Build A TPM Module For Your Server

April 6, 2022 by Jenny List 60 Comments

One of the big stories surrounding the announcement of Windows 11 was that it would require support for TPM 2.0, or Trusted Platform Module, to run. This takes the form of an on-board cryptographic processor, which Microsoft claims will help against malware, but which perhaps more importantly for Redmond, can be used to enforce DRM. Part of the standard involves a hardware module, and [Zane] has built a couple of them for ASrock server motherboards.

The chip in question is the Infineon SLB9965, which with a bit of research was found to map more or less directly to the pins of the TPM socket on the motherboard. The interesting thing here lies in the background research it gives into TPMs, and furthermore the links to other resources dealing with the topic. The chances are that most readers needing a TPM will simply buy one, but all knowledge is useful when it comes to these things.

Our weekly security roundup has been keeping an eye on the use of TPMs for a while, and has even shown us some ways that people have used to bypass the modules.

Disable Intel’s Backdoor On Modern Hardware

June 16, 2020 by Bryan Cockfield 42 Comments

While the Intel Management Engine (and, to a similar extent, the AMD Platform Security Processor) continues to plague modern computer processors with security risks, some small progress continues to be made for users who value security of the hardware and software they own. The latest venture in disabling the ME is an ASRock motherboard for 8th and 9th generation Intel chips. (There is also a link to a related Reddit post about this project).

First, a brief refresher: The ME is completely removable on some computers built before 2008, and can be partially disabled or deactivated on some computers built before around 2013. This doesn’t allow for many options for those of us who want modern hardware, but thanks to a small “exploit” of sorts, some modern chipsets are capable of turning the ME off. This is due to the US Government’s requirement that the ME be disabled for computers in sensitive applications, so Intel allows a certain undocumented bit, called the HAP bit, to be set which disables the ME. Researchers have been able to locate and manipulate this bit on this specific motherboard to disable the ME.

While this doesn’t completely remove the firmware, it does halt all execution of code in a way that is acceptable for a large governmental organization, so if you require both security and modern hardware this is one of the few ways to achieve that goal. There are other very limited options as well, but if you want to completely remove the ME even on old hardware the process itself is not as straightforward as you might imagine.

Header image: Fritzchens Fritz from Berlin / CC0

Home Server Has AMD CPU And IKEA Case

November 9, 2017 by Tom Nardi 39 Comments

Readers who took part in the glory days of custom PC building will no doubt remember the stress of having to pick a case for their carefully-curated build. You may have wanted to lower the total cost a bit by getting a cheap case, but then you’d be stuck looking at some econo-box day in and day out. Plus, how do you post pictures online to boast about your latest build if there are no transparent windows and a lighting kit?

While some may have spent more time choosing their lighted case fans than their optical drive, [Miroslav Prašil] was surely not one of them. When he decided to build a new NAS for his home network, [Miroslav] decided he wanted to put all his money into the device’s internals, and house his build in a wooden storage crate from IKEA. While the low cost was certainly a major factor in the decision, it turns out the crate actually offers a decent amount of room for hardware components. As an added bonus, it doesn’t look completely terrible sitting out in the living room.

In a detailed series of posts on his blog, [Miroslav] walks us through the entire process of building what he has come to call the “NAScrate”. Wanting gigabit Ethernet and a real SATA controller, [Miroslav] went for the ASRock C70M1, a Mini-ITX board with integrated dual-core AMD processor. While not exactly a powerhouse, it will certainly wipe the floor with the fruit-inspired single board computers that so often dominate these types of builds.

To get his clearances worked out, [Miroslav] rendered the entire build in OnShape, which gave him enough confidence in his design to move on to actual construction. The build involves several 3D printed parts, most notably some clever hard drive mounting brackets which allow the drives to be stacked into a space-saving arrangement while still leaving room for airflow between them.

[Miroslav] deftly avoids any religious debates by leaving off his particular choice for software and operating system on his newly constructed NAS, but he does mention that something like FreeNAS would be a logical choice.

While this may be the first wooden one we’ve covered so far, home servers in general are a favorite project for hackers, from budget-friendly scratch builds all the way up to re-purposed enterprise hardware.