zlacker

[parent] [thread] 11 comments
1. monste+(OP)[view] [source] 2025-09-29 00:32:11
It is removable, by desoldering. This is not uncommon and Ars's sensationalized reporting does not help

This is exactly the kind of barrier you want for something with so much power over the system, otherwise you're not much better off than where you started as physical access allows for quick swaps of chips.

replies(6): >>Anthon+j1 >>throwa+7l >>Dylan1+hm >>15155+zz >>bell-c+wH >>Exotic+8P
2. Anthon+j1[view] [source] 2025-09-29 00:46:49
>>monste+(OP)
Desoldering is ridiculous. It's much more likely to damage the board, requires a much less common level of skill and doesn't allow you to check the existing data or do the reset prophylactically without performing the dangerous and expensive operation.

Meanwhile it provides no meaningful resistance against physical access because someone with physical access can swap the entire board or a dozen other things.

replies(3): >>glii+Vl >>crest+HD >>pastag+pb1
3. throwa+7l[view] [source] 2025-09-29 05:39:24
>>monste+(OP)
How many times have you removed a chip from a motherboard by desoldering?

It’s not common in modern IT, and the only time I do it myself is in the course of preserving vintage hardware

◧◩
4. glii+Vl[view] [source] [discussion] 2025-09-29 05:49:51
>>Anthon+j1
Many Supermicro server motherboards I've seen place both the BIOS flash chip and the BMC firmware flash chip in a SOIC socket, so that the flash chip can absolutely be removed without desoldering.
5. Dylan1+hm[view] [source] 2025-09-29 05:54:04
>>monste+(OP)
If you want to avoid quick swaps so it takes slightly longer to compromise, that's fair. But that means you should go with the "actual ROM" option.

And if you need to desolder to remove the malicious code, it's pretty reasonable to call it unremovable.

6. 15155+zz[view] [source] 2025-09-29 08:32:00
>>monste+(OP)
Or, you know, a $0.02 write protect switch on the motherboard.
replies(1): >>rcosti+NM
◧◩
7. crest+HD[view] [source] [discussion] 2025-09-29 09:21:22
>>Anthon+j1
Afaik the SuperMicro still uses non-BGA flash chips that can be accessed with a vampire clamp without desoldering.
8. bell-c+wH[view] [source] 2025-09-29 10:08:49
>>monste+(OP)
In theory, desoldering works. But so would scrapping & replacing all your servers after any "attacker might have gained BMC access" security incident.

You might see that as a facetious comparison. But the number of orgs which actually would desolder the chips in that circumstance is very close to the number which actually would scrap and replace. And if 99% of orgs won't actually do it when needed, then a "works in theory" method of re-securing servers is real-world useless.

◧◩
9. rcosti+NM[view] [source] [discussion] 2025-09-29 11:12:29
>>15155+zz
The switch alone does not provide security if the supply chain is compromised. I believe a malicious actor could act along this chain by setting the switch to ON and rewriting the firmware, just like they would replace a removable chip. A step in this direction has been taken by "Server Configuration Lock" (e.g. HPE) while servers are in transit
replies(1): >>sim7c0+g51
10. Exotic+8P[view] [source] 2025-09-29 11:40:26
>>monste+(OP)
Other than hobbyists and maybe some high security environments, no IT department desolders components from servers.
◧◩◪
11. sim7c0+g51[view] [source] [discussion] 2025-09-29 13:26:14
>>rcosti+NM
its not about supply chain compromise. its about device compromise.
◧◩
12. pastag+pb1[view] [source] [discussion] 2025-09-29 13:54:43
>>Anthon+j1
I have replaced thousands of flash chips on a running server farm, the guy who did the soldering had a 100% success rate in the end. My part was not perfect, so I agree it was hard but perfectly doable.
[go to top]