Supermicro OOB license now available within an hour online for $30
- Thread starter BLinux
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
The description does indeed say X9, but the pulldown doesnt list any X9s and the motherboard search says "Not compatible" for any X9 model number I entered.
I wonder if that particular license key only works with the REDFISH IPMI BIOS?
I think I didn't have that feature with my intel boards even with the management modules that support ikvm...
The code they give you is just a sha1 of the BMC mac address...
Paying $30 for a checksum of a known value is a bit much.
Paying $30 for a checksum of a known value is a bit much.
Yes, please don't talk about that. If everyone knew how to google Reverse Engineering Supermicro IPMI, Supermicro may change things and make it more difficult for everyone. 
I'm really sure what SM could do in this instance; they might well change the key creation method, but there's no way to tell the difference between a key that's been bought and one that's been user generated so if they wanted to change the key format, they'd have to a) issue IPMI updates for every board to invalidate all existing keys and b) re-issue all customers with valid new IPMI keys. Neither of those would be very popular.
The key validation routines are always going to be included in the firmware somewhere, so short of providing either encrypted filesystems in the blobs using a hardware TPM, or forcing online-only activation (never going to fly for something that should be on an airgapped network with no internet access), they're between a rock and a hard place.
The key validation routines are always going to be included in the firmware somewhere, so short of providing either encrypted filesystems in the blobs using a hardware TPM, or forcing online-only activation (never going to fly for something that should be on an airgapped network with no internet access), they're between a rock and a hard place.
Actually I think they could. I bought a oob license for my x10srl and sent wiredzone accidentally the mac address of the first intel nic. They sent me a key that matches what comes out of the algorithm when used with the bmc nic mac address
Regardless of whether they could do something about it, it’s not likely on current platforms and there’s low value on future ones. The profits lost to this are probably not noticeable and certainly not keeping them up at night. Especially with their current situation post Bloomberg they don’t want to create and legitimate reasons for customers to leave them.
In my opinion, remote flashing of the Motherboard Firmware seems like a too basic and necessary feature nowadays to charge extra for it for those that already are paying 50 U$D or so for having a Motherboard with BMC (Supermicro is already providing in a lot of Motherboards two versions, one with and one without BMC, this should already be there for the latter).
Moreover, since it seems that Supermicro likes to solder the Flash chip instead of having it socketed, you can't manually reprogram the Firmware if somehow you blow it during a flash, making remote flashing via BMC even more necessary...
Moreover, since it seems that Supermicro likes to solder the Flash chip instead of having it socketed, you can't manually reprogram the Firmware if somehow you blow it during a flash, making remote flashing via BMC even more necessary...