zlacker

[parent] [thread] 3 comments
1. boreda+(OP)[view] [source] 2025-09-28 16:40:19
If they can put the jumper on the exterior it might be feasible, if its inside its out of the question if you have to unrack the chassis to change. Rolling in a server lift for an 8u thats half full of copper is not a nice process
replies(1): >>c0balt+o6
2. c0balt+o6[view] [source] 2025-09-28 17:25:56
>>boreda+(OP)
The next idea, a second oob management for the first oob managemen. A BMC for the BMC. It only does updates and maybe credential management.

Make this one simple enough and add an EPROM for it. Effectively a security chip for the oob. Extra points for secure enclave-like verified boot.

replies(2): >>wmf+Y8 >>transp+de
◧◩
3. wmf+Y8[view] [source] [discussion] 2025-09-28 17:45:42
>>c0balt+o6
The security chip for the BMC is called root of trust.
◧◩
4. transp+de[view] [source] [discussion] 2025-09-28 18:24:57
>>c0balt+o6
OpenCompute (OCP) Caliptra is an effort by hyperscalers, AMD and others to enforce a platform root of trust with OSS firmware and open silicon, mandating dual signature by server OEM and hyperscaler customer. The platform RoT is responsible for validating device firmware and OS boot, https://www.youtube.com/watch?v=p9PlCm4tLb8&t=2764s

> Often we see.. great security.. compromised by other great ideas for mgmt and other things.. starts to weaken its security posture.. want to keep Caliptra very clean [via OSS firmware transparency]

[go to top]