[File] [RFC] Magdir/firmware for HPE iLO firmware update

Christos Zoulas christos at zoulas.com
Sat Oct 15 15:38:56 UTC 2022


Committed, thanks!

christos

> On Oct 11, 2022, at 4:15 AM, Alexandre IOOSS <erdnaxe at crans.org> wrote:
> 
> Signed PGP part
> Hello,
> 
> I would like to propose a new signature for HPE iLO firmware update images. These updates are usually uploaded through a web interface or from a host operating system to an embedded out-of-band management system on HPE Proliant server series.
> 
> For iLO4 and iLO5, I used some security literature from Airbus security team (https://www.sstic.org/2018/presentation/backdooring_your_server_through_its_bmc_the_hpe_ilo4_case/) to create the signature.
> For iLO1, iLO2 and iLO3 (end-of-life), I crafted a signature that works with all the update images that HPE published.
> 
> As I am still new to signature writing, I am unable to figure out a way to strip the leading "\032" at the end of the version string for iLO3 and iLO4 firmware:
> 
> ```
> ilo3_190.bin: HPE iLO3 firmware update image, version 1.90.5 26-Jul-2018\032
> ilo3_191.bin: HPE iLO3 firmware update image, version 1.91.1 22-Oct-2018\032
> ilo3_193.bin: HPE iLO3 firmware update image, version 1.93.3 07-Aug-2020\032
> ilo3_194.bin: HPE iLO3 firmware update image, version 1.94.2 06-Dec-2020\032
> ilo4_101.bin: HPE iLO4 firmware update image, version 1.1.46 16-Feb-2012\032
> ilo4_110.bin: HPE iLO4 firmware update image, version 1.10.31 17-Jul-2012\032
> ilo4_120.bin: HPE iLO4 firmware update image, version 1.20.56 01-Feb-2013\032
> ilo4_140.bin: HPE iLO4 firmware update image, version 1.40.50 14-Jan-2014\032
> ilo4_200.bin: HPE iLO4 firmware update image, version 2.0.67 30-Jul-2014\032
> ```
> 
> Is there a way to print a string using `%s` and stop before "\032"?
> Attached, you will find the signature.
> 
> Best regards,
> 
> --
> Alexandre
> <file_hpe_ilo_firmware_diff.DEFANGED-0>
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <https://mailman.astron.com/pipermail/file/attachments/20221015/0cc10294/attachment.asc>


More information about the File mailing list