Socflash says the bmc is write protected.
James Mihm
james.mihm at gmail.com
Tue Aug 27 04:44:25 AEST 2019
The best that can be done with the AST2500 is to disable the bridges very
early in the reset handler and in a ROM'd bootloader. This has been
mitigated in the AST2600 with an option to permanently disable the bridges.
On Mon, Aug 26, 2019 at 10:49 AM Neeraj Ladkani <neladk at microsoft.com>
wrote:
> I tried to dig more and confirmed that ASPEED does not persists locks
> during SRST.
>
>
>
> 1. Existing FW solution is not viable. Is it possible for host to
> hide/disable IO ports that are used by SocFlash?
> 2. Are there any HW design considerations to prevent this exploit?
>
>
>
> Neeraj
>
>
>
> *From:* Khetan, Sharad <sharad.khetan at intel.com>
> *Sent:* Monday, August 26, 2019 7:38 AM
> *To:* Christian Svensson <bluecmd at google.com>; Neeraj Ladkani <
> neladk at microsoft.com>
> *Cc:* James Mihm <james.mihm at gmail.com>; openbmc at lists.ozlabs.org; Zheng
> Bao <fishbaoz at hotmail.com>
> *Subject:* RE: Socflash says the bmc is write protected.
>
>
>
> Yes the locks will persist across any Resets (BMC or Host), to mitigate
> the vulnerability.
>
>
>
> Thanks
>
> -Sharad
>
>
>
> *From:* openbmc <openbmc-bounces+sharad.khetan=intel.com at lists.ozlabs.org>
> *On Behalf Of *Christian Svensson
> *Sent:* Monday, August 26, 2019 1:44 AM
> *To:* Neeraj Ladkani <neladk at microsoft.com>
> *Cc:* James Mihm <james.mihm at gmail.com>; openbmc at lists.ozlabs.org; Zheng
> Bao <fishbaoz at hotmail.com>
> *Subject:* Re: Socflash says the bmc is write protected.
>
>
>
> Which type of reset are you referring to?
>
>
>
> - Chris
>
>
>
>
>
> On Mon, Aug 19, 2019 at 10:40 PM Neeraj Ladkani <neladk at microsoft.com>
> wrote:
>
> Can anyone confirms if these locks persists during BMC reset?
>
>
>
> Neeraj
>
>
>
>
>
> *From:* openbmc <openbmc-bounces+neladk=microsoft.com at lists.ozlabs.org> *On
> Behalf Of *James Mihm
> *Sent:* Monday, August 19, 2019 7:26 AM
> *To:* Zheng Bao <fishbaoz at hotmail.com>
> *Cc:* openbmc at lists.ozlabs.org
> *Subject:* Re: Socflash says the bmc is write protected.
>
>
>
> The P2A Bridge that is used by the socflash utility has been disabled;
> see https://nvd.nist.gov/vuln/detail/CVE-2019-6260
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2019-6260&data=02%7C01%7Cneladk%40microsoft.com%7C86c67159b4ca4c860aa008d72a3302e0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637024270920460918&sdata=WHVK9sr7auwRAoA9kG6giMi4MYVNlfnXHxsdQeKGb9s%3D&reserved=0> for
> details.
>
>
>
> On Mon, Aug 19, 2019 at 5:51 AM Zheng Bao <fishbaoz at hotmail.com> wrote:
>
> Hi, All,
>
> I use socflash to update the BMC firmware. The original BMC firmware can
> be updated, but openbmc can not be.
>
> Socflash says the BMC is protected. Does anybody know why?
>
>
>
> Thanks.
>
> Joe
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190826/ef0f5c2b/attachment.htm>
More information about the openbmc
mailing list