[coreboot] Intel NIC security
Felix Held
felix-coreboot at felixheld.de
Sat Jun 10 18:35:25 CEST 2017
Hi Taiidan!
> Is it worth figuring out how to externally re-flash grey market
> "intel" nics - or is the onboard NVM flash unable to do anything too
> terrible? In the newer (the 3 digit i/x series like i350, x540 etc)
> nics intel has added a "security" flash write protect feature so I
> imagine their flash stuff isn't as potentially innocent as in the
> older chips. If so does anyone how to do this?
I only had a look at the i210 NIC and it can have settings like the MAC
address, an x86 option ROM for network boot, a firmware area (IIRC that
was ARCompact code) and a segment for some sort of provisioning data in
the external flash chip:
https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/i210-ethernet-controller-datasheet.pdf
(section 3.3)
To get code execution on the host, the option ROM would be the easiest
option.
The network card will probably still work if only the section containing
the configuration and MAC address is there; it would be interesting if
you tried that and report back the result. It would also be interesting
if you can prevent writes to the then unused parts of the flash so that
the now missing sections can't be added without an external programmer
(IIRC you need to desolder the flash chip in order to read/write it with
an external programmer).
Regards
Felix
More information about the coreboot
mailing list