On Wed, Dec 16, 2020 at 9:33 AM Eric K. Miller <emiller@genesishosting.com> wrote:
I've attempted to secure physical hardware at a previous job. The primary tools we used were vendor relationships and extensive testing. There's no silver bullet to getting hardware safe against a "root" user.
Not trying to give an unhelpful answer; but outside of the groups that Jeremy linked, there's been very little innovation enabling you to secure your hardware, unless you work directly with a vendor (and have the buying power to make them listen). - Jay Faulkner
Thanks Jay! I suspected as much. It does seem that there is likely a big market for this - an out-of-band device/PCI card that can assist with initiating re-flashing, power management (outside of the switchable power supplies), and jumper changes. I was a bit shocked that it didn't exist. I thought SMC would have built something like this into their SuperBlade systems, but their chassis-level BMC reset functions simply use the network to connect to the blades' BMCs, which isn't too helpful when the user changes the IP address of the BMC… ugh.
Eric
I think in the SMC case, it is kind of designed that way to always trust the user. I think the IPMI inband interface can be disabled on some vendors' gear, which would definitely help. However in the SMC case, if memory serves to reset the bmc to factory default you do have to move the jumper, reset power, reset the bmc password via an in-operating system tool and reset addressing via the bios. :\