[ltp] Can you trust your firmware?

[Henrique de Moraes Holschuh]

On Tue, 19 Feb 2008, Theodore Tso wrote:
> On Tue, Feb 19, 2008 at 10:29:46AM -0300, Henrique de Moraes Holschuh wrote:
> > You can't have any.  A BIOS in SMI mode can do anything it wants, and the OS
> > won't even know it happened.
> > 
> > If you need that level of confidence, you will have to get someone to design
> > an open-BIOS laptop.
> 
> And if you had better design your own keyboard controller from scratch
> as well, lest someone design in a JitterBug into the laptop:
> 
>    http://www.usenix.org/events/sec06/tech/shah/shah_html/index.html

Well, laptops usually don't HAVE a KDC, since you just get an ACPI EC that
can also do the KDC IO.

i.e. the KDC is just more software running inside the EC.  The ThinkPads
have a Renesas uC with three LPCIO channels (KDC-style, ACPI-style, and an
extra one which HDAPS and SBS uses, see tp_smapi) and no KDC chip, for
example.

> How hard would it be to have the Chinese Secret Service sneak this
> functionality into the keyboard controllers?

Into a old-style KDC chip it would be ridiculously easy.  Into a SuperIO
chip, I have my doubts (LPC channel does a lot more than just carry KDC
stuff) -- but you can always just do it to the keyboard itself, hidden
inside the serial-IO connector.

Into a ThinkPad keyboard, which is just a matrix connected through a ribbon
cable to a microcontroller that has the KDC functions defined in software
which is field-upgradeable?  It could be extremely easy, or extremely hard,
depending only on how trustworthy your source for EC firmware binaries is :)

Adding a jitterbug to the LPCIO channel of the Renesas uC itself would be
extremely hard, I think.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh