[CentOS] How to get UEFI setting by shell?

Fri Jan 22 22:38:32 UTC 2016
John R Pierce <pierce at hogranch.com>

On 1/22/2016 2:24 PM, Gordon Messmer wrote:
> On 01/22/2016 01:56 PM, John R Pierce wrote:
>> Sure, if someone has penetrated my IPMI and/or virtualization 
>> management, I'm already in a world of hurt
>
> Exactly.  IPMI should be on a dedicated VLAN with a bastion host. No 
> other systems should have access to it at all.  The servers, 
> especially, should not have access to their own IPMI network. 
> Otherwise, you risk creating exactly that kind of hole, where tasks 
> that are supposed to require console access don't.
>
> Having said that, I have no idea whether or not the virtual console is 
> locked during the secure boot path.  Anybody who uses IPMI and secure 
> boot? 

for that matter, what about a VM running on a service like Amazon AWS 
(or pick your virtual server environment) ?    AWS provides a remote 
console, doesn't it?





-- 
john r pierce, recycling bits in santa cruz