[File] [RFC] Magdir/firmware for HPE iLO firmware update

Alexandre IOOSS erdnaxe at crans.org
Tue Oct 11 08:15:02 UTC 2022 

Hello,

I would like to propose a new signature for HPE iLO firmware update 
images. These updates are usually uploaded through a web interface or 
from a host operating system to an embedded out-of-band management 
system on HPE Proliant server series.

For iLO4 and iLO5, I used some security literature from Airbus security 
team 
(https://www.sstic.org/2018/presentation/backdooring_your_server_through_its_bmc_the_hpe_ilo4_case/) 
to create the signature.
For iLO1, iLO2 and iLO3 (end-of-life), I crafted a signature that works 
with all the update images that HPE published.

As I am still new to signature writing, I am unable to figure out a way 
to strip the leading "\032" at the end of the version string for iLO3 
and iLO4 firmware:

```
ilo3_190.bin: HPE iLO3 firmware update image, version 1.90.5 26-Jul-2018\032
ilo3_191.bin: HPE iLO3 firmware update image, version 1.91.1 22-Oct-2018\032
ilo3_193.bin: HPE iLO3 firmware update image, version 1.93.3 07-Aug-2020\032
ilo3_194.bin: HPE iLO3 firmware update image, version 1.94.2 06-Dec-2020\032
ilo4_101.bin: HPE iLO4 firmware update image, version 1.1.46 16-Feb-2012\032
ilo4_110.bin: HPE iLO4 firmware update image, version 1.10.31 
17-Jul-2012\032
ilo4_120.bin: HPE iLO4 firmware update image, version 1.20.56 
01-Feb-2013\032
ilo4_140.bin: HPE iLO4 firmware update image, version 1.40.50 
14-Jan-2014\032
ilo4_200.bin: HPE iLO4 firmware update image, version 2.0.67 30-Jul-2014\032
```

Is there a way to print a string using `%s` and stop before "\032"?
Attached, you will find the signature.

Best regards,

-- 
Alexandre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: file_hpe_ilo_firmware.diff
Type: text/x-patch
Size: 1599 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20221011/e94c5ecc/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.astron.com/pipermail/file/attachments/20221011/e94c5ecc/attachment.asc>

More information about the File mailing list