zlacker

[return to "Supermicro server motherboards can be infected with unremovable malware"]
1. iberat+yVa[view] [source] 2025-09-28 16:13:37
>>zdw+(OP)
Business idea: eprom based firmware
◧◩
2. nine_k+0Ya[view] [source] 2025-09-28 16:28:20
>>iberat+yVa
And put the EPROM in a socket, like it's 1987?

Some motherboards just have a physical jumper that prevents BIOS flashing. This happens infrequently enough as to warrant it for one server, or 10 servers, or maybe 100 servers. Likely unpractical for 1000 servers though.

◧◩◪
3. boreda+SZa[view] [source] 2025-09-28 16:40:19
>>nine_k+0Ya
If they can put the jumper on the exterior it might be feasible, if its inside its out of the question if you have to unrack the chassis to change. Rolling in a server lift for an 8u thats half full of copper is not a nice process
◧◩◪◨
4. c0balt+g6b[view] [source] 2025-09-28 17:25:56
>>boreda+SZa
The next idea, a second oob management for the first oob managemen. A BMC for the BMC. It only does updates and maybe credential management.

Make this one simple enough and add an EPROM for it. Effectively a security chip for the oob. Extra points for secure enclave-like verified boot.

◧◩◪◨⬒
5. transp+5eb[view] [source] 2025-09-28 18:24:57
>>c0balt+g6b
OpenCompute (OCP) Caliptra is an effort by hyperscalers, AMD and others to enforce a platform root of trust with OSS firmware and open silicon, mandating dual signature by server OEM and hyperscaler customer. The platform RoT is responsible for validating device firmware and OS boot, https://www.youtube.com/watch?v=p9PlCm4tLb8&t=2764s

> Often we see.. great security.. compromised by other great ideas for mgmt and other things.. starts to weaken its security posture.. want to keep Caliptra very clean [via OSS firmware transparency]

[go to top]