IPMI - because ACPI and UEFI weren't terrifying enough

Linux.conf.au 2015 -- Auckland, New Zealand

Просмотров 36 тыс.

% 400

Matthew Garrett
lca2015.linux.org.au/schedule/30130/view_talk
ACPI was dreadful and scary, and it's still scary but at least it mostly works now. UEFI jeopardised the interests of our entire tribe, but we got through it. How could any other four letter specification worry us?
Meet IPMI - the Intelligent Platform Management Interface. A protocol that allows admins to power machines on and off remotely. A protocol that permits remote querying and reporting of hardware errors, fan speeds, temperatures and more. A protocol so poorly designed that it explicitly defines passwordless authentication. A protocol that's generally implemented by gluing a small insecure embedded Linux device to your server motherboards. A protocol implemented by people who don't understand the importance of avoiding leaking bits of the heap in network packets. A protocol that's frequently exposed to the public internet. A protocol that's… well. You get the idea.
This presentation will cover the IPMI protocol and its potential uses for good, along with a deep, dark, depressing discussion of its despair-inducing failings at both the protocol and implementation levels. You'll laugh. You'll cry. You'll never trust your servers again.

Опубликовано:

16 янв 2015

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 22

@edbouhl3100 2 года назад

This is a great window into the little coding glitches that hackers look for and exploit. It also explains why the documentation about the IPMI implementation on the BMC of the old Dell T100 my son got for me from a buddy was so confusing and limited - which got me here in the first place. (It’s a run on sentence - in the spirit of the IPMI specification. ;-) ).

@rars0n 7 лет назад

I like this guy a lot. He's pretty funny. And also obviously very intelligent.

@rars0n 7 лет назад

This is how you do a PowerPoint presentation without being dreadfully boring.

@FeelingShred 6 лет назад

Can someone explain to me why Linux sucks at ACPI? (laptop fans spin on max speed all the time, causing premature death of the fans, suspend/resume not always works, sometimes Linux won't recognize that you are running on batteries and will shutdown without any warning etc etc, just a few examples) I ask this because Windows, doesn't matter if XP or 7, doesn't matter if old or new hardware, always works in this regard. So there must be something to it.

@nodezsh 5 лет назад

First, Linux is not Windows… There's not much stuff that works the same on Windows and Linux. If you have any expectations - be it good, bad or neutral - when running Linux for the first time without any knowledge on it, you can drop them now. Second, all my experience with Linux in laptops has shown me that ACPI is the one thing nobody ever has problems with. So I guess I'm lucky. Or you're unlucky. I do have some ACPI warnings every time I turn on my desktop, but they are purely cosmetic and they're gone forever seconds later. Most of the problems you mentioned seem to be unrelated to ACPI and I would even bet that you just ran a bad distro on the wrong laptops. Because the problem seems to be default software and settings of a distro rather than the kernel itself… which is also a horrible thing going on in the Linux world, because lately the major distros have been absolutely stuck on the same spot on that front the last six years or so

@bloepje 5 лет назад

@@nodezsh It's not that easy. You identify the OS to the ACPI, and when the ACPI sees a non windows OS, it will run in crap mode: it will literally behave different depending on your OS. Next to that, usually windows has (had?) embedded a load of fixes for crap systems. In my experience the whole excercise works or fails depending on the amount of work the vendor put into ACPI.

@TheMrKeksLp 4 года назад

@@bloepje But Linux already advertises itself as Windows to UEFI so there's obviously more to it than bad firmware

@InsideOfMyOwnMind 7 лет назад

21;17 What was the (slang?) term used?

@Jump3r3993 6 лет назад

"(...) code is clearly derived from the same base"

@isbestlizard 4 года назад

True story. I literally thought my new motherboard was broken because it just kept on cycling numbers on the 7 segment lcd readout and wouldn't give a video signal and this kept on going on for minutes with nothing even attached and i'm like wtf ffs how can anything still be doing anything after this time but the thing was still doing stuff. It's got an ipmi interface which is ok, it's asrock and as long as it doesn't have anything attached to the main system like, ok sure just be a framebuffer and emulate a usb mouse and keyboard and read sensors but i'm SURE they wouldn't have given it access to the pcie bus

@TheMrKeksLp 4 года назад

ACPI already has full access to all PCIe devices

@housewares 9 лет назад

Well done; I lol'd

@swiftgeek 9 лет назад

DASH/AMT can do similar things, though instead of emulating cd, they either emulate pendrive or provide something similar to usbip… (And they do support IPv6)

@laneromel5667 7 лет назад

Most companies could not spell security let alone implement it

@WillowEpp 9 лет назад

So yeah, that went about how I expected (i.e. poorly).

@isbestlizard 4 года назад

LOL this guy is sneaky as a greased fox XD

@RonJohn63 9 лет назад

Has this grown man dyed green a shock of his hair?

@LostieTrekieTechie 5 лет назад

What a grown man decides to do with his hair is his own business

@bernds1488 5 лет назад

oh this bad acpi had such an impact on the linux devellopers that they skipped that altogether. up til now i have not found any laptop that wasn't overheating except one very old dell where the fan ran on full speed, and i tried many distributions. the "linux commuity" has nothing but silly, stupid and ignorant answers like i should clean my fan or reduce the processor load. cleaning the fan doesn't help if it doesn't spin!!! and reducing processor power is like driving your ferrari with timber wheels.

@volkerking7634 9 лет назад

for that reason you must but your BIOS !RW pin to hard high! So no other one can overwrite them. Cool you can read with IPMI the hash from the pwd then load it to the cain and bruteforce the pwd, lol hahahahahaha!!!!!!!