IPMI - because ACPI and UEFI weren't terrifying enough
Matthew Garrett
http://lca2015.linux.org.au/schedule/30130/view_talk
ACPI was dreadful and scary, and it's still scary but at least it mostly works now. UEFI jeopardised the interests of our entire tribe, but we got through it. How could any other four letter specification worry us?
Meet IPMI - the Intelligent Platform Management Interface. A protocol that allows admins to power machines on and off remotely. A protocol that permits remote querying and reporting of hardware errors, fan speeds, temperatures and more. A protocol so poorly designed that it explicitly defines passwordless authentication. A protocol that's generally implemented by gluing a small insecure embedded Linux device to your server motherboards. A protocol implemented by people who don't understand the importance of avoiding leaking bits of the heap in network packets. A protocol that's frequently exposed to the public internet. A protocol that's… well. You get the idea.
This presentation will cover the IPMI protocol and its potential uses for good, along with a deep, dark, depressing discussion of its despair-inducing failings at both the protocol and implementation levels. You'll laugh. You'll cry. You'll never trust your servers again.
Видео IPMI - because ACPI and UEFI weren't terrifying enough канала Linux.conf.au 2015 -- Auckland, New Zealand
http://lca2015.linux.org.au/schedule/30130/view_talk
ACPI was dreadful and scary, and it's still scary but at least it mostly works now. UEFI jeopardised the interests of our entire tribe, but we got through it. How could any other four letter specification worry us?
Meet IPMI - the Intelligent Platform Management Interface. A protocol that allows admins to power machines on and off remotely. A protocol that permits remote querying and reporting of hardware errors, fan speeds, temperatures and more. A protocol so poorly designed that it explicitly defines passwordless authentication. A protocol that's generally implemented by gluing a small insecure embedded Linux device to your server motherboards. A protocol implemented by people who don't understand the importance of avoiding leaking bits of the heap in network packets. A protocol that's frequently exposed to the public internet. A protocol that's… well. You get the idea.
This presentation will cover the IPMI protocol and its potential uses for good, along with a deep, dark, depressing discussion of its despair-inducing failings at both the protocol and implementation levels. You'll laugh. You'll cry. You'll never trust your servers again.
Видео IPMI - because ACPI and UEFI weren't terrifying enough канала Linux.conf.au 2015 -- Auckland, New Zealand
Показать
Комментарии отсутствуют
Информация о видео
16 января 2015 г. 16:55:20
00:47:36
Другие видео канала
Firmware security, why it matters and how you can have it
Kernel Recipes 2015 - Representing device-tree peripherals in ACPI - by David Woodhouse
intro to freenas
Keynote (HD 720p): Linus Torvalds
ASRock IPMI Overview With Wendell (Intelligent Platform Management Interface)
See what your computer is doing with Ftrace utilities
Apathy and Arsenic: a Victorian Era lesson on fighting the surveillance state
"Write a single library to handle all input devices, it'll be easy" they said...
"Keynote: Drop Your Tools – Does Expertise have a Dark Side?" - Dr Sean Brady (LCA 2020)
Charles Schwab Trading Platform Web Tutorial
Open-ZFS Bootcamp
systemd - The Good Parts
Standalone ECU / EFI Tuning Basics
Comparing HBA IT mode SAS controllers
Home Networking: 100TB 10Gbit Server - ZFS considerations (Performance, RAIDz vs RAID and Mirrors)![[ENG] Andy Shevchenko (Intel): ACPI from scratch: U-Boot implementation / #LinuxPiter](https://i.ytimg.com/vi/46JmzxVLxFQ/default.jpg)
[ENG] Andy Shevchenko (Intel): ACPI from scratch: U-Boot implementation / #LinuxPiter
before Keynote: Linus Torvalds (Bdale happy birthday)
Keeping the Balance: loadbalancing demystified
Features of Supermicro IPMI
Side-event "After Snowden: using law and technology to counter snooping"