by cyphunk on 10/7/18, 6:36 AM with 2 comments
If the device has secure boot in place, whereby memory is signed and sometimes encrypted, any attempt to modify the SPI memory bus, the focal point of discussion thus far, will be useless++. And if secure boot of BMC is not in place then the manufacturer (read `evil chinese') will just modify the memory before shipping. Cheaper, more efficient, less detectable.
What this means is that everyone is looking at the wrong place for origin of attack. It is highly unlikely to be the manufacturer.
++ modification of memory is prevented by secure boot unless that secure boot implementation has a runtime flaw, which can be fixed through software patch.
by Cypher on 10/7/18, 10:01 AM