On Thursday, January 19, 2017 at 7:28:12 AM UTC-6, qma ster wrote:
> четверг, 19 января 2017 г., 12:16:12 UTC+3 пользователь qmast...@gmail.com 
> написал:
> > четверг, 19 января 2017 г., 7:08:46 UTC+3 пользователь Asterysk написал:
> > > On Thursday, 19 January 2017 03:04:32 UTC+4, tai...@gmx.com  wrote:
> > > > As always physical access is a checkmate situation, you need to not be 
> > > > an idiot and don't leave your stuff in overseas hotel rooms or not have 
> > > > secure locks on your door.
> > > 
> > > Unless USB port seals (e.g. 
> > > http://www.padjack.com/padjack-versions/usb-port-lock/) are put in place 
> > > as soon as the laptop is removed from the manufacturers box it is 
> > > impossible to know whether someone has installed a device that has in 
> > > turn infected firmware. A similar situation for any DMA access ports 
> > > (Thunderbolt etc) 
> > > 
> > > I'm interested in being able to take a possibly infected laptop (i.e. 
> > > infected with firmware malware) and reset it to a known safe starting 
> > > point. Coreboot seems to handle the BIOS (thank you for clarification 
> > > that it completely rewrite legacy and UEFI). Replacing the HD with a new 
> > > SSD should handle that firmware attack vector. That leaves the other 
> > > EEPROMS.
> > > 
> > > I figure, if I'm going to strip down my G505S to reflash with Coreboot, I 
> > > should see what other EEPROMs I can reflash.
> > > 
> > > Apart from the obvious RAM and SSD upgrade and possible putting switches 
> > > on peripherals, are there any other hardware mods you can suggest for the 
> > > G505S.
> > > 
> > > Having sorted out the hardware, I am then going to be looking to use 
> > > Qubes to protect against any attempts to reflash through Malware and 
> > > after thats done, I'll be looking for ways to detect that any attack is 
> > > being attempted.
> > > 
> > > All in all I think I've got about a years work ahead !
> > 
> > To reduce the number of "EEPROMs" you could disconnect: a touch pad, DVD 
> > drive, web camera ; Maybe also a small board with LS-9901P part number 
> > (dont confuse with LA-9901P), see its' google pictures online - and 
> > according to G505S laptop's LA-A091P motherboard datasheet (which also 
> > contains a datasheet for laptop's smaller boards) this board has a Realtek 
> > chip for card reader. By the way, you could either find out what lines of 
> > flex cable the card reader is using, and install a custom jumper on them ; 
> > or maybe get a flex cable with the same number of pins / same pitch between 
> > them , find (from datasheet?) what lines that lonely USB port is using to 
> > get to Bolton-M3 FCH, get a USB female header and solder a custom adapter 
> > which adds only a USB port to laptop (so no card reader chip). Probably the 
> > hardest thing to do is to disconnect a web camera - you will need to tear 
> > down a screen which is quite risky. BTW screen also contains the internal 
> > reprogrammable memory (e.g. for storing EDID), and a malicious firmware 
> > could cause screen to transfer information through electromagnetic impulses 
> > (TEMPEST? - http://www.surasoft.com/articles/tempest.php )
> > 
> > Actually it is possible to remove a motherboard with CPU, CPU Fan, 
> > Heatsink, Power Jack Wire, and Power Button Board attached (could make a 
> > custom power button adapter with huge convenient buttons!) and create a 
> > custom case for all this stuff. If you are lucky you could find someone 
> > selling a used G505S with broken screen for very cheap price, and do that. 
