Uncategorized

Amazon seeks Firmware Developers

Senior Software Development Engineer – BIOS Firmware
The AWS Hardware Engineering team creates server designs for Amazon’s innovative web services. Our designs are industry-leading in frugality and operational excellence, and are critical to the success of the AWS business and the more than one million customers who use AWS today. Our Firmware Engineers solve challenging technology problems, and build architecturally sound, high-quality components to enable AWS to realize critical business strategies. The ideal candidate for this role will be an innovative self-starter. You will be a BIOS firmware expert, gain a strong understanding of our firmware stack, and analyze it in its current and future context. You will use comprehensive knowledge of the system in your projects to find the best solutions to multi-factor problems. You will work with engineers across the company as well as external companies and lead firmware development efforts. You will collaborate with internal and external development engineers (architecture, hardware, validation, software services). AWS Engineers are shaping the way people use computers and designing the future of cloud computing technology – come help us make history! What you will do: You will be a member of a team designing AWS-specific hardware, firmware and software. You will be a part of the firmware effort from conception, through validation and into production. You will explore emerging technologies and their impact on AWS. You will work closely with AWS software engineers to tailor devices for the AWS environment.[…]

https://us-amazon.icims.com/jobs/466243/senior-software-development-engineer—bios-firmware/job

Software Development Engineer – Server Manageability Firmware
The AWS Hardware Engineering team creates server designs for Amazon’s innovative web services. Our designs are industry-leading in frugality and operational excellence, and are critical to the success of the AWS business and the more than one million customers who use AWS today. Our Firmware Engineers solve challenging technology problems, and build architecturally sound, high-quality components to enable AWS to realize critical business strategies. The ideal candidate for this role will be an innovative self-starter. You will be a Baseboard Management Controller (BMC) firmware expert, gain a strong understanding of our firmware stack, and analyze it in its current and future context. You will use comprehensive knowledge of the system in your projects to find the best solutions to multi-factor problems. You will work with engineers across the company as well as external companies and lead firmware development efforts. You will collaborate with internal and external development engineers (architecture, hardware, validation, software services). AWS Engineers are shaping the way people use computers and designing the future of cloud computing technology – come help us make history! What you will do: You will be a member of a team designing AWS-specific hardware, firmware and software. You will be a part of the firmware effort from conception, through validation and into production. You will explore emerging technologies and their impact on AWS. You will work closely with AWS software engineers to tailor devices for the AWS environment.[…]

https://us-amazon.icims.com/jobs/466240/software-development-engineer—server-manageability-firmware/job

Standard
Uncategorized

SuperMicro on using IPMI in a home lab

Here’s advice from a few months ago by SuperMicro on how to use IPMI in a network environment:

 

If you are utilizing Supermicro in your lab environment, there is a great feature that comes with Supermicro boards that allows BMC IPMI management of the server.  It is basically an out of band management of the server much like a switch OOB management interface.  I wanted to post some screenshots of most of the various areas of control you have with the IPMI console of a Supermicro box.  It is fairly comprehensive.  Let’s take a look at Supermicro IPMI management walkthrough.

http://www.virtualizationhowto.com/2016/05/supermicro-ipmi-management-walkthrough/

Standard
Uncategorized

Talos Secure Workstation: coreboot + POWER8

New potential product on CrowdSupply with a NICE set of features (…and I wonder how secure it will be):

* Blob-free operation
* Fully libre (open-source) IBM OPAL primary firmware w/ PetitBoot interface
* Fully libre (open-source) OpenBMC secondary (IPMI / OoBM) firmware
* NO signing keys preventing firmware modification

https://www.crowdsupply.com/raptorcs/talos

Standard
Uncategorized

AMI and Realtek extend DMTF DASH to use WiFi

DMTF SMASH and DASH are pre-os technologies, somewhat like IPMI and Redfish. SMASH is for servers, DASH is for desktops. AMI and Realtek have DASH working over WiFi now. The new risk brought with this feature is that, if attacker can find exploit in WiFi DASH implementation, they can attack system remotely. Before, they needed an Ethernet connection, now they can use WiFi. IPMI and Redfish have similar risks. I wonder if servers are also available via WiFi with SMASH? Excerpt from press release:

American Megatrends Inc. (AMI), in collaboration with Realtek Semiconductor, an AMI Technology Partner, is pleased to introduce RealManage™ 2.0, a WiFi DASH solution integrated with the RTL8111FP-CG NIC controller chip from Realtek.

DASH (Desktop and mobile Architecture for System Hardware) is a client management standard released by the DMTF (Distributed Management Task Force) and is a web services-based standard for secure out-of-band and remote management of desktops and mobile systems. Realtek has long been an Ethernet NIC market leader and with the RTL8111FP-based next-generation DASH remote management solution called RealManage 2.0, Realtek aims to keep its market position and remain a force for technology innovation.

