[ltp] Re: The last Thinkpad to have

Connor Behan linux-thinkpad@linux-thinkpad.org
Mon, 01 Sep 2014 18:11:49 -0400

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 17/08/14 06:01 AM, Carl-Daniel wrote:
> Am 09.08.2014 22:13 schrieb D. Hugh Redelmeier:
>> | From: Martin N <martin.n@bluebottle.com>
>> | I think it would be a good idea to compile in this thread to state w=
hat the
>> | last Thinkpad to have a certain feature.
>> At IETF last month, Linus Nordberg (of TOR) was using an x60 with core=
>> firmware replacement to decrease the chance that his system has been=20
>> compromised (by firmware or motherboard producer).
>> 	<http://www.coreboot.org/Board:lenovo/x60/Installation>
>> (He also makes hardware mods, like removing the radios and some
>> ports.)
> The T60 and T60p are supported by coreboot as well.
> Some of the later Intel-based Thinkpad models (x200,x201,x230) have
> coreboot support, but they have an auxiliary processor (called
> Management Engine, ME) with remote management capability which can't be=

> disabled and that ME runs unknown closed-source code even if coreboot i=
> installed.
> So if you're paranoid, the only Intel-based Thinkpad you can trust is a=

> T60/T60p/x60. AMD does not have a ME, but AFAIK no coreboot support for=

> an AMD-based Thinkpad exists.
>> At first he thought that he could do the same thing with my x61t but
>> then he decided it was more hairy.
>> My x61t has vPRO, whatever that actually means.
> The *61 series has a chipset not supported by coreboot, so although you=

> might be able to mod the hardware against some attacks, the firmware is=

> not trustable.
>> So: maybe the x60 generation is the last safe-ish one.
> Yes. For now, at least.
Thanks for bringing this up. I just made an article
(http://www.thinkwiki.org/wiki/Old_ThinkPad_Niches) in case Wiki users
are looking for this information.

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v2