0

If I loan out laptops to my employees to work remotely, such as Dr's, Nurses and other healthcare workers that generate sensitive information on patients, how can I remotely disable the laptop's ability to power on/charge?

Are there any motherboard interfaces that can help me achieve this?

I am already encrypting both drive and swap. We use Linux only.

Would it be possible to not finish the POST process without a fingerprint or unless a GSM module checks if the machine is on CRL first?

I don't want to just make the HD/SSD unaccessible I want the person who has stolen the laptop to not be able to sell it because it just won't power up or charge, ideally not even make any of the charging LED's emit light.

So in short I want it to become a brick unless it is unlocked by me.

How can I do this remotely?

I have looked into the IPMI interface but haven't seen any concrete ways to do this yet? Are there any other interfaces that exist on motherboards that can do this?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Definity
  • 109
  • 1
  • 1
    Why not remotely wipe the device? Why is "selling" the thing you want to prevent instead of "accessing the data"? – schroeder Feb 21 '22 at 14:14
  • 1
    You have protected your data by encrypting the drive, what do you care what the thief does with it afterwards? The damage is done, the laptop is gone, your information is safe. The thief isn't going to return the laptop because they can't power it on/sell it, it'll end up in a dumpster. – Ron Beyer Feb 21 '22 at 14:20
  • I would rather it smashed up than a theif making money from it. Its not so much about protecting the data more about the prinicple of not letting the criminal getting away with it. I just want the theif to make zero money from it. Not even being able to sell it for $5 – Definity Feb 21 '22 at 15:34
  • 1
    Even if it doesn't power up, it's worth a couple bucks in parts... Better yet maybe when it turns on you take a picture with the camera and beam back the GPS location of the device, that way you can report it to the authorities, possibly recover your property, and have the thief arrested. [Software exists that does explicitly that](https://preyproject.com/). – Ron Beyer Feb 21 '22 at 15:53
  • [How can I prevent a computer from turning ON?](https://security.stackexchange.com/a/240851/118310). This should be used as a last resort like in situations when your employee with privilege access to resources is getting early release from the organization. If the storage is encrypted, revoking the password of the OS is enough to protect data. – defalt Feb 22 '22 at 07:30

0 Answers0