15 Jul
2019
15 Jul
'19
9:15 p.m.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, July 15, 2019 1:45 PM, Trammell Hudson hudson@trmm.net wrote:
There are several ways to lock the flash. Two are "permanent":
This is what I'm worried about. I dont want to break anything by preventing any future flashing. I just want to prevent internal flashing.
In any event, the x220 does not have Bootguard, so a proximate attacker could rewrite the flash chip contents with an external programmer regardless of these protections. Hopefully that is compatible with your threat model.
This does not matter. I have physical tamper detection on the computer. So even if someone did use an external flasher I would detect it.