On 03/28/2019 04:04 PM, Philipp Stanner wrote:
Recently I had an interesting discussion with a system
who is responsible for several hundred PCs, Routers etc.
His argument was: Imagine it would take you 15 minutes to install a
patch on a computer (all windows machines of course...). If your
company has 1000 computers and you send one admin to install the
patches, it will take him >31 work days, working 8h a day.
That's why, he said, companies are interested in software allowing them
to install stuff on the OS / hard drive remotely through the firmware
What happened to WSUS etc? powershell scripting? remote desktop? WMI?
PXE/iSCSI boot to use Windows deployment services?
That is a poor excuse since no one has ever needed ME/PSP to remotely
install patches and I personally have never seen it used only the things
I, not dealing with large networks, had never thought about it this
way. But it does make a lot of sense to me, it's about real money (as
So I guess that's indeed a huge reason why Intel and AMD created
Frankenstein, running below UEFI and Kernel.
No its not.
ME/PSP are DRM.
BMC chips are not and have been around for a long time for exactly the
use you desire.
A big company can buy RaptorCS OpenPOWER Blackbird or TALOS 2
workstation motherboards and use OpenBMC which is much better, more
secure and one can always make updates rather than being stuck with an
old and exploitable proprietary firmware when the support cycle ends.