> > This way you avoid webcam, screen, dvd drive, touchpad, card reader chip, 
> > and internal keyboard (see below why)
> > 
> > Maybe don't need to seal the USB ports yet: it not just seriously reducing 
> > the usability of this laptop, but also makes it impossible to connect a USB 
> > keyboard. Maybe you would prefer that, when you type, your keystrokes are 
> > going through external keyboard's USB controller, rather than through 
> > laptop's Embedded Controller KB9012 which has a closed source firmware and 
> > controls PS/2-like laptop's internal keyboard. You could make your own open 
> > hardware USB keyboard with open source firmware, and using it will be 
> > slightly safer (and slightly less convenient) than laptop's internal one
> > 
> > Also, another possible hardware mod (not related to security) - instead of 
> > DVD drive you could install a fan for extra cooling, see 
> > http://forum.notebookreview.com/threads/10mm-5v-cooler-instead-of-laptops-dvd-slimline-sata.797064/
> >  . Although dont know if it worth it, because some really great external 
> > USB coolers are available - 
> > https://www.aliexpress.com/item/Mini-LCD-Vacuum-USB-Cooler-Air-Extracting-Cooling-Fan-Turbo-Radiator-Low-Noise-Desgin-for-Laptop/32231641439.html
> Please read a message above... If we are talking about the motherboard, main 
> board of this laptop : aside from 4MB BIOS flash chip and 128KB EC KB9012's 
> internal memory, I am not aware about any other "EEPROMs" on this board which 
> could be reflashed and how to reflash them. Well, there is probably a CMOS 
> memory somewhere, but I dont know where it is located and dont know how to 
> access (nvramcui payload gives an opportunity to change some values, but 
> doesn't have a feature to show the full dump) . If you could notice new 
> memories, or know how to read/write CMOS memory and where its located, please 
> tell !
> Full summary of what I did to my G505S to this moment:
> 1) Erase a BIOS chip and flash it with coreboot - 
> http://dangerousprototypes.com/docs/Flashing_a_BIOS_chip_with_Bus_Pirate . 
> For a BIOS image you could either:
> *) build your own - it will be slightly newer, but without some goodies like 
> KolibriOS and FILO bootloader, plus some of my small improvements like a 
> newer version of tetris TINT payload (fixes two buffer overflows), enabled 
> USB keyboard for some payloads, and (probably??) improved discrete GPU 
> handling? <--- rarely play computer games, so didnt had a chance to test yet, 
> so cant notice the difference
> *) get my BIOS image from here, from an archive attached to forum post (SHA1 
> checksums provided in post) - http://board.kolibrios.org/viewtopic.php?t=3446 
> , could use google translate. Everything what I did while building a 
> coreboot, all the modifications to coreboot's source code, all the steps are 
> completely described in a great detail under spoilers. Sorry for that 
> inconvenience, honestly I tried to commit my changes to coreboot - tried to 
> contribute and also to avoid the need of manual work the next time I clone 
> the latest version of their official repository -- but it is so hard to get 
> your commit accepted, and gerrit is very inconvenient, I tried several times 
> and no luck, only wasted a lot of time! Proof of my painful experiences - 
> https://review.coreboot.org/#/c/17439/ , 
> https://review.coreboot.org/#/c/17505/ , 
> https://review.coreboot.org/#/c/17506/ , 
> https://review.coreboot.org/#/c/17507/
> Small advantage of my build is that (almost) all the parts of it have been 
> done on this laptop with open source BIOS and under free-as-in-freedom 
> Trisquel GNU/Linux OS (the only part which was done on another computer is a 
> FILO bootloader, it failed to compile under Trisquel x86_64 OS , so I had to 
> use my old laptop with Xubuntu 16.04.1 i386 - by the way its' 10 years old 
> BIOS contains a Computrace tracking malware - 
> https://www.absolute.com/en/about/persistence - although it has never been 
> activated on this old laptop and in any case doesn't work with Linux, if you 
> are more worried than me - this coreboot archive also contains a version 
> without FILO)
> If you choose to flash my coreboot build, please tell when you have prepared 
> all the necessary tools for flashing, I can quickly put the latest KolibriOS 
> daily build to coreboot BIOS image and share it with you. KolibriOS has lots 
> of great features, also could create RamDisks and manage them, beautiful!
