[CentOS] How to get UEFI setting by shell?
John R Pierce
pierce at hogranch.com
Fri Jan 22 22:38:32 UTC 2016
On 1/22/2016 2:24 PM, Gordon Messmer wrote:
> On 01/22/2016 01:56 PM, John R Pierce wrote:
>> Sure, if someone has penetrated my IPMI and/or virtualization
>> management, I'm already in a world of hurt
>
> Exactly. IPMI should be on a dedicated VLAN with a bastion host. No
> other systems should have access to it at all. The servers,
> especially, should not have access to their own IPMI network.
> Otherwise, you risk creating exactly that kind of hole, where tasks
> that are supposed to require console access don't.
>
> Having said that, I have no idea whether or not the virtual console is
> locked during the secure boot path. Anybody who uses IPMI and secure
> boot?
for that matter, what about a VM running on a service like Amazon AWS
(or pick your virtual server environment) ? AWS provides a remote
console, doesn't it?
--
john r pierce, recycling bits in santa cruz
More information about the CentOS
mailing list