Some operators have taken an approach of attestation and system measurement as a means to try and combat these sorts of vectors, however, if the TPM can't read the firmware to "measure" checksum out of the inband firmware channel, i.e. access the flash directly, not what malicious byte code could reply to, then it is a little difficult to trust that mechanism. The positive is that this mainly means things like drives are the items at risk at this point. Not exactly comforting as the first firmware POC I can think of that spoofs on checking the firmware was against a SATA disk. I know some operators have brought up trying to drive their vendors into means of having an out of band mechanism to be able to check and assert these things, where in the meantime they are performing in-band flashing on upon each cleaning in hope to scrub malicious firmware in hopes of squashing any malicious user's actions. This is an approach a number of operators have publicly stated they've taken, however it requires creating your own custom hardware manager to align with the hardware you have and the firmware versions you want/expect. I think this is a good topic for the baremetal SIG to try and discuss and push forward, because as Jay said, there is no silver bullet, and most of these patterns are basically highly customized sorts of patterns and interactions based upon your environment, your hardware, and the attack vectors you're concerned about. -Julia On Wed, Dec 16, 2020 at 9:19 AM Jay Faulkner <jay.faulkner@verizonmedia.com> wrote:
I've attempted to secure physical hardware at a previous job. The primary tools we used were vendor relationships and extensive testing. There's no silver bullet to getting hardware safe against a "root" user.
Not trying to give an unhelpful answer; but outside of the groups that Jeremy linked, there's been very little innovation enabling you to secure your hardware, unless you work directly with a vendor (and have the buying power to make them listen).
- Jay Faulkner
On Tue, Dec 15, 2020 at 3:48 PM Eric K. Miller <emiller@genesishosting.com> wrote:
Hi,
We have considered ironic for deploying physical hosts for our public cloud platform, but have not found any way to properly secure the hosts, or rather, how to reset a physical host back to factory defaults between uses - such as BIOS and BMC settings. Since users (bad actors) can access the BMC via SMBus, reset BIOS password(s), change firmware versions, etc., there appears to be no proper way to secure a platform.
This is especially true when resetting BIOS/BMC configurations since this typically involves shorting a jumper and power cycling a unit (physically removing power from the power supplies - not just a power down from the BMC). Manufacturers have not made this easy/possible, and we have yet to find a commercial device that can assist with this out-of-band. We have actually thought of building our own, but thought we would ask the community first.
Thanks!
Eric