Reply to post: Re: Interesting legally, rather than technically ...

If malware wants to bury deep inside your Lenovo or Gigabyte servers, they can just ask Vertiv's insecure BMC firmware

whitepines

Re: Interesting legally, rather than technically ...

If the legal folks do it right, that means no Intel kit (ME is effectively an even more invasive BMC than the one described here, and is required on all Intel desktop / server products) and AMD is legally questionable due to the PSP. Even ARM and Power would get in on the fun, since they also need BMCs.

A better way of doing this would be to mandate the org has source code and control of the BMC, so they can strip it down to basic "boot the platform" tasks if they want vs. "spy on the owner for DRM, enable network access to everything, etc.".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon