[E] [ironic] Securing physical hosts in hostile environments
juliaashleykreger at gmail.com
Wed Dec 16 18:06:28 UTC 2020
On Wed, Dec 16, 2020 at 9:33 AM Eric K. Miller
<emiller at genesishosting.com> wrote:
> > I've attempted to secure physical hardware at a previous job. The primary tools we used were vendor relationships and extensive testing. There's no silver bullet to getting hardware safe against a "root" user.
> > Not trying to give an unhelpful answer; but outside of the groups that Jeremy linked, there's been very little innovation enabling you to secure your hardware, unless you work directly with a vendor (and have the buying power to make them listen).
> > -
> > Jay Faulkner
> Thanks Jay! I suspected as much. It does seem that there is likely a big market for this - an out-of-band device/PCI card that can assist with initiating re-flashing, power management (outside of the switchable power supplies), and jumper changes. I was a bit shocked that it didn't exist. I thought SMC would have built something like this into their SuperBlade systems, but their chassis-level BMC reset functions simply use the network to connect to the blades' BMCs, which isn't too helpful when the user changes the IP address of the BMC… ugh.
I think in the SMC case, it is kind of designed that way to always
trust the user. I think the IPMI inband interface can be disabled on
some vendors' gear, which would definitely help. However in the SMC
case, if memory serves to reset the bmc to factory default you do have
to move the jumper, reset power, reset the bmc password via an
in-operating system tool and reset addressing via the bios. :\
More information about the openstack-discuss