Richard A. Smith
richard at laptop.org
Fri May 23 15:37:36 EDT 2008
Carl-Daniel Hailfinger wrote:
> As I stated before on this list, bypassing P_THEFT is very easy. You
> don't even have to desolder the complete flash chip, one pin is
> sufficient. All of this is doable for less than $1 per laptop if you
> have access to cheap labor. $1 per laptop is _not_ expensive enough to
> be infeasible. I am very willing to publish a video tutorial of the
> procedure if you think I can't do that. The only downside would be that
> everybody then knows how to bypass P_THEFT.
If you want to tell me your procedure in private I'll be happy to review
it for you. IMHO we actually do need people to challenge what we have
done. Tis' the only real way to know.
I'm guessing the single pin you are referring the the flash write
protect pin? If so then I'll note thats actually not where the strongest
part of the link is. Very early on we also disable the ability to talk
to the io ports on the EC that make writing to the SPI flash possible.
Once they are disabled you can't talk to the EC anymore to re-enable
them. You have to reset the EC. So far we have not found a method that
circumvents that. Fire away.
Please give us the chance to fix it first if you do find something. :)
>> Contrary to your claim, initial
>> activation security is being heavily deployed and does seem to be
> A statement of security is a nice theft deterrent. This may change once
> the bad guys realize circumvention is very doable.
There's an upper bound on the usefulness of theft deterrent by
software/hardware means. If you intend to steal the laptops in bulk the
there's actually much more value in black marketing the parts rather
than the entire laptop as a laptop. If you found a good markets for the
display and the battery you could just throw the CPU board away or
desolder and resell WLAN module and the 1G nand flash chips. So there's
really not much point in making the security stronger than that threshold.
Right now to bypass the theft deterrent requires disassembly and we
think thats sufficient. Sure, in mass it will be cheap but the people
who have the resources to setup shops to do it in mass are the same
people who will do it regardless of how fancy were are.
Trying to reach that level of theft deterrent is a losing battle and
just not needed. All it would really do is frustrate the repair centers.
Richard Smith <richard at laptop.org>
One Laptop Per Child
More information about the Devel