> > The serial number, although proven by c't to be possible to switch on
> > without rebooting the machine (using a powermanagement trick), is not
>
> Processor reset, AFAIK. Not Power Management. You set the CMOS shutdown state
> byte, ask the keyboard controller to reset (or have a triple-fault) and come
> back to life. As Intel's proposal at that time was to switch off the PSN after
> the system booted, it would not have been disabled. The current way is to dis-
> able it in the BIOS, which will work.
Well, I can only base on what I've heard. The approach you describe above
will certainly work, but I have read somewhere that putting the CPU into off
mode for a short moment through power management worked too, somehow.
> > Intel's serial number disabling utility 'fixes' this security hole (or
> > backdoor?) by disabling the serial number feature repeatedly every 15
> > seconds.
>
> Oh. New to me. AFAIK, they only said it to be disabled by the BIOS.
Hmm, I think I'll have to dig the article out somewhere. I think the
BIOS way is 'fix #2' when they realized the first won't work.
> Nope, you have to change the bit in the NVRAM that says the PSN is to be
> disabled. No problem though if you know what mobo you're running on.
Yeah, both the Awards and AMIs (which are the most common) have a
NVRAM layout description in the FlashROMs, all with bit fields and menu
item texts. Piece of cake to find the right bit in this case.
Have fun,
Vojtech
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/