Re: [coreboot] Thinkpad SD card controller DMA
Hi Thomas, On 21.06.2018 22:33, Thomasheidler wrote: > Sounds like disabling the PCIe port of the device is the safest > solution. Will switching the value in the devicetree be enough or is > that too uncertain? I think, I already answered that but you lost the quote: >> If you want to be sure, find research (for exactly your platform) that >> confirms that a given method prevents DMA; or, get a programmable PCIe >> device and test it yourself. There are no shortcuts. Also worth to mention: the settings in the devicetree might only hide the PCIe port and the downstream device. Depending on your OS and the way it handles the IOMMU, that could also make things worse; e.g. the OS might only enable the IOMMU for devices it can see. Nico PS. Please, if you reply to an email, quote the part that you reply to, write your reply below the quote, make sure that your reply makes sense in the context of the quote. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Thinkpad SD card controller DMA
Sounds like disabling the PCIe port of the device is the safest solution. Will switching the value in the devicetree be enough or is that too uncertain? -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Thinkpad SD card controller DMA
On 21.06.2018 13:20, Jose Trujillo via coreboot wrote: > If you don't enable a device in devicetree the initialization routine will > not be executed. Interpretation of the devicetree on/off values depends on the chipset code. And even if the chipset code disables (or doesn't enable) some- thing, this might just mean that the device is not visible any more. Beside the IOMMU protection, there are two other options to prevent a PCI device from DMA: 1. The Bus-Master bit in the device' PCI-Command register. Though, enforcement of the bit is implementation specific. 2. Disabling the PCIe port of the chipset / bridge. If this is possible is also implementation specific. > To test just insert a SD card and use DMESG or other command to see if device > ID is found, also in device manager in Windows. Alas, a non-functioning device driver is no proof that DMA can't happen. If you want to be sure, find research (for exactly your platform) that confirms that a given method prevents DMA; or, get a programmable PCIe device and test it yourself. There are no shortcuts. Nico -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Thinkpad SD card controller DMA
If you don't enable a device in devicetree the initialization routine will not be executed. To test just insert a SD card and use DMESG or other command to see if device ID is found, also in device manager in Windows. JT. ‐‐‐ Original Message ‐‐‐ On June 21, 2018 2:06 PM, Thomasheidler via coreboot wrote: > That's what I'm thinking about, but I am not able to test a build with it > removed from the devicetree to see if that does the trick, so I was wondering > if anybody knows. > - > > coreboot mailing list: coreboot@coreboot.org > > https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Thinkpad SD card controller DMA
That's what I'm thinking about, but I am not able to test a build with it removed from the devicetree to see if that does the trick, so I was wondering if anybody knows. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Thinkpad SD card controller DMA
Hello Thomas, It is not enough just to disable it from the devicetree ? JT. ‐‐‐ Original Message ‐‐‐ On June 21, 2018 1:43 PM, Thomasheidler via coreboot wrote: > Thanks for your response and suggestions. > > Luckily I don’t need the SD card reader and would rather completely disable > it to protect against any DMA attack before the kernel initializes IOMMU. The > problem is that I don’t know how to prevent the controller from initializing > at all, short of actually desoldering the chip from the mainboard, which is > risky. > > Regarding the EC, are you aware of any working libre replacement for the EC > on any Lenovo Thinkpad? > > > - > > coreboot mailing list: coreboot@coreboot.org > > https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Thinkpad SD card controller DMA
Thanks for your response and suggestions. Luckily I don’t need the SD card reader and would rather completely disable it to protect against any DMA attack before the kernel initializes IOMMU. The problem is that I don’t know how to prevent the controller from initializing at all, short of actually desoldering the chip from the mainboard, which is risky. Regarding the EC, are you aware of any working libre replacement for the EC on any Lenovo Thinkpad? -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Thinkpad SD card controller DMA
On 06/20/2018 04:08 AM, Thomasheidler via coreboot wrote: > Hello, > > I noticed that all Lenovo Thinkpads supported by coreboot have a SD card > controller that is connected as a PCI device. I assume that the controller > runs non-free firmware from its own ROM and because it is a PCI device it > should have DMA, which seems like a security risk, right? > > If so, is there a way to prevent the SD card controller from turning on when > the computer is booted, by changing some code in the source (maybe in > devicetree.cb) or at least to stop the controller from having DMA? If you are using linux IOMMU will protect you after it is initialized (a few seconds after main kernel init) even if you don't add the device to a VM but before then you are SOL in terms of protection from a really slick hardware rootkit like one found in a cheap PCI-e card...but I have no idea if that thinkpad SD card PCI-e device has its own firmware. I asked a question like this quite a long time ago and there was a discussion on how to prevent this issue by not providing DMA access in the coreboot phase which is much more simple vs having coreboot init the IOMMU itself pre-linux. Look at my thread: [coreboot] DMA protection? [AMD-Vi] AFAIK nothing has changed since then in terms of security improvements but I would appreciate it if one of the coreboot expert squad can respond to this. Timothy Pearson from Raptor engineering was also willing to add DMA protection to coreboot under contract. I also suggest: Disabling Option ROM execution or executing them with YABEL. Looking in to the a libre EC replacement such as origami-ec and replacing your EC firmware with a "clean" fresh one from a lenovo update directly without using their update tool (which does a variety of things to it such as adding your serial number) which can be done on various models internally so you don't have to connect an external cable. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
