zlacker

> It should be the case that even administrator access should not be abusable to implant permanent backdoors.

It's really the "permanently" which is the design flaw. Boards should have a mechanism to recover from bad firmware, and the same mechanism is useful to recover from a bad flash.

Make the flash chip removable, or leave a JTAG. Or have a bit of actual ROM with the write lines not even connected and just enough of a firmware to be able to reflash the main one.

>>Anthon+(OP)
It is removable, by desoldering. This is not uncommon and Ars's sensationalized reporting does not help

This is exactly the kind of barrier you want for something with so much power over the system, otherwise you're not much better off than where you started as physical access allows for quick swaps of chips.

>>monste+cx
Desoldering is ridiculous. It's much more likely to damage the board, requires a much less common level of skill and doesn't allow you to check the existing data or do the reset prophylactically without performing the dangerous and expensive operation.

Meanwhile it provides no meaningful resistance against physical access because someone with physical access can swap the entire board or a dozen other things.

>>monste+cx
How many times have you removed a chip from a motherboard by desoldering?

It’s not common in modern IT, and the only time I do it myself is in the course of preserving vintage hardware

>>Anthon+vy
Many Supermicro server motherboards I've seen place both the BIOS flash chip and the BMC firmware flash chip in a SOIC socket, so that the flash chip can absolutely be removed without desoldering.

>>monste+cx
If you want to avoid quick swaps so it takes slightly longer to compromise, that's fair. But that means you should go with the "actual ROM" option.

And if you need to desolder to remove the malicious code, it's pretty reasonable to call it unremovable.

>>Anthon+(OP)
The EFI firmware flasher or some other method needs to be able to erase and flash the entirety of BMC/SOC/BIOS ROMs from a trusted environment not dependent on a potentially-infected APT BIOS. Perhaps the SD card slot on many Supermicro boards and/or certain USB port should be able to flash a bricked BIOS & BMC just like some of the Asrock boards can flash themselves without booting using an additional button-holding sequence.

>>monste+cx
Or, you know, a $0.02 write protect switch on the motherboard.

>>Anthon+vy
Afaik the SuperMicro still uses non-BGA flash chips that can be accessed with a vampire clamp without desoldering.

>>monste+cx
In theory, desoldering works. But so would scrapping & replacing all your servers after any "attacker might have gained BMC access" security incident.

You might see that as a facetious comparison. But the number of orgs which actually would desolder the chips in that circumstance is very close to the number which actually would scrap and replace. And if 99% of orgs won't actually do it when needed, then a "works in theory" method of re-securing servers is real-world useless.

>>15155+L61
The switch alone does not provide security if the supply chain is compromised. I believe a malicious actor could act along this chain by setting the switch to ON and rewriting the firmware, just like they would replace a removable chip. A step in this direction has been taken by "Server Configuration Lock" (e.g. HPE) while servers are in transit

>>monste+cx
Other than hobbyists and maybe some high security environments, no IT department desolders components from servers.

>>rcosti+Zj1
its not about supply chain compromise. its about device compromise.

>>Anthon+vy
I have replaced thousands of flash chips on a running server farm, the guy who did the soldering had a 100% success rate in the end. My part was not perfect, so I agree it was hard but perfectly doable.