Through June and July, AMI MegaRAC BMC firmware has been in the news owing to high-severity vulnerabilities that have existed for years but only recently come to light.  Server hardware widely contains BMCs, and compromising one can give near-total control over the server.  Many vendors shipped this firmware with their own branding.

But what exactly is a BMC, and what can we do to stay secure?

Baseboard Management Controller

ASpeed AST2400 BMC chip in L1UM v1-1X8C

A BMC, or “Baseboard Management Controller”, manages a server remotely.  Physical access to servers is typically tightly controlled (or at least very inconvenient).  But like any computer, it could go offline, fail to boot, or otherwise misbehave.  If this was your PC at home, you’d go sit down at the keyboard and monitor to troubleshoot it, and maybe reinstall the OS from USB, but on a server we want to do this remotely.

That’s where the BMC comes in.  One of its key functions is to make the “physical” keyboard, monitor, and power button, available remotely over a web interface.  Often, you can attach a local ISO as a virtual USB disk, and the remote system thinks it is a real USB disk.  Remote serial ports and many other features are possible too.

All of this works if the OS’s networking is broken, or even if the entire OS is unbootable.  The BMC may even be able to flash the system BIOS, allowing recovery from a failed flash or broken firmware.  You may have done this before for virtual machines – the BMC brings remote management to physical systems.

The BMC is a second, smaller computer hanging off of the main computer.  Much like the embedded controller in a laptop, it is in charge of powering on or off the main system.  The BMC is always on when the server is plugged in, like the EC.  It is a complete computer, commonly containing an ARM CPU, DRAM, and its own firmware.

Bring Many Connections

To provide all these features, the BMC connects to many buses from the main system.  The BMC firmware fully controls some interfaces, while hardware functionality controls others.

  • PCI Express: The BMC contains a PCIe video card.  It stores the framebuffer in BMC memory as well as scanning it out to a physical monitor, if there is one.  The BMC can observe the framebuffer and provide it over a network connection.
  • LPC (“Low Pin Count”): The BMC can provide serial ports and snoop on POST codes from the main system.
  • USB: The BMC acts as a USB keyboard, mouse, or storage device.
  • SPI: The BMC may sit “between” the main system and its BIOS firmware chip, providing a way to flash the BIOS when the main system is offline.
  • Ethernet: BMCs often can share the host’s physical network interface, eliminating an extra cable.  If they use separate networks, the BMC may share its network interface to the host over USB.

The main system is unlikely to consider any of these buses to be security boundaries.  The BMC has great power to lie about what is on the display, hide it from a physical monitor, or act as a malicious USB device.

Be Maximally Cautious

Purism disables BMC functionality on Librem Servers where possible.  PureBoot, when combined with a Librem Key, authenticate the system firmware to you, which complicates any tampering attack.

Purism Products and Availability Chart

 ModelStatusLead Time 
USB Security Token Purism Librem KeyLibrem Key

(Made in USA)
In Stock
($59+)
10 business days
Librem 5In Stock
($699+)
3GB/32GB
10 business days
Librem 5 COMSEC BundleIn Stock
($1299+)
Qty 2; 3GB/32GB
10 business days
Purism Liberty Phone with Made in USA ElectronicsLiberty Phone
(Made in USA Electronics)
Backorder
($1,999+)
4GB/128GB
Estimated fulfillment early November
Librem 5 + SIMple
(3 GB Data)
In Stock
($99/mo)
10 business days
Librem 5 + SIMple Plus
(5 GB Data)
In Stock
($129/mo)
10 business days
Librem 5 + AweSIM
(Unlimited Data)
In Stock
($169/mo)
10 business days
Librem 11In Stock
($999+)
8GB/1TB
10 business days
Most Secure Laptop Purism Librem 14Librem 14Backorder
($1,370+)
Estimated fulfillment date pending
Most Secure PC Purism Librem Mini
Librem MiniBackorder
($799+)
Estimated fulfillment November
Most Secure Server Purism Librem ServersLibrem ServerIn Stock
($2,999+)
45 business days
The current product and shipping chart of Purism products, updated on October 18th, 2024

Recent Posts

Related Content

Tags