zlacker

[return to "Supermicro server motherboards can be infected with unremovable malware"]
1. holler+eTa[view] [source] 2025-09-28 15:59:57
>>zdw+(OP)
People like to criticize secure boot around here, but it prevents these kinds of infections (provided of course there are no vulnerabilities in the implementation of secure boot).

Yes, in theory it is possible to prevent these kinds of infections without resorting to secure boot (e.g., by insisting that all the suppliers of components of the motherboard start designing components that cannot be pwned) but so far all the computers you have actually been able to buy that are immune to these kinds of infections achieve that immunity with secure-boot technology.

◧◩
2. amluto+TWa[view] [source] 2025-09-28 16:21:27
>>holler+eTa
Can you please explain how Secure Boot helps at all to mitigate this type of attack? I don’t see how it makes it harder to execute the attack, and I don’t see how it has any particular effect on the capabilities of the attack once executed. To the contrary, a BMC compromise of this sort seems like it should be able to arbitrarily override secure boot settings.

It seems to me that, in this situation, secure boot’s only role is to provide a false sense of security, which could make recovery from the attack less likely.

In contrast, verified boot might somewhat mitigate the damage from being able to use the BMC to write arbitrary data to the SPI flash chip. Emphasis on might — at best I expect that it would require an attacker to be a bit more creative in how they design their exploit payload.

◧◩◪
3. cybera+Eyb[view] [source] 2025-09-28 20:53:26
>>amluto+TWa
> Can you please explain how Secure Boot helps at all to mitigate this type of attack?

Secure boot can include the hash of the firmware, computed by the root-of-trust that can't be tampered with by this attack. So the exploit will make the keys stored in the TPM inaccessible.

This will make the tampering conspicuous, at least.

◧◩◪◨
4. bri3d+t8c[view] [source] 2025-09-29 03:38:12
>>cybera+Eyb
I agree in general; PCRs provide some basic degree of protection against this. Unfortunately, the position these management controllers are in often grants memory access, which renders all of the boot measurement type security methods useless. Even if it doesn't, there's also the notion that an attacker will replace the firmware from the very start with one that fakes the PCR hashes which are sent to the TPM. Unfortunately, this isn't really very hard with most UEFI implementations.
[go to top]