> 2) Erase KB9012 internal memory and flash it with a "clean" KB9012 firmware, 
> without serial numbers and other personally identifying info - 
> http://dangerousprototypes.com/docs/Flashing_KB9012_with_Bus_Pirate . Where I 
> got this "clean" KB9012 firmware? Extracted it from the latest 3.0 BIOS 
> update by Lenovo - open their WinVALGC300.bin in hex editor, found 
> $_IFLASH_EC_IMG_ near 424020 Hex offset, then - starting with 424020 Hex 
> offset, cut 128KB (131072 bytes) into a new file - that is EC firmware now. 
> You could either repeat it all by yourself, or download a clean image from 
> here - https://www.datafilehost.com/d/d9e9758c (SHA1 should be = 
> 56c0bc9e89bc95ae0195caaf32b32f2abefc9d9e , unselect "download with secure 
> manager" (if you see it) below a grey Download button before clicking
> 3) Replace pre-installed broadcom wifi adapter (which requires proprietary 
> closed source drivers) with Atheros AR9462 which has open source drivers, 
> 2.4GHz, 5.0GHz and Bluetooth - costs less than $10 at AliExpress or eBay . 
> The only downside that it becomes slightly more difficult to connect the 
> antenna wires to this card, because of that additional metal rectangular 
> (will need to spend a couple of minutes to carefully align the wires to fit 
> them properly)
Would it be a bad idea to run a PCIe SSD off of this instead of the WiFi card?

> 4) Replace pre-installed thermal paste (which is similar to a tooth paste XD) 
> with Gelid GC-Extreme <--- probably the greatest non conductive thermal 
> paste, and almost as good as liquid metal from those comparison tables I've 
> seen online
> 5) Install 16 GB of 1600MHz SODIMM DDR3 (or DDR3L 1.35V low voltage) RAM with 
> low quick timings for the best Qubes experience - should be CL9 timings; 
> avoid CL11 because it sucks (1600MHz of CL11 is almost the same as 1333MHz 
> CL9) . Costs about $100 but you better get this RAM upgrade as soon as 
> possible: the supplies of these "gamer's DDR3 laptop RAM" are running out 
> while the manufacturers are switching their high end offers to DDR4, and 
> after some time you will not be able to find 16GB RAM upgrade with good 
> frequency/timings (I am sure because the same stuff happened to DDR2)
> From 1600MHz CL9 SO-DIMMs, I think there are three possible cases of CL9 
> timings: 9-9-9-24 Crucial Ballistix Sport, Patriot Viper, Corsair Vengeance 
> (failed memtest so returned, maybe Corsair has a higher failure rate) ; 
> 9-9-9-27 Kingston HyperX ; 9-9-9-28 G.SKILL Ripjaws . It is the best if you 
> get those with 9-9-9-24, but could be difficult because Kingston flooded a 
> market with their 9-9-9-27 which cost slightly cheaper but also slightly 
> slower. G.SKILL is the worst, dont know why these guys From all these, 
> Patriot Viper is probably the best because it has two aluminium heatspreaders 
> , while Crucial Ballistix Sport - only one heatspreader, and I think that 
> Kingston just using "aluminium stickers" not a real heatspreader. BTW any of 
> those heatspreaders are quite thin (maybe extra 1mm) , so no installation 
> problems
Would 1866MHz @ CL10 be as good/better?

> P.S. also keep in mind that after Qubes 3.2 installation you will need to 
> repair MBR because its corrupted out-of-the-box (probably everyone is using 
> UEFI computers with Qubes, and nobody have noticed this bug) - more 
> information here 
> https://groups.google.com/d/msg/qubes-users/TS1zfKZ7q8w/JQFkVF4xBgAJ

I just ordered a G505S and several of these upgrades and I'm excited to try 
flashing coreboot and getting Qubes going on it.  Thanks for all the tips/help.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to