@mkukri@mas.to

mas.to

@mkukri@mas.to

mas.to

@mkukri@mas.to · Nov 23, 2024

https://www.youtube.com/watch?v=5ihrHZpp9-E
Coreboot on the ThinkPad T480 is a very real thing now.
This is not an unfused PoC unit either, it is usable on every BootGuard fused T480, thanks to deguard.
I've also reverse engineered a significant chunk of the T480's EC firmware, and found some fun debug backdoors in there:
Hard-coded key can unlock commands to write to the EC's RAM and MMIO peripherals.
Hard-coded key to decrypt and execute user provided code on the EC.

View on mas.to

77

0

54

0

Mate Kukri

@mkukri@mas.to

mas.to

Mate Kukri

@mkukri@mas.to

mas.to

@mkukri@mas.to · Aug 31, 2024

@elly@donotsta.re How new is the new in that? T480 will be ported when I overcome general burnout and general reverse engineering induced misery https://review.coreboot.org/c/coreboot/+/83274

View on mas.to

1

0

Mate Kukri

@mkukri@mas.to

mas.to

Mate Kukri

@mkukri@mas.to

mas.to

@mkukri@mas.to · Jul 14, 2024

This weekend's platform security fail, this time courtesy of Dell.
Turns out wiring a PNP transistor between an OS controlled GPIO pin and a manufacturing security override strap is a questionable idea....
The result is write access to the firmware flash, what that can be used for is left as an exercise for the reader.

https://youtube.com/shorts/xKgmSIuisac

View on mas.to

4

0

3

0

Mate Kukri

@mkukri@mas.to

mas.to

Mate Kukri

@mkukri@mas.to

mas.to

@mkukri@mas.to · Jun 30, 2024

ThinkPad T480 coming to #coreboot

View on mas.to

2

0

1

0

Mate Kukri

@mkukri@mas.to

mas.to

Mate Kukri

@mkukri@mas.to

mas.to

@mkukri@mas.to · Jun 01, 2024

https://mkukri.xyz/2024/06/01/tpm-gpio-fail.html

In this blog post, I describe an attack I've discovered earlier this year that allows system software to forge TPM measurements on some Intel computers.

View on mas.to

8

0

9

0

Mate Kukri

Posts

Media