1. Technical Field
The present disclosure relates to firmware verification and more specifically to preventing malicious firmware updates from activating a server motherboard.
2. Introduction
In the past decade, Intel and other chipset vendors have integrated more and more functions inside of their chip packages. For example, a common chip design now includes a core processor, memory controllers, an integrated I/O controller, a USB controller, SATA controller, etc. Chip manufactures can even provide a customer reference board (CRB) and silicon firmware reference code to help Original Design Manufactures (ODM) of the server motherboard designs. This ability to customize chips based on the requirements of the original design manufactures of motherboards means that changes to the chips are limited to I/O peripherals, layout, component placement, and firmware design. In the other words, the design of server motherboards has become more regular and less complex as complicated engineering and design has moved to silicon (that is, the chips themselves).
Recently, open source foundations, such as the Open Compute Project (OCP) Foundation, have begun encouraging designers to openly sharing ideas, specifications, and other intellectual property over the Internet, with the benefit of providing a public structure to having designs saved in a shared database. Users of these open source foundations can then access the records database and produce any per design documents available.
In recent years, malicious attacks from malware, worm and virus has been moving from software to firmware, especially the Unified Extensible Firmware Interface (UEFI) Basic Input/Output System (BIOS) and Baseboard Management Controller (BMC) firmware. As illustrated in FIG. 2, because portions of these firmware components are from open source foundations 202 and forums 204, the potential exists for nefarious deeds by hackers using open source code databases. Specifically, malfeasors could download firmware specifications 208 without restriction, study them all to figure out possible security vulnerabilities, and take advantage of those vulnerabilities to illegally access and/or harm the server. Specifically, these hackers can replace firmware 210 of a server motherboard with firmware lacking various security protocols, then boot the server without those security functions enabled 212. Because the security functions are disabled, the hacker can then plant virus/malware software into the operating system as the motherboard is booting 214, then propagate the virus through an Intranet 216 and the various rack servers 218. Even though user may setup a security mechanism inside the firmware of server motherboard, such as security boot or user password, data is at a high risk when firmware may be replaced using open sourced information because server motherboards rarely perform security inspections on replacement firmware.