On 12/18/2016 03:29 PM, Nicklaus McClendon wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 12/18/2016 03:17 PM, [email protected] wrote:
Some laptops such as dell latitudes/precisions have a "master
recovery password" that is generated from the current serial number
of the laptop (so do thinkpads) "Cannot be bypassed" - well you
could always clip on a eprom writer to the chip correct? I assume
then you could force it to spill.
Entering the password on a latitude/precision then resets the
serial number and you have to re-enter it, you're now thinking that
you could simply do this to make a code that no one knows however
on the pre-boot authentication screen it helpfully provides the
current serial number.
BIOS passwords and PBA schemes are simply another layer in
security, ideally you would have both a password and a smart-card
so somebody can't simply do shoulder surfing password recovery and
then be able to steal your laptop. (Most business laptops have a
contact-smart card reader).
Yes you should switch off ME, although "Disabled" means something
different to intel than it does to you and me - it isn't really
off. If you do that you will have to blacklist intel_ips kernel
module to prevent log spam of "ME Hung"
There is a project from some coreboot developers that is able to
nerf (not remove) ME from most systems (caution - may brick your
mobo - do not perform without an external eeprom flashing device)
although of course you're still stuck with the proprietary bios and
FSP on anything recent.
I was unaware that the master recovery password existed for Thinkpads
and hadn't been able to find any sort of thing when I searched
previously, I'd be interested to see your source. The official Lenovo
help page suggests that it does not exist.
https://support.lenovo.com/us/en/documents/ht036206#super
You could clip on analysis tools, as I mentioned as "digital analysis
of the chip itself", perhaps analog analysis is more correct in this cas
e.
- --
kulinacs <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhW8ZAACgkQuXLc0JPg
MlZbnQ/9Eoc7DwTp66EaV+tOWNaCKvaP5C1x3N8ObSlvUMxn/Lphl3chrgA5yrbW
zwMhnZrBPjpzL4a7WHcAg/1tAOoo+zX1yQLXttO8TqAnnthJMgBdd0RA5fBCAccu
KAFrwqQB8y/7m1ZQtSzA+pd/JXuStqfI6Z8NXybU1BaOWq0/HMaJeplPj5ch6ZtV
4/vB7Ox9ot92QULLIbEKpBcmnBT9hSKdfSHI+LdBBZK25oYK7E8YuGe4EwPyqvYj
EFz/tKBEKAq+gvsTb7qj0L8ZyCHUSRF3YxXfTfltAaZFFcblywc3DOIEnz/Xi1un
mL/uMgb6ssqAwYUcm2CAUNIBMKhpSroPAi2J88kZq5u/ii7p50Ay+Hg8teXl1cpg
gloWsEIuFtda9O3qt7GEO/CftlX9s47PN/eZz+txZsVLucXjdKcoKy+NUUzClqzC
7RI4aOcddNzUP1Uk2Dvt/cnXuUBSq/+H5L96IhFhI6g6DzzDcZ1I6LOydOrys6bm
cWoUyvvnKEKfdxpEdTIY2aS1MtvJyqV2AZGRIDShQYwNv7v/kG1tCjD8xncUAdrF
RJ7Tvfiqsh4VQRsWmYsbuIVe8bH3s33Q3RMXEj7OXAgPWQy8QyDlwbf6/+Yhaei9
gpeDvwSq99+YyM0uQfWqW+NEIX0Xi1rlcUuIVLf+D/eGo0+qfys=
=nDod
-----END PGP SIGNATURE-----
Hmm my mistake then (if we trust what superfish lenovo says)
I had recalled someone a few years back telling me that there was one.
BTW It seems there is a ready made tool for resets
http://www.ja.axxs.net/
neato.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/fdf5979a-076b-5bb1-0dc1-89cccdd26853%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
