On Thu, Oct 04, 2018 at 04:00:32PM +0000, fightfakenews via coreboot wrote: [...]
The only techinical information they give is: The chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off. (It sounds like something related with the IPMI? Is this really can be done? Even this can be done, can this be used to access data?)
Yes, this sounds possible. Hijacking the BMC's connection to the flash memory from which it boots (which has been speculated to be the attack, by various people on the internet) can in principle let an attacker backdoor the BMC's firmware. And BMCs have a lot of control over the host system, which may include DMA. See for example this presentation, about a different BMC implementation, esp. page 72 onward, "BMC to host":
https://github.com/airbus-seclab/airbus-seclab.github.io/blob/master/ilo/REC...
(Side note: I used the term "BMC" (baseboard management controller) here, but BMCs are sometimes called IPMIs, after the main protocol they historically implement, IPMI.)
Greetings