Desktop Profile
Mandatory Requirements
-
55cm (21") or larger display.
-
All-in-One chassis.
-
USB ports, for HID devices (e.g. keyboard and mouse).
-
GigE NIC with support for PXE (netboot) and WOL (Wake-on-LAN).
-
x86–64 CPU, although low-end is sufficient.
-
4G or more of RAM.
-
Glass fascia. Vendors are encouraged to consider the option of stronger tempered glass as some correctional facilities consider this a valuable feature.
-
Internal PSU. An external PSU is not suitable as it can be used as a flail weapon.
-
Chassis secured with Tamper-Resistant Torx (also known as Torx TR) or pin-in Torx to ensure prisoners can not gain access to the internal components.
-
Internal speakers.
-
3.5mm TRS stereo jack and TS mic, or combined TRRS audio jack.
-
No webcam. Exceptions may be made for desktops isolated in monitored rooms, for use in virtual hearings or similar.
-
No hard-drive.
-
No TV receiver.
-
No microphone.
-
No WiFi transceiver.
-
No bluetooth transceiver.
-
Any external port must provide no support for MHL, HEC, or HEAC.
-
All firmware config screens disabled. It is acceptable for the firmware to only display information such as the date and time, MAC address, etc.
-
Firmware password protection disabled. Note that common 'password protection' is insufficient to satisfy the previous requirement.
-
Traditional BIOS. We expect to support UEFI in the future. When we do, UEFI and secure boot must be configured to include only Cyber IT Solutions' public key in trusted keyring (db), and Microsoft's keys explicitly blacklisted (dbx). Cyber IT Solutions' public key available on request.
-
Permit boot from only PXE (netboot).
-
Boot must be disabled from HDD and removable media (USB, CD/DVD, etc) under all circumstances.
-
SATA AHCI enabled.
-
WoL (wake-on-LAN) enabled.
-
Firmware factory default and optimised default values equivalent to these requirements.
-
Firmware must not allow updates to be applied by removable media.
-
HDMI audio disabled.
-
NumLock off.



Valuable (non-mandatory) Features
-
No accessible mass storage slots (e.g. SD-Card reader), excepting the mandatory USB ports for HID devices. It is acceptable to leave the device disconnected from the controller.
-
Intel NIC and Intel GPU, as these are most compatible with PrisonPC.
-
Touchscreen. Vendors are encouraged to offer an optional touchscreen interface as some correctional facilities may consider this a valuable feature.
-
Optical (CD/DVD) drive. Some correctional facilities require optical drives while the policy in others is the drive be removed and a blanking plate securely installed in its place.
-
Transparent chassis, with suitable electromagnetic shielding. For high-security facilities, vendors are encouraged to consider an optional transparent chassis.
-
USB sockets provide only between 180 and 220 milliamps on all ports.