[ltp] Re: The last Thinkpad to have
Connor Behan
linux-thinkpad@linux-thinkpad.org
Mon, 01 Sep 2014 18:11:49 -0400
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--09g7fNFair4qL6heVDdGpBD7BUMwEVQQN
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 17/08/14 06:01 AM, Carl-Daniel wrote:
>
> Am 09.08.2014 22:13 schrieb D. Hugh Redelmeier:
>> | From: Martin N <martin.n@bluebottle.com>
>>
>> | I think it would be a good idea to compile in this thread to state w=
hat the
>> | last Thinkpad to have a certain feature.
>>
>> At IETF last month, Linus Nordberg (of TOR) was using an x60 with core=
boot=20
>> firmware replacement to decrease the chance that his system has been=20
>> compromised (by firmware or motherboard producer).
>> <http://www.coreboot.org/Board:lenovo/x60/Installation>
>> (He also makes hardware mods, like removing the radios and some
>> ports.)
> The T60 and T60p are supported by coreboot as well.
>
> Some of the later Intel-based Thinkpad models (x200,x201,x230) have
> coreboot support, but they have an auxiliary processor (called
> Management Engine, ME) with remote management capability which can't be=
> disabled and that ME runs unknown closed-source code even if coreboot i=
s
> installed.
>
> So if you're paranoid, the only Intel-based Thinkpad you can trust is a=
> T60/T60p/x60. AMD does not have a ME, but AFAIK no coreboot support for=
> an AMD-based Thinkpad exists.
>
>
>> At first he thought that he could do the same thing with my x61t but
>> then he decided it was more hairy.
>>
>> My x61t has vPRO, whatever that actually means.
> The *61 series has a chipset not supported by coreboot, so although you=
> might be able to mod the hardware against some attacks, the firmware is=
> not trustable.
>
>> So: maybe the x60 generation is the last safe-ish one.
> Yes. For now, at least.
Thanks for bringing this up. I just made an article
(http://www.thinkwiki.org/wiki/Old_ThinkPad_Niches) in case Wiki users
are looking for this information.
--09g7fNFair4qL6heVDdGpBD7BUMwEVQQN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUBO8sAAoJENU6BEW0eg2rwR4IAIp/Hg1oAUhtek+DF9Nt2j79
GPw6nP0ngrcnvn86lC7NdNcnAFDrh3OB3c5ji4R5DC/TcpmK6HR2Qo3GBFFA5pV7
Xbi3e0HMYRe2pj14owJtReTeqLwKRqjXyB8KkI48HZeUMhN/qCVf37JtbcDBXj7R
MOtnn4XiB7d5hK9JnrOYJOufT/eA2Wf/7S32l7DjeJ6rWCTEutRDzhTmvXYPmq2H
BIozhd6o+yh8Qo6fyg/hi2qmGWhRh+aDEZiCp5VoC2DPNxDxh2BMNbLkWJvY19qB
mMSmzph56UvCkW7ReRkCOS2p2AIp+FoCLbzxc162zVTYwnk7SyAcSkHRyTt8vtk=
=URbr
-----END PGP SIGNATURE-----
--09g7fNFair4qL6heVDdGpBD7BUMwEVQQN--