-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e19ca74
commit d7b20fc
Showing
2 changed files
with
218 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,218 @@ | ||
| # [BRLY-2024-023] | ||
|
|
||
| # Use of RSA test keys for BMC RoT implementation | ||
|
|
||
| ## Summary | ||
|
|
||
| The **BINARLY team** has discovered that multiple Supermicro servers use an insecure RSA signing key (`RD1 BMC Test Key - DO NOT TRUST`) to implement the BMC Root of Trust security feature. The use of test keys poses a critical severity risk by making it trivial for remote attackers with administrative privileges to the BMC system to perform a malicious BMC firmware update and defeat U-Boot verified boot on affected devices. This results in a persistent compromise of both the BMC system and the main server operating system. | ||
|
|
||
| ## Vulnerability Information | ||
|
|
||
| * BINARLY internal vulnerability identifier: BRLY-2024-023 | ||
| * CVSS v3.1: 9.1 Critical AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | ||
|
|
||
| ## Affected Supermicro firmware with confirmed impact by Binarly team | ||
|
|
||
| | Device | Version | SHA256 | | ||
| | --------- | -------------------- | ---------------------------------------------------------------- | | ||
| | R12SPD-R | 51.02.13.02 (latest) | 18bfef41c976f3b7b895cdef5943dc633e1a6c5e56c8d64e3c2c64b17b576829 | | ||
|
|
||
| We also noticed that the same key is present in the firmware used by these series of servers, indicating that they are also likely to be affected: | ||
| - B13DEE | ||
| - B13DET | ||
| - B13SEE-CPU-25G | ||
| - B13SEG | ||
| - B4SA1-CPU | ||
| - B4SC1-CPU | ||
| - G1SMH | ||
| - G1SMH-G | ||
| - H13SRH | ||
| - X12DGQ-R | ||
| - X12DPG-QR | ||
| - X13DEG-QT | ||
| - X13DEM | ||
| - X13DSF-A | ||
| - X13OEI-CPU | ||
| - X13QEH+ | ||
| - X13SEDW-F | ||
| - X13SEED-F | ||
| - X13SEED-SF | ||
| - X13SEFR-A | ||
| - X13SEM-F | ||
| - X13SEM-TF | ||
| - X13SET-G | ||
| - X13SET-GC | ||
| - X13SET-PT | ||
|
|
||
| ## Potential impact | ||
|
|
||
| If the threat actor obtains the private part of the RSA signing key (which is quite possible as this is a test untrusted key), they can generate and sign BMC firmware with arbitrary content and it will be successfully validated during the boot process. For example, such firmware may contain an implanted backdoor, allowing an attacker to remotely control the BMC system and the target host operating system. | ||
|
|
||
| ## Vulnerability description | ||
| The following figure shows the RoT chain implementation used by the Supermicro BMC firmware: | ||
|  | ||
|
|
||
| This process can be summarised in 3 main steps: | ||
| 1. U-Boot SPL bootloader verification | ||
| In general, the code in the ROM is responsible for verifying the U-Boot SPL bootloader with the public keys stored in the OTP (one time programmable) memory. Since we don't have the actual device, we can't be sure which keys are stored in the OTP. However, we have noticed that the logic in the custom U-Boot regular bootloader also performs the U-Boot SPL verification, trying 3 RSA modules located at `0xBDCO`, `0xBFCO`, `0xC1CO` in sequence and exponent 65537, using the signature located at `0xC400`. Subsequent execution is only allowed if the signature is successfully validated with at least one of the keys. It is therefore highly likely that the same keys are stored in the OTP. Crucially, the RSA module located at `0xBDCO` matches the module of the "BMC Test Key". | ||
|
|
||
| 2. U-Boot regular bootloader verification | ||
| The logic in the customised U-Boot SPL performs the verification of the regular U-Boot bootloader by trying 2 RSA modules located at `0xB9C0`, `0xBBC0` in sequence and exponent 65537, using the signature located at `0xFFC00`. Subsequent execution is only allowed if the signature is successfully validated with at least one of the keys. Crucially, the RSA module located at `0xB9C0` matches the module of the "BMC Test Key". | ||
|
|
||
| 3. Rest of the firmware (Kernel, DTB, initramfs, Squashfs) verification | ||
| The logic in the custom U-Boot regular bootloader performs the verification of the rest of the firmware by trying 2 RSA modules located at `0xFEA00`, `0xFEC00` in sequence and exponent 65537, using the signature located at `0x34F0400`. Subsequent execution is only allowed if the signature is successfully validated with at least one of the keys. Crucially, the RSA module located at `0xFEA00` matches the module of the "BMC Test Key". | ||
|
|
||
| **Note:** The certificate of the above mentioned "BMC Test Key" is located in the firmware at offset `0xFE004`, the public exponent of the RSA key is 65537. | ||
| **Note:** Binarly Research team has not identified the presence of the private part of the key in the wild at this moment. | ||
| **Note:** The expiration date of the "BMC Test Key" is `Feb 1 03:14:28 2070 GMT`. | ||
| **Note:** We noticed that U-Boot SPL and U-Boot regular bootloaders are signed with the same private key. It is better to use different keys to sign different stages, in which case a compromise of a single key will only affect one stage. | ||
| **Note:** We have noticed that the U-Boot SPL of some Supermicro BMC images is signed with "BMC Test Key", which may indicate that this key is stored in the OTP memory for these devices: | ||
| | Device | Version | SHA256 | | ||
| | ----------- | --------- | ---------------------------------------------------------------- | | ||
| | H12SSG-ANP6 | 00.01.06 | 5f279bb047eb0decaa3a55b57344fd53807ca651ad729aa155ae54b99dca1edb | | ||
| | H12SSG-ANP6 | 00.01.15 | a22a6405a3c9dc2e7f4768efdb72b3a3979d18235ad8791f0d3bf56291b633a9 | | ||
| | H12SSG-AN6 | 00.01.12 | 080531536fb87d48ccbeaa1e3a68a4e2948efbafe9070113a343fa82db9b513c | | ||
| | X12DGU | 00.01.03 | 5f223c7d950a2e7547e2dfa09d297938e3054a2ae43da39045225d7ec135f2ba | | ||
|
|
||
| ## Disclosure timeline | ||
|
|
||
| This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. | ||
|
|
||
| | Disclosure Activity | Date (YYYY-mm-dd) | | ||
| | ---------------------------------------- | ----------------- | | ||
| | Supermicro PSIRT is notified | 2024-06-05 | | ||
| | Supermicro PSIRT declined the issue | 2024-07-02 | | ||
| | BINARLY public disclosure date | 2024-09-18 | | ||
|
|
||
| ## Acknowledgements | ||
|
|
||
| **BINARLY team** | ||
|
|
||
|
|
||
| ## Appendix | ||
| Test key certificate: | ||
| ``` | ||
| Certificate: | ||
| Data: | ||
| Version: 3 (0x2) | ||
| Serial Number: | ||
| 1a:da:e6:cf:23:66:6a:36:d9:dd:69:4c:2f:ba:30:14:90:f7:3d:5e | ||
| Signature Algorithm: sha512WithRSAEncryption | ||
| Issuer: C = US, ST = CA, L = SanJose, O = Super Micro Computer Inc., CN = RD1 BMC Test Key - DO NOT TRUST | ||
| Validity | ||
| Not Before: Feb 14 03:14:28 2020 GMT | ||
| Not After : Feb 1 03:14:28 2070 GMT | ||
| Subject: C = US, ST = CA, L = SanJose, O = Super Micro Computer Inc., CN = RD1 BMC Test Key - DO NOT TRUST | ||
| Subject Public Key Info: | ||
| Public Key Algorithm: rsaEncryption | ||
| Public-Key: (4096 bit) | ||
| Modulus: | ||
| 00:c6:b3:42:c9:36:c3:a1:24:0c:ec:e5:1a:31:96: | ||
| 5b:1d:a6:c7:85:66:50:bf:59:78:9c:2d:8d:07:5e: | ||
| 6f:9b:f0:a0:70:7a:42:f0:0a:68:bd:e1:aa:80:ef: | ||
| 2c:70:bd:7a:36:59:6a:ca:2a:1d:21:f1:1c:a1:31: | ||
| f3:d6:3d:2c:ea:32:0f:d6:62:99:01:57:99:e1:13: | ||
| fd:82:1a:78:c7:29:2b:4c:2d:70:43:b0:c5:28:94: | ||
| 78:33:d5:c2:0b:d3:84:6c:86:08:18:e5:2e:6a:40: | ||
| d6:f4:fe:41:02:7f:ad:7a:96:16:af:86:9d:01:d7: | ||
| 71:74:bb:0b:7b:24:3d:26:31:23:2b:91:05:2f:f9: | ||
| c5:6a:bb:b8:c1:85:bc:be:e7:6b:2f:bf:f9:5b:fa: | ||
| e9:c8:ce:f0:b7:af:4c:c7:eb:5c:f0:32:9f:f0:a3: | ||
| 7a:a9:b3:eb:27:cd:a5:f3:3a:24:81:5d:01:e4:ac: | ||
| 44:9a:59:fc:ee:04:86:03:9c:89:ce:65:ec:4d:34: | ||
| b5:9a:d8:86:71:97:8e:a7:b6:ec:91:61:89:b3:6c: | ||
| b1:7c:d8:8d:6b:fa:0d:51:0e:2a:cb:89:d6:06:f1: | ||
| c4:6b:27:25:66:92:d2:37:0f:5b:dc:fb:22:8f:18: | ||
| 32:a4:42:52:68:55:5f:bd:8f:f5:20:c1:1e:1a:9a: | ||
| e4:32:ca:a4:e0:93:1d:f4:7f:41:8f:b7:78:9a:f4: | ||
| b0:b4:89:3f:93:d7:96:d7:cf:61:77:96:65:6f:03: | ||
| cf:82:e4:3d:c1:20:2e:1d:60:10:41:7d:2d:7f:5a: | ||
| 0f:c3:52:0b:96:0b:a1:56:3b:47:6e:67:db:54:b1: | ||
| 76:10:61:e7:34:1e:5f:63:b3:6c:27:9d:76:6f:d3: | ||
| 39:11:e9:34:07:66:55:1d:fc:32:53:b6:91:54:d5: | ||
| 5c:44:73:01:98:75:cc:71:04:8d:9d:a5:ca:f8:68: | ||
| 26:a6:52:ab:bc:53:ac:65:08:56:ba:ad:f8:e9:51: | ||
| 59:d5:24:d4:34:1b:c1:b4:f3:43:c7:69:ee:36:2d: | ||
| 75:26:6c:7e:20:12:83:6b:1f:6f:fc:05:f7:7c:ae: | ||
| c8:3f:ca:49:7c:e6:a1:91:44:b5:db:55:5a:5c:ea: | ||
| f1:b1:46:71:1b:2a:fe:4e:9f:db:c1:e7:10:91:fb: | ||
| 80:c2:8f:04:74:c6:31:aa:ed:71:0f:a4:b3:03:2d: | ||
| 57:70:0c:ff:d0:aa:ed:f5:d7:1f:02:d5:75:8a:11: | ||
| d9:ca:07:9c:e7:02:39:2d:8b:1a:78:62:98:e4:d9: | ||
| 1d:f2:2a:30:a4:29:ce:03:c9:56:08:d8:79:12:2e: | ||
| 53:0d:b0:3f:0e:be:b4:51:06:a2:77:c2:dc:04:0b: | ||
| 4a:a8:c5 | ||
| Exponent: 65537 (0x10001) | ||
| X509v3 extensions: | ||
| X509v3 Subject Key Identifier: | ||
| 2A:F0:A8:8C:87:67:4E:0A:D2:AD:20:B6:26:40:CA:A2:C4:01:1D:7F | ||
| X509v3 Authority Key Identifier: | ||
| 2A:F0:A8:8C:87:67:4E:0A:D2:AD:20:B6:26:40:CA:A2:C4:01:1D:7F | ||
| X509v3 Basic Constraints: critical | ||
| CA:TRUE | ||
| Signature Algorithm: sha512WithRSAEncryption | ||
| Signature Value: | ||
| bc:05:cd:3b:e8:62:06:e6:ff:b0:80:5b:a8:02:2a:0c:20:9d: | ||
| 0b:eb:c6:fd:19:74:62:5c:34:aa:37:8d:46:84:2c:39:97:0d: | ||
| 08:ea:1a:8f:ae:cb:ff:dd:2e:1d:1d:85:3c:29:a5:fc:ed:99: | ||
| d6:1b:17:2e:c6:d2:e0:28:b1:aa:62:58:06:11:fc:17:45:1b: | ||
| a4:fd:4f:14:79:fb:42:5d:4c:35:72:73:3f:09:32:c6:c7:dc: | ||
| b0:d2:63:4e:41:54:39:47:0e:a8:46:50:c3:43:7a:15:d9:a0: | ||
| 1e:ba:95:20:34:db:97:9f:7c:6e:c6:07:7a:76:2a:a2:b2:f2: | ||
| 06:c7:00:f3:a8:ef:5e:63:86:5e:e8:aa:de:07:f5:83:92:93: | ||
| 92:1a:86:04:85:bd:0b:c6:9a:04:3f:1e:10:8e:8f:8a:04:61: | ||
| e7:b3:b2:af:5a:40:b2:ac:28:56:2e:b5:13:98:22:b3:71:df: | ||
| 5f:f0:8d:aa:c8:3e:20:66:bc:44:8a:cc:f5:e2:0e:aa:aa:9e: | ||
| 2b:43:46:cf:97:dc:b0:7b:b4:24:40:11:e0:bb:87:de:00:76: | ||
| b1:2e:2d:c8:9a:e0:4b:b6:7c:33:ee:8c:0d:f8:72:15:ad:d4: | ||
| 35:9d:8f:79:ad:7f:f2:a1:da:a3:51:b0:55:5e:13:eb:72:bf: | ||
| d8:91:7e:9f:65:83:ec:8a:70:23:4e:f2:e5:14:ef:b7:c5:67: | ||
| 67:50:76:71:1c:b1:e0:73:1c:ff:07:a7:2e:92:7d:e4:d3:4c: | ||
| f9:2e:39:3a:e1:34:e0:35:55:19:91:62:54:5b:ac:04:13:3b: | ||
| 29:4a:cc:d2:18:59:65:60:0f:c2:c5:77:f3:a3:17:f2:68:1c: | ||
| 94:61:ef:70:48:90:c9:25:17:ad:e5:51:6e:90:12:97:45:67: | ||
| ce:cc:16:e4:f7:67:e8:89:e4:39:40:c5:7f:84:5a:70:db:0c: | ||
| 1d:99:ea:32:58:43:39:2c:f4:6a:5a:5e:a9:a3:f1:f8:20:9e: | ||
| 42:f3:6f:35:60:6f:80:1d:ac:98:96:b3:45:51:fb:e7:6f:7e: | ||
| 3d:91:d7:96:1d:cf:5b:cd:89:56:f8:94:d0:b9:d0:92:b7:d0: | ||
| 51:01:11:54:57:7c:2a:21:91:91:42:37:35:63:52:d2:67:d3: | ||
| 47:6f:9e:27:3f:26:07:f0:d5:65:d4:a7:cf:3e:1c:88:ac:35: | ||
| 69:47:f4:1f:fd:2b:a2:c7:26:fd:b0:96:53:0e:5c:98:18:e3: | ||
| 16:c1:ae:d3:c8:61:34:92:17:3a:10:86:ea:46:1e:ad:16:98: | ||
| 0d:8c:fa:16:3a:3f:af:49:60:ee:76:a8:3a:61:a9:fe:03:c7: | ||
| 28:25:a3:be:3f:03:92:35 | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIF1zCCA7+gAwIBAgIUGtrmzyNmajbZ3WlML7owFJD3PV4wDQYJKoZIhvcNAQEN | ||
| BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRAwDgYDVQQHDAdTYW5Kb3Nl | ||
| MSIwIAYDVQQKDBlTdXBlciBNaWNybyBDb21wdXRlciBJbmMuMSgwJgYDVQQDDB9S | ||
| RDEgQk1DIFRlc3QgS2V5IC0gRE8gTk9UIFRSVVNUMCAXDTIwMDIxNDAzMTQyOFoY | ||
| DzIwNzAwMjAxMDMxNDI4WjB6MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEDAO | ||
| BgNVBAcMB1Nhbkpvc2UxIjAgBgNVBAoMGVN1cGVyIE1pY3JvIENvbXB1dGVyIElu | ||
| Yy4xKDAmBgNVBAMMH1JEMSBCTUMgVGVzdCBLZXkgLSBETyBOT1QgVFJVU1QwggIi | ||
| MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGs0LJNsOhJAzs5RoxllsdpseF | ||
| ZlC/WXicLY0HXm+b8KBwekLwCmi94aqA7yxwvXo2WWrKKh0h8RyhMfPWPSzqMg/W | ||
| YpkBV5nhE/2CGnjHKStMLXBDsMUolHgz1cIL04RshggY5S5qQNb0/kECf616lhav | ||
| hp0B13F0uwt7JD0mMSMrkQUv+cVqu7jBhby+52svv/lb+unIzvC3r0zH61zwMp/w | ||
| o3qps+snzaXzOiSBXQHkrESaWfzuBIYDnInOZexNNLWa2IZxl46ntuyRYYmzbLF8 | ||
| 2I1r+g1RDirLidYG8cRrJyVmktI3D1vc+yKPGDKkQlJoVV+9j/UgwR4amuQyyqTg | ||
| kx30f0GPt3ia9LC0iT+T15bXz2F3lmVvA8+C5D3BIC4dYBBBfS1/Wg/DUguWC6FW | ||
| O0duZ9tUsXYQYec0Hl9js2wnnXZv0zkR6TQHZlUd/DJTtpFU1VxEcwGYdcxxBI2d | ||
| pcr4aCamUqu8U6xlCFa6rfjpUVnVJNQ0G8G080PHae42LXUmbH4gEoNrH2/8Bfd8 | ||
| rsg/ykl85qGRRLXbVVpc6vGxRnEbKv5On9vB5xCR+4DCjwR0xjGq7XEPpLMDLVdw | ||
| DP/Qqu311x8C1XWKEdnKB5znAjktixp4Ypjk2R3yKjCkKc4DyVYI2HkSLlMNsD8O | ||
| vrRRBqJ3wtwEC0qoxQIDAQABo1MwUTAdBgNVHQ4EFgQUKvCojIdnTgrSrSC2JkDK | ||
| osQBHX8wHwYDVR0jBBgwFoAUKvCojIdnTgrSrSC2JkDKosQBHX8wDwYDVR0TAQH/ | ||
| BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAvAXNO+hiBub/sIBbqAIqDCCdC+vG | ||
| /Rl0Ylw0qjeNRoQsOZcNCOoaj67L/90uHR2FPCml/O2Z1hsXLsbS4CixqmJYBhH8 | ||
| F0UbpP1PFHn7Ql1MNXJzPwkyxsfcsNJjTkFUOUcOqEZQw0N6FdmgHrqVIDTbl598 | ||
| bsYHenYqorLyBscA86jvXmOGXuiq3gf1g5KTkhqGBIW9C8aaBD8eEI6PigRh57Oy | ||
| r1pAsqwoVi61E5gis3HfX/CNqsg+IGa8RIrM9eIOqqqeK0NGz5fcsHu0JEAR4LuH | ||
| 3gB2sS4tyJrgS7Z8M+6MDfhyFa3UNZ2Pea1/8qHao1GwVV4T63K/2JF+n2WD7Ipw | ||
| I07y5RTvt8VnZ1B2cRyx4HMc/wenLpJ95NNM+S45OuE04DVVGZFiVFusBBM7KUrM | ||
| 0hhZZWAPwsV386MX8mgclGHvcEiQySUXreVRbpASl0VnzswW5Pdn6InkOUDFf4Ra | ||
| cNsMHZnqMlhDOSz0alpeqaPx+CCeQvNvNWBvgB2smJazRVH7529+PZHXlh3PW82J | ||
| VviU0LnQkrfQUQERVFd8KiGRkUI3NWNS0mfTR2+eJz8mB/DVZdSnzz4ciKw1aUf0 | ||
| H/0roscm/bCWUw5cmBjjFsGu08hhNJIXOhCG6kYerRaYDYz6Fjo/r0lg7naoOmGp | ||
| /gPHKCWjvj8DkjU= | ||
| -----END CERTIFICATE----- | ||
| ``` |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.