Issue #595 has been reported by sam gone.
---------------------------------------- Other #595: Can coreboot defend against hardware spy chip attacks? https://ticket.coreboot.org/issues/595
* Author: sam gone * Status: New * Priority: High * Target version: none * Start date: 2025-05-14 ---------------------------------------- @privten Description privten opened on May 13, 2025
Bloomberg Reportsed on Chinese Spy Chip Incident in 2018 (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-us...). Well,7 years have passed, and there is no reason not to believe that the hardware technology and camouflage will be more advanced. Fake chip laser silk screen and even chip pins can be completely camouflaged. Since 90% of the motherboards supported by coreboot are produced in China, it is not impossible to Perform chip-level camouflage attacks and hardware supply chain attacks. Imagine how terrifying it would be for a chip on the motherboard to be a spy chip disguised with normal silk screen and pins. Politics and espionage techniques are not discussed, I would like to ask whether this will happen, whether there will be targeted hardware implants for open source BIOS-enabled hardware, whether BIOS-level or OS-level such as coreboot or other released version(libreboot,heads,etc.) can defend against such attacks, how to resove these problem and how to prevent them ?
No, because this story is most definitely fake.
1. On servers NICs can be shared between BMC (acting as an advanced SIO/EC).
2. If BMC's firmware is compromised, x86_64/ARM64 host cannot detect it. ROT usually begins with ARM SoC (BMC), which can verify x86 firmware upgrades (depending on implementation).
3. Board cannot be modified in production phase without significant changes to production line. Likewise, you cannot solder chips to the mainboard in such a way that it'll pass QA inspection (we're talking about running enamel wires across the board and securing it with hot glue).
4. Even if such modification would be possible, it's impossible to make this chip "talk" to the host without modifying the firmware. You can't attach it to PCI-E because it will be visible in the OS. To attach it to I2C, you need to enable it in the firmware and once again - it could be detected with i2c-detect.
5. "Rice-size" chip that runs RISC OS, has DMA and network access is simply impossible to manufacture.
6. Network/system administrators would definitely catch any unusual behavior from compromised machine. I worked on projects for European Commission, British Government, and few others I cannot disclose due to NDA still being valid. Management networks have strict firewall rules in places, separated by VLANs. In fact, BMCs *never* have network access, you need to cross VLAN boundary in order to access management network from another VLAN.
On 14 May 2025 04:28:49 CEST, sam gone coreboot@fe80.eu wrote:
Issue #595 has been reported by sam gone.
Other #595: Can coreboot defend against hardware spy chip attacks? https://ticket.coreboot.org/issues/595
- Author: sam gone
- Status: New
- Priority: High
- Target version: none
- Start date: 2025-05-14
@privten Description privten opened on May 13, 2025
Bloomberg Reportsed on Chinese Spy Chip Incident in 2018 (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-us...). Well,7 years have passed, and there is no reason not to believe that the hardware technology and camouflage will be more advanced. Fake chip laser silk screen and even chip pins can be completely camouflaged. Since 90% of the motherboards supported by coreboot are produced in China, it is not impossible to Perform chip-level camouflage attacks and hardware supply chain attacks. Imagine how terrifying it would be for a chip on the motherboard to be a spy chip disguised with normal silk screen and pins. Politics and espionage techniques are not discussed, I would like to ask whether this will happen, whether there will be targeted hardware implants for open source BIOS-enabled hardware, whether BIOS-level or OS-level such as coreboot or other released version(libreboot,heads,etc.) can defend against such attacks, how to resove these problem and how to prevent them ?
-- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
-
Alicja Michalska -
sam gone