“With the rising popularity of the GUI BIOS, enterprise customers required out-of-band KVM (Keyboard, Video, and Mouse) functions beyond the standard ‘Text Console Redirection’ feature. Realtek’s RealManage 2.0 is our answer; a powerful DASH solution that supports Wi-Fi and Ethernet DASH, and is compliant with a GUI BIOS,” said Realtek’s Vice President and Spokesman, Yee-Wei Huang. “It brings a whole new application methodology and experience to commercial customers, providing a wealth of data and tools for remote out-of-band client management tasks.”

Full press release:
https://ami.com/news/press-releases/?PressReleaseID=359
http://www.realtek.com/press/newsViewOne.aspx?Langid=1&PNid=0&PFid=1&Level=1&NewsID=425

Standard
Uncategorized

DMTF Redfish 1.0.2 released

DMTF released Redfish 1.0 a while ago, and now they’ve done their first revision to this IPMI replacement technology. Excerpting DMTF’s press release:

The latest specification and schemas for the DMTF’s Redfish standard are now available. Now available for download, the 2016.1 publication includes new Redfish schemas for AttributeRegistry, Bios, Drive, Memory, MemoryCollection, MemoryMetrics, SecureBoot, Storage, StorageCollection and Volume. In addition, this release includes minor updates to the Chassis, ComputerSystem, Event, Manager, Power, Resource, SimpleStorage and Thermal schemas, along with all previously released schemas using updated file naming conventions. Released separately as a Work in Progress (WIP) for public comment, the DSP8010-WIP-2016.0.9a () publication includes new Redfish schemas for providing firmware update services (UpdateService, FirmwareInventory) and PCIe switch and device management (PCIeDevice, PCIeFunction, PCIePort, PCIeSwitch, and PCIeZone, and respective Collection schemas). In addition, DMTF has released version 1.0.2 of the Redfish Scalable Platforms Management API Specification, which defines the protocols, data model, and behaviors for Redfish.

http://redfish.dmtf.org/schemas/DSP8010_2016.1.zip
http://www.dmtf.org/sites/default/files/standards/documents/DSP8010_WIP_2016.0.9a.zip
http://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.0.2.pdf
http://dmtf.org/standards/spmf
https://www.dmtf.org/standards/redfish

Standard
Uncategorized

FWTS 16.05.01 released

Alex Hung of Canonical has announced the 16.05.01 release of FWTS, the FirmWare Test Suite.

There are new ACPI and IPMI and TCG OVAL and Linux device-tree tests. In addition to new features, there’s an even larger list of bugfixes for most classes (UEFI, BIOS, ACPI, etc.) of tools, not excerpted below, see the full announcement for those.

New Features:
  * acpi: add MSCT table sanity check
  * acpi: add EINJ table sanity check
  * ACPICA: Update to version 20160318 (LP: #1559312)
  * Introduce olog scan, to check OPAL msglog.
  * Introduce IPMI BMC Info
  * devicetree: add infrastructure for device-tree tests
  * devicetree/dt_sysinfo: Add device tree system information tests
  * devicetree/dt_base: Add base device-tree validity checks
  * debian/control: change depends on libjson0-dev to libjson-c-dev
  * auto-packager: mkpackage.sh: add yakkety and remove vivid
  * debian/control: add back libjson0-dev for precise

http://fwts.ubuntu.com/release/fwts-V16.05.01.tar.gz
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/16.05.01
https://launchpad.net/ubuntu/+source/fwts

Standard
Uncategorized

IPMIPWN

IPMIPWN came out 2 months ago and I missed it. 😦 IPMIPWN’s readme excerpt:

IPMI cipher 0 attack tool

There are a few good tools out there (Metasploit) to help you find and identify the IPMI cipher 0 vulnerability, but because its relatively trivial to exploit I have seen nothing that helps you pwn it. While it is easy to exploit, I have found I keep having to brush up on commands and junk every time I come across it which is where my tools comes in. My IPMIPWN tool does all the real work for you, it will attempt to exploit the cipher 0 vulnerability using a list of predefined default user accounts and setup an backdoor account with a semi-random username and random password. All successful backdoors are logged in loot.log. This tool works best on Kali, it does require you to have ipmiutils “apt-get install ipmitool” and NMAP installed. Enjoy.
https://github.com/AnarchyAngel/IPMIPWN

Besides IPMIPWN, and Metasploit, the tools FreeIPMI and IPMItool are also worth checking out. There is an IPMI Util  tool for Windows, and an Intel IPMI tool for MS-DOS, both of which I have not tried out.
https://sourceforge.net/projects/ipmitool/
http://www.gnu.org/software/freeipmi/
http://ipmiutil.sourceforge.net/
http://www.intel.com/design/servers/ipmi/ipmi_tool.htm

If you are new to IPMI security, start here:
https://www.us-cert.gov/ncas/alerts/TA13-207Ahttps://search.us-cert.gov/search?utf8=%E2%9C%93&affiliate=us-cert&query=IPMI&commit=Search
https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
http://fish2.com/ipmi/
http://www.cisco.com/c/en/us/about/security-center/ipmi-vulnerabilities.html

Standard