Socflash says the bmc is write protected.
Neeraj Ladkani
neladk at microsoft.com
Tue Aug 27 03:49:48 AEST 2019
I tried to dig more and confirmed that ASPEED does not persists locks during SRST.
1. Existing FW solution is not viable. Is it possible for host to hide/disable IO ports that are used by SocFlash?
2. Are there any HW design considerations to prevent this exploit?
Neeraj
From: Khetan, Sharad <sharad.khetan at intel.com>
Sent: Monday, August 26, 2019 7:38 AM
To: Christian Svensson <bluecmd at google.com>; Neeraj Ladkani <neladk at microsoft.com>
Cc: James Mihm <james.mihm at gmail.com>; openbmc at lists.ozlabs.org; Zheng Bao <fishbaoz at hotmail.com>
Subject: RE: Socflash says the bmc is write protected.
Yes the locks will persist across any Resets (BMC or Host), to mitigate the vulnerability.
Thanks
-Sharad
From: openbmc <openbmc-bounces+sharad.khetan=intel.com at lists.ozlabs.org<mailto:openbmc-bounces+sharad.khetan=intel.com at lists.ozlabs.org>> On Behalf Of Christian Svensson
Sent: Monday, August 26, 2019 1:44 AM
To: Neeraj Ladkani <neladk at microsoft.com<mailto:neladk at microsoft.com>>
Cc: James Mihm <james.mihm at gmail.com<mailto:james.mihm at gmail.com>>; openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>; Zheng Bao <fishbaoz at hotmail.com<mailto:fishbaoz at hotmail.com>>
Subject: Re: Socflash says the bmc is write protected.
Which type of reset are you referring to?
- Chris
On Mon, Aug 19, 2019 at 10:40 PM Neeraj Ladkani <neladk at microsoft.com<mailto:neladk at microsoft.com>> wrote:
Can anyone confirms if these locks persists during BMC reset?
Neeraj
From: openbmc <openbmc-bounces+neladk=microsoft.com at lists.ozlabs.org<mailto:microsoft.com at lists.ozlabs.org>> On Behalf Of James Mihm
Sent: Monday, August 19, 2019 7:26 AM
To: Zheng Bao <fishbaoz at hotmail.com<mailto:fishbaoz at hotmail.com>>
Cc: openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>
Subject: Re: Socflash says the bmc is write protected.
The P2A Bridge that is used by the socflash utility has been disabled; see https://nvd.nist.gov/vuln/detail/CVE-2019-6260<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2019-6260&data=02%7C01%7Cneladk%40microsoft.com%7C86c67159b4ca4c860aa008d72a3302e0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637024270920460918&sdata=WHVK9sr7auwRAoA9kG6giMi4MYVNlfnXHxsdQeKGb9s%3D&reserved=0> for details.
On Mon, Aug 19, 2019 at 5:51 AM Zheng Bao <fishbaoz at hotmail.com<mailto:fishbaoz at hotmail.com>> wrote:
Hi, All,
I use socflash to update the BMC firmware. The original BMC firmware can be updated, but openbmc can not be.
Socflash says the BMC is protected. Does anybody know why?
Thanks.
Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190826/e549f6a3/attachment-0001.htm>
More information about the openbmc
mailing list