[ltp] The last Thinkpad to have
Carl-Daniel Hailfinger
linux-thinkpad@linux-thinkpad.org
Sat, 16 Aug 2014 18:18:41 +0200
Am 09.08.2014 22:13 schrieb D. Hugh Redelmeier:
> | From: Martin N <martin.n@bluebottle.com>
>
> | I think it would be a good idea to compile in this thread to state what the
> | last Thinkpad to have a certain feature.
>
> At IETF last month, Linus Nordberg (of TOR) was using an x60 with coreboot
> firmware replacement to decrease the chance that his system has been
> compromised (by firmware or motherboard producer).
> <http://www.coreboot.org/Board:lenovo/x60/Installation>
> (He also makes hardware mods, like removing the radios and some
> ports.)
The T60 and T60p are supported by coreboot as well.
Some of the later Intel-based Thinkpad models (x200,x201,x230) have
coreboot support, but they have an auxiliary processor (called
Management Engine, ME) with remote management capability which can't be
disabled and that ME runs unknown closed-source code even if coreboot is
installed.
So if you're paranoid, the only Intel-based Thinkpad you can trust is a
T60/T60p/x60. AMD does not have a ME, but AFAIK no coreboot support for
an AMD-based Thinkpad exists.
> At first he thought that he could do the same thing with my x61t but
> then he decided it was more hairy.
>
> My x61t has vPRO, whatever that actually means.
The *61 series has a chipset not supported by coreboot, so although you
might be able to mod the hardware against some attacks, the firmware is
not trustable.
> So: maybe the x60 generation is the last safe-ish one.
Yes. For now, at least.
Regards,
Carl-Daniel