Hacker News new | ask | show | jobs
by buildbot 262 days ago
Yes it is.

Supermicro is one of the only vendors that tries to prevent this attack at all through RoT.

Other vendors you can flash whatever unsigned firmware you want. It’s very useful for adding in microcode for intel engineering samples, or malware…
1 comments
gpapilion 261 days ago
This is not true. Almost all firmware is signed by every vendor, and there are standards from Intel and amd on implementation of code signing.

Look up Intel pfr.

link
buildbot 261 days ago
Signed ≠ enforced.

At least for 4677 Intel stuff, gigabyte & HP and others let you modify the firmware and flash it.

link
kj4ips 260 days ago
HPE at least makes you flip a DIP switch, otherwise it complains loudly and halts.
link