zlacker

[return to "Supermicro server motherboards can be infected with unremovable malware"]
1. kj4ips+FVa[view] [source] 2025-09-28 16:14:13
>>zdw+(OP)
Do we know if this is also the case for other systems that use Aspeed/ami BMCs, or if the key pair in question is exclusive to SM?
◧◩
2. buildb+90b[view] [source] 2025-09-28 16:41:10
>>kj4ips+FVa
Yes it is.

Supermicro is one of the only vendors that tries to prevent this attack at all through RoT.

Other vendors you can flash whatever unsigned firmware you want. It’s very useful for adding in microcode for intel engineering samples, or malware…

◧◩◪
3. gpapil+lKc[view] [source] 2025-09-29 11:36:42
>>buildb+90b
This is not true. Almost all firmware is signed by every vendor, and there are standards from Intel and amd on implementation of code signing.

Look up Intel pfr.

◧◩◪◨
4. buildb+4ld[view] [source] 2025-09-29 15:05:41
>>gpapil+lKc
Signed ≠ enforced.

At least for 4677 Intel stuff, gigabyte & HP and others let you modify the firmware and flash it.

◧◩◪◨⬒
5. kj4ips+1Mf[view] [source] 2025-09-30 11:10:24
>>buildb+4ld
HPE at least makes you flip a DIP switch, otherwise it complains loudly and halts.
[go to top]