Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They do that so people with hundreds of servers do not have to spend days in the server room with thumb drives, individually booting servers to flash the BIOS. There is HUGE demand for the ability to do remote BIOS updates over a management network. Now how is the BMC supposed to know whether the network is appropriately secure before accepting those updates?


The network shouldn't ever be considered appropriately secure - always treat the network as hostile, and install the updates iff you can be sure that you have received the proper data (with appropriate signatures) over the untrusted network.


You should never trust the network; firmware updates should have to be cryptographically signed and validated against a pinned certificate to be accepted.


The only "good" answer to whether the BMC is supposed to know whether the management network is "secure" would be a song and dance like 802.1x and any authentication configured on top of that, before even allowing you to submit an image for flashing, let alone trying to verify it.

(You could argue that the existence of good signature verification on the images is often sufficient, but if you have an older BIOS that's signed but has an exploit vector, you could still make use of that if you had unfettered access other than the signature checking.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: