Header bannerHeader banner
Advisory ID:
BRLY-2024-023

[BRLY-2024-023] Use of RSA test keys for BMC RoT implementation

September 19, 2024
Severity:
Critical
CVSS Score
9.1
Public Disclosure Date:
September 18, 2024
CVE ID:

Summary

The BINARLY team has discovered that multiple Supermicro servers use an insecure RSA signing key (RD1 BMC Test Key - DO NOT TRUST) to implement the BMC Root of Trust security feature. The use of test keys poses a critical severity risk by making it trivial for remote attackers with administrative privileges to the BMC system to perform a malicious BMC firmware update and defeat U-Boot verified boot on affected devices. This results in a persistent compromise of both the BMC system and the main server operating system.
Vendors Affected Icon

Vendors Affected

Supermicro
Affected Products icon

Affected Products

No items found.

Potential Impact

If the threat actor obtains the private part of the RSA signing key (which is quite possible as this is a test untrusted key), they can generate and sign BMC firmware with arbitrary content and it will be successfully validated during the boot process. For example, such firmware may contain an implanted backdoor, allowing an attacker to remotely control the BMC system and the target host operating system.

Vulnerability Information

  • BINARLY internal vulnerability identifier: BRLY-2024-023
  • CVSS v3.1: 9.1 Critical AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Supermicro firmware with confirmed impact by Binarly team

Device Version SHA256
R12SPD-R 51.02.13.02 (latest) 18bfef41c976f3b7b895cdef5943dc633e1a6c5e56c8d64e3c2c64b17b576829

We also noticed that the same key is present in the firmware used by these series of servers, indicating that they are also likely to be affected:

  • B13DEE
  • B13DET
  • B13SEE-CPU-25G
  • B13SEG
  • B4SA1-CPU
  • B4SC1-CPU
  • G1SMH
  • G1SMH-G
  • H13SRH
  • X12DGQ-R
  • X12DPG-QR
  • X13DEG-QT
  • X13DEM
  • X13DSF-A
  • X13OEI-CPU
  • X13QEH+
  • X13SEDW-F
  • X13SEED-F
  • X13SEED-SF
  • X13SEFR-A
  • X13SEM-F
  • X13SEM-TF
  • X13SET-G
  • X13SET-GC
  • X13SET-PT

Potential impact

If the threat actor obtains the private part of the RSA signing key (which is quite possible as this is a test untrusted key), they can generate and sign BMC firmware with arbitrary content and it will be successfully validated during the boot process. For example, such firmware may contain an implanted backdoor, allowing an attacker to remotely control the BMC system and the target host operating system.

Vulnerability description

The following figure shows the RoT chain implementation used by the Supermicro BMC firmware:

This process can be summarised in 3 main steps:

  1. U-Boot SPL bootloader verification

In general, the code in the ROM is responsible for verifying the U-Boot SPL bootloader with the public keys stored in the OTP (one time programmable) memory. Since we don't have the actual device, we can't be sure which keys are stored in the OTP. However, we have noticed that the logic in the custom U-Boot regular bootloader also performs the U-Boot SPL verification, trying 3 RSA modules located at 0xBDCO, 0xBFCO, 0xC1CO in sequence and exponent 65537, using the signature located at 0xC400. Subsequent execution is only allowed if the signature is successfully validated with at least one of the keys. It is therefore highly likely that the same keys are stored in the OTP. Crucially, the RSA module located at 0xBDCO matches the module of the "BMC Test Key".

  1. U-Boot regular bootloader verification

The logic in the customised U-Boot SPL performs the verification of the regular U-Boot bootloader by trying 2 RSA modules located at 0xB9C0, 0xBBC0 in sequence and exponent 65537, using the signature located at 0xFFC00. Subsequent execution is only allowed if the signature is successfully validated with at least one of the keys. Crucially, the RSA module located at 0xB9C0 matches the module of the "BMC Test Key".

  1. Rest of the firmware (Kernel, DTB, initramfs, Squashfs) verification

The logic in the custom U-Boot regular bootloader performs the verification of the rest of the firmware by trying 2 RSA modules located at 0xFEA00, 0xFEC00 in sequence and exponent 65537, using the signature located at 0x34F0400. Subsequent execution is only allowed if the signature is successfully validated with at least one of the keys. Crucially, the RSA module located at 0xFEA00 matches the module of the "BMC Test Key".

Note: The certificate of the above mentioned "BMC Test Key" is located in the firmware at offset 0xFE004, the public exponent of the RSA key is 65537.

Note: BINARLY REsearch team has not identified the presence of the private part of the key in the wild at this moment.

Note: The expiration date of the "BMC Test Key" is Feb 1 03:14:28 2070 GMT.

Note: We noticed that U-Boot SPL and U-Boot regular bootloaders are signed with the same private key. It is better to use different keys to sign different stages, in which case a compromise of a single key will only affect one stage. Note: We have noticed that the U-Boot SPL of some Supermicro BMC images is signed with "BMC Test Key", which may indicate that this key is stored in the OTP memory for these devices:

Device Version SHA256
H12SSG-ANP6 00.01.06 5f279bb047eb0decaa3a55b57344fd53807ca651ad729aa155ae54b99dca1edb
H12SSG-ANP6 00.01.15 a22a6405a3c9dc2e7f4768efdb72b3a3979d18235ad8791f0d3bf56291b633a9
H12SSG-AN6 00.01.12 080531536fb87d48ccbeaa1e3a68a4e2948efbafe9070113a343fa82db9b513c
X12DGU 00.01.03 5f223c7d950a2e7547e2dfa09d297938e3054a2ae43da39045225d7ec135f2ba

Disclosure Timeline

This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public

Disclosure Activity Date (YYYY-mm-dd)
Supermicro PSIRT is notified 2024-06-05
Supermicro PSIRT declined the issue 2024-07-02
BINARLY public disclosure date 2024-09-18

Acknowledgements

BINARLY team

Appendix

Test key certificate:

Data:
        Version: 3 (0x2)
        Serial Number:
            1a:da:e6:cf:23:66:6a:36:d9:dd:69:4c:2f:ba:30:14:90:f7:3d:5e
        Signature Algorithm: sha512WithRSAEncryption
        Issuer: C = US, ST = CA, L = SanJose, O = Super Micro Computer Inc., CN = RD1 BMC Test Key - DO NOT TRUST
        Validity
            Not Before: Feb 14 03:14:28 2020 GMT
            Not After : Feb  1 03:14:28 2070 GMT
        Subject: C = US, ST = CA, L = SanJose, O = Super Micro Computer Inc., CN = RD1 BMC Test Key - DO NOT TRUST
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c6:b3:42:c9:36:c3:a1:24:0c:ec:e5:1a:31:96:
                    5b:1d:a6:c7:85:66:50:bf:59:78:9c:2d:8d:07:5e:
                    6f:9b:f0:a0:70:7a:42:f0:0a:68:bd:e1:aa:80:ef:
                    2c:70:bd:7a:36:59:6a:ca:2a:1d:21:f1:1c:a1:31:
                    f3:d6:3d:2c:ea:32:0f:d6:62:99:01:57:99:e1:13:
                    fd:82:1a:78:c7:29:2b:4c:2d:70:43:b0:c5:28:94:
                    78:33:d5:c2:0b:d3:84:6c:86:08:18:e5:2e:6a:40:
                    d6:f4:fe:41:02:7f:ad:7a:96:16:af:86:9d:01:d7:
                    71:74:bb:0b:7b:24:3d:26:31:23:2b:91:05:2f:f9:
                    c5:6a:bb:b8:c1:85:bc:be:e7:6b:2f:bf:f9:5b:fa:
                    e9:c8:ce:f0:b7:af:4c:c7:eb:5c:f0:32:9f:f0:a3:
                    7a:a9:b3:eb:27:cd:a5:f3:3a:24:81:5d:01:e4:ac:
                    44:9a:59:fc:ee:04:86:03:9c:89:ce:65:ec:4d:34:
                    b5:9a:d8:86:71:97:8e:a7:b6:ec:91:61:89:b3:6c:
                    b1:7c:d8:8d:6b:fa:0d:51:0e:2a:cb:89:d6:06:f1:
                    c4:6b:27:25:66:92:d2:37:0f:5b:dc:fb:22:8f:18:
                    32:a4:42:52:68:55:5f:bd:8f:f5:20:c1:1e:1a:9a:
                    e4:32:ca:a4:e0:93:1d:f4:7f:41:8f:b7:78:9a:f4:
                    b0:b4:89:3f:93:d7:96:d7:cf:61:77:96:65:6f:03:
                    cf:82:e4:3d:c1:20:2e:1d:60:10:41:7d:2d:7f:5a:
                    0f:c3:52:0b:96:0b:a1:56:3b:47:6e:67:db:54:b1:
                    76:10:61:e7:34:1e:5f:63:b3:6c:27:9d:76:6f:d3:
                    39:11:e9:34:07:66:55:1d:fc:32:53:b6:91:54:d5:
                    5c:44:73:01:98:75:cc:71:04:8d:9d:a5:ca:f8:68:
                    26:a6:52:ab:bc:53:ac:65:08:56:ba:ad:f8:e9:51:
                    59:d5:24:d4:34:1b:c1:b4:f3:43:c7:69:ee:36:2d:
                    75:26:6c:7e:20:12:83:6b:1f:6f:fc:05:f7:7c:ae:
                    c8:3f:ca:49:7c:e6:a1:91:44:b5:db:55:5a:5c:ea:
                    f1:b1:46:71:1b:2a:fe:4e:9f:db:c1:e7:10:91:fb:
                    80:c2:8f:04:74:c6:31:aa:ed:71:0f:a4:b3:03:2d:
                    57:70:0c:ff:d0:aa:ed:f5:d7:1f:02:d5:75:8a:11:
                    d9:ca:07:9c:e7:02:39:2d:8b:1a:78:62:98:e4:d9:
                    1d:f2:2a:30:a4:29:ce:03:c9:56:08:d8:79:12:2e:
                    53:0d:b0:3f:0e:be:b4:51:06:a2:77:c2:dc:04:0b:
                    4a:a8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                2A:F0:A8:8C:87:67:4E:0A:D2:AD:20:B6:26:40:CA:A2:C4:01:1D:7F
            X509v3 Authority Key Identifier: 
                2A:F0:A8:8C:87:67:4E:0A:D2:AD:20:B6:26:40:CA:A2:C4:01:1D:7F
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha512WithRSAEncryption
    Signature Value:
        bc:05:cd:3b:e8:62:06:e6:ff:b0:80:5b:a8:02:2a:0c:20:9d:
        0b:eb:c6:fd:19:74:62:5c:34:aa:37:8d:46:84:2c:39:97:0d:
        08:ea:1a:8f:ae:cb:ff:dd:2e:1d:1d:85:3c:29:a5:fc:ed:99:
        d6:1b:17:2e:c6:d2:e0:28:b1:aa:62:58:06:11:fc:17:45:1b:
        a4:fd:4f:14:79:fb:42:5d:4c:35:72:73:3f:09:32:c6:c7:dc:
        b0:d2:63:4e:41:54:39:47:0e:a8:46:50:c3:43:7a:15:d9:a0:
        1e:ba:95:20:34:db:97:9f:7c:6e:c6:07:7a:76:2a:a2:b2:f2:
        06:c7:00:f3:a8:ef:5e:63:86:5e:e8:aa:de:07:f5:83:92:93:
        92:1a:86:04:85:bd:0b:c6:9a:04:3f:1e:10:8e:8f:8a:04:61:
        e7:b3:b2:af:5a:40:b2:ac:28:56:2e:b5:13:98:22:b3:71:df:
        5f:f0:8d:aa:c8:3e:20:66:bc:44:8a:cc:f5:e2:0e:aa:aa:9e:
        2b:43:46:cf:97:dc:b0:7b:b4:24:40:11:e0:bb:87:de:00:76:
        b1:2e:2d:c8:9a:e0:4b:b6:7c:33:ee:8c:0d:f8:72:15:ad:d4:
        35:9d:8f:79:ad:7f:f2:a1:da:a3:51:b0:55:5e:13:eb:72:bf:
        d8:91:7e:9f:65:83:ec:8a:70:23:4e:f2:e5:14:ef:b7:c5:67:
        67:50:76:71:1c:b1:e0:73:1c:ff:07:a7:2e:92:7d:e4:d3:4c:
        f9:2e:39:3a:e1:34:e0:35:55:19:91:62:54:5b:ac:04:13:3b:
        29:4a:cc:d2:18:59:65:60:0f:c2:c5:77:f3:a3:17:f2:68:1c:
        94:61:ef:70:48:90:c9:25:17:ad:e5:51:6e:90:12:97:45:67:
        ce:cc:16:e4:f7:67:e8:89:e4:39:40:c5:7f:84:5a:70:db:0c:
        1d:99:ea:32:58:43:39:2c:f4:6a:5a:5e:a9:a3:f1:f8:20:9e:
        42:f3:6f:35:60:6f:80:1d:ac:98:96:b3:45:51:fb:e7:6f:7e:
        3d:91:d7:96:1d:cf:5b:cd:89:56:f8:94:d0:b9:d0:92:b7:d0:
        51:01:11:54:57:7c:2a:21:91:91:42:37:35:63:52:d2:67:d3:
        47:6f:9e:27:3f:26:07:f0:d5:65:d4:a7:cf:3e:1c:88:ac:35:
        69:47:f4:1f:fd:2b:a2:c7:26:fd:b0:96:53:0e:5c:98:18:e3:
        16:c1:ae:d3:c8:61:34:92:17:3a:10:86:ea:46:1e:ad:16:98:
        0d:8c:fa:16:3a:3f:af:49:60:ee:76:a8:3a:61:a9:fe:03:c7:
        28:25:a3:be:3f:03:92:35
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIUGtrmzyNmajbZ3WlML7owFJD3PV4wDQYJKoZIhvcNAQEN
BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRAwDgYDVQQHDAdTYW5Kb3Nl
MSIwIAYDVQQKDBlTdXBlciBNaWNybyBDb21wdXRlciBJbmMuMSgwJgYDVQQDDB9S
RDEgQk1DIFRlc3QgS2V5IC0gRE8gTk9UIFRSVVNUMCAXDTIwMDIxNDAzMTQyOFoY
DzIwNzAwMjAxMDMxNDI4WjB6MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEDAO
BgNVBAcMB1Nhbkpvc2UxIjAgBgNVBAoMGVN1cGVyIE1pY3JvIENvbXB1dGVyIElu
Yy4xKDAmBgNVBAMMH1JEMSBCTUMgVGVzdCBLZXkgLSBETyBOT1QgVFJVU1QwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGs0LJNsOhJAzs5RoxllsdpseF
ZlC/WXicLY0HXm+b8KBwekLwCmi94aqA7yxwvXo2WWrKKh0h8RyhMfPWPSzqMg/W
YpkBV5nhE/2CGnjHKStMLXBDsMUolHgz1cIL04RshggY5S5qQNb0/kECf616lhav
hp0B13F0uwt7JD0mMSMrkQUv+cVqu7jBhby+52svv/lb+unIzvC3r0zH61zwMp/w
o3qps+snzaXzOiSBXQHkrESaWfzuBIYDnInOZexNNLWa2IZxl46ntuyRYYmzbLF8
2I1r+g1RDirLidYG8cRrJyVmktI3D1vc+yKPGDKkQlJoVV+9j/UgwR4amuQyyqTg
kx30f0GPt3ia9LC0iT+T15bXz2F3lmVvA8+C5D3BIC4dYBBBfS1/Wg/DUguWC6FW
O0duZ9tUsXYQYec0Hl9js2wnnXZv0zkR6TQHZlUd/DJTtpFU1VxEcwGYdcxxBI2d
pcr4aCamUqu8U6xlCFa6rfjpUVnVJNQ0G8G080PHae42LXUmbH4gEoNrH2/8Bfd8
rsg/ykl85qGRRLXbVVpc6vGxRnEbKv5On9vB5xCR+4DCjwR0xjGq7XEPpLMDLVdw
DP/Qqu311x8C1XWKEdnKB5znAjktixp4Ypjk2R3yKjCkKc4DyVYI2HkSLlMNsD8O
vrRRBqJ3wtwEC0qoxQIDAQABo1MwUTAdBgNVHQ4EFgQUKvCojIdnTgrSrSC2JkDK
osQBHX8wHwYDVR0jBBgwFoAUKvCojIdnTgrSrSC2JkDKosQBHX8wDwYDVR0TAQH/
BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAvAXNO+hiBub/sIBbqAIqDCCdC+vG
/Rl0Ylw0qjeNRoQsOZcNCOoaj67L/90uHR2FPCml/O2Z1hsXLsbS4CixqmJYBhH8
F0UbpP1PFHn7Ql1MNXJzPwkyxsfcsNJjTkFUOUcOqEZQw0N6FdmgHrqVIDTbl598
bsYHenYqorLyBscA86jvXmOGXuiq3gf1g5KTkhqGBIW9C8aaBD8eEI6PigRh57Oy
r1pAsqwoVi61E5gis3HfX/CNqsg+IGa8RIrM9eIOqqqeK0NGz5fcsHu0JEAR4LuH
3gB2sS4tyJrgS7Z8M+6MDfhyFa3UNZ2Pea1/8qHao1GwVV4T63K/2JF+n2WD7Ipw
I07y5RTvt8VnZ1B2cRyx4HMc/wenLpJ95NNM+S45OuE04DVVGZFiVFusBBM7KUrM
0hhZZWAPwsV386MX8mgclGHvcEiQySUXreVRbpASl0VnzswW5Pdn6InkOUDFf4Ra
cNsMHZnqMlhDOSz0alpeqaPx+CCeQvNvNWBvgB2smJazRVH7529+PZHXlh3PW82J
VviU0LnQkrfQUQERVFd8KiGRkUI3NWNS0mfTR2+eJz8mB/DVZdSnzz4ciKw1aUf0
H/0roscm/bCWUw5cmBjjFsGu08hhNJIXOhCG6kYerRaYDYz6Fjo/r0lg7naoOmGp
/gPHKCWjvj8DkjU=
-----END CERTIFICATE-----
Tags
No items found.
FWHunt
See if you are impacted now with our Firmware Vulnerability Scanner