn't really > off. If you do that you will have to blacklist intel_ips kernel > module to prevent log spam of "ME Hung" > > There is a project from some coreboot developers that is able to > nerf (not remove) ME from most systems (caution - may brick your > mobo - do not perform without an external eeprom flashing device) > although of course you're still stuck with the proprietary bios and > FSP on anything recent. > I was unaware that the master recovery password existed for Thinkpads and hadn't been able to find any sort of thing when I searched previously, I'd be interested to see your source. The official Lenovo help page suggests that it does not exist. https://support.lenovo.com/us/en/documents/ht036206#super You could clip on analysis tools, as I mentioned as "digital analysis of the chip itself", perhaps analog analysis is more correct in this cas e.
- -- kulinacs <[email protected]> -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhW8ZAACgkQuXLc0JPg MlZbnQ/9Eoc7DwTp66EaV+tOWNaCKvaP5C1x3N8ObSlvUMxn/Lphl3chrgA5yrbW zwMhnZrBPjpzL4a7WHcAg/1tAOoo+zX1yQLXttO8TqAnnthJMgBdd0RA5fBCAccu KAFrwqQB8y/7m1ZQtSzA+pd/JXuStqfI6Z8NXybU1BaOWq0/HMaJeplPj5ch6ZtV 4/vB7Ox9ot92QULLIbEKpBcmnBT9hSKdfSHI+LdBBZK25oYK7E8YuGe4EwPyqvYj EFz/tKBEKAq+gvsTb7qj0L8ZyCHUSRF3YxXfTfltAaZFFcblywc3DOIEnz/Xi1un mL/uMgb6ssqAwYUcm2CAUNIBMKhpSroPAi2J88kZq5u/ii7p50Ay+Hg8teXl1cpg gloWsEIuFtda9O3qt7GEO/CftlX9s47PN/eZz+txZsVLucXjdKcoKy+NUUzClqzC 7RI4aOcddNzUP1Uk2Dvt/cnXuUBSq/+H5L96IhFhI6g6DzzDcZ1I6LOydOrys6bm cWoUyvvnKEKfdxpEdTIY2aS1MtvJyqV2AZGRIDShQYwNv7v/kG1tCjD8xncUAdrF RJ7Tvfiqsh4VQRsWmYsbuIVe8bH3s33Q3RMXEj7OXAgPWQy8QyDlwbf6/+Yhaei9 gpeDvwSq99+YyM0uQfWqW+NEIX0Xi1rlcUuIVLf+D/eGo0+qfys= =nDod -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f7c5e8c9-7a04-e0f5-5857-6ff59179c015%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
