Reply to post: Re: Let's not go overboard with this.

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

Brian Miller

Re: Let's not go overboard with this.

Let's arm-chair-design a recreation of this exploit, and see how close we get to the real thing, after all the facts come out, shall we:

I read the original Bloomberg article. The way the article was written, it sounded like the "signal conditioner" chip could connect to the network, by itself! Only later on did it go into "detail" about it modifying the code for the BMC.

What all of this points out is something very important in system design: the CPU should not boot code that it can't verify through a chain of trust. There are a number of commercially available solutions for this, and they have been on the market for years. The concepts have been out there for far longer. Manufacturers have no reason to not pursue secure operation.

The real problem with all of this is the motherboard design has to be modified! If a shared serial bus was modified, then that means that that there will be a signals conflict on the bus to modify instructions. The problem with this is that the commands are like, "Hey, #24, talk to me!" Then #24 talks, and does it blindly. To actually do what the article claims, the chip has to be in series between the CPU and the memory. That would take a change in the traces, etc. So the motherboard would have to be redesigned to incorporate the chip.

Whatever is going on, we aren't getting the full story yet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020