Maybe even FSF-endorsed. Great news! Spread the news.

On Wed, Apr 26, 2017 at 3:04 PM, Timothy Pearson <tpearson@raptorengineering.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/26/2017 01:59 PM, Taiidan@gmx.com wrote:
> On 04/26/2017 02:47 PM, Timothy Pearson wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 04/26/2017 01:43 PM, Taiidan@gmx.com wrote:
>>> On 04/26/2017 06:00 AM, PeerCorps Trust Fund wrote:
>>>
>>>> Greetings All,
>>>>
>>>> I recently came across the following listing concerning Coreboot on
>>>> the Supermicro H8SCM-F.
>>>>
>>>> https://www.coreboot.org/Board:supermicro/h8scm
>>>>
>>>> You will note that the last update was in January of 2014. I also
>>>> noticed a note in the page concerning "OS Booting - Proprietary BIOS".
>>>> Is there anyone who can elaborate as to what this means?
>>>>
>>> I don't know, but there isn't any status update so it probably doesn't
>>> work and that port uses AGESA so you won't get IOMMU.
>>>
>>> I am working on porting the H8SCM and H8SCM-F (same thing really) to the
>>> native code base, it is a nice affordable opteron board that you can get
>>> used for $30.
>> Would be interested to know if you can disable the proprietary BMC?  For
>> many coreboot use cases this would be necessary.
>>
>> Thanks!
> I have the version without that feature (not the -F) so I am not 100%
> sure, but the vendor BIOS for mine is the -F bios and it boots fine - of
> course you never really know for sure if it is "disabled" but I imagine
> it functions the same as the asus boards where no ROM equals no BMC. I
> will ask supermicro about this.
> The difference between the -F and the regular version is the lack of the
> BMC RTL NIC and the socket for the ROM chip.
>
> The other security concern is a RMII link from the BMC chip to one of
> the intel nics, which I assume is present on both models.

Thanks for the pointer on the non-F variant -- from what I can tell the
BMC's RAM is physically removed which makes an exploit from the BMC side
of the network virtually impossible.

If you can get this up and running it would make a great
owner-controlled low-end machine.  Nice find!

- --
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJZAO8jAAoJEK+E3vEXDOFbih8IAKn7zhi8GQ0iaYxLeMbvLLbL
0yae1M48xnOQb+y7w1UR/5doYFqMStoW6lNuu21/b00xcqGmZOR1obZGVT+jZeX9
H+oTaq5qKQ7XhU1HoCH70aGlUvtf8gkyO6PSrgfj+Ma8JHxzwqeiiuYiejwwSUxt
LsCcJl5oF98tc4GHL9j90CuPxEnmHRcSfxNmGjOjyxc3hkyX0AcvISPN8Ki1YkXw
TA8N+vTCaNCot6/rXRGwhmxmych4n+oF7MAocEIiVoTJ9gAVgKx87hGBzaab7gOD
3s+iEpikZWlsj9lNH5RuBthrT9oQ42f3gSLahyS+0eJMwjXN/E3UQ+wetbBvbRg=
=YaNR
-----END PGP SIGNATURE-----



--
Tech III * AppControl * Endpoint Protection * Server Maintenance
Buncombe County Schools Technology Department Network Group
ComicSans Awareness Campaign