Supermicro’s response to Trickboot vulnerability, March 2021

Supermicro is aware of the Trickboot issue which is observed only with a subset of the X10 UP motherboards. Supermicro will be providing a mitigation for this vulnerability.

TrickBoot is a new functionality within the TrickBot malware toolset capable of discovering vulnerabilities and enabling attackers to read/write/erase the device’s BIOS.

TrickBoot checks if the BIOS control register is unlocked and the BIOS region contents can be changed. Reconnaissance actions allow BIOS to be read/written or removed in later phases of the attack. One can install a backdoor or "brick" the vulnerable machine. Malicious code planted on the BIOS can survive OS reinstalls.

Supermicro confirmed that the following motherboard products are affected by this vulnerability and will be providing mitigation.

Motherboard	BIOS	Vulnerability “Trickboot”	Vulnerability Score	BIOS with the Fix
X10 DP-series	BIOS DP	Not detected	N/A	N/A
X10 UP-series (Grantley, Broadwell)	BIOS UP	Not detected	N/A	N/A
X10 UP-series (Denlow)	BIOS UP	Missing BIOS Write Protections	High/8.2	BIOS v3.4
X11 UP-series	BIOS UP	Not detected	N/A	N/A
X11 DP-series	BIOS DP	Not detected	N/A	N/A
X12 UP-series	BIOS UP	Not detected	N/A	N/A

BIOS with the fix will be released for the non-EOL’ed products. BIOS for the EOL products will be available by request. Please check product pages or the Download page for BIOS availability.

This is the list of the affected X10 UP-series (H3 Single Socket “Denlow”) motherboards:

X10SLH-F (will EOL on 3/11/2021)
X10SLL-F (EOL’ed since 6/30/2015)
X10SLM-F (EOL’ed since 6/30/2015)
X10SLL+-F (EOL’ed since 6/30/2015)
X10SLM+-F (EOL’ed since 6/30/2015)
X10SLM+-LN4F (EOL’ed since 6/30/2015)
X10SLA-F (EOL’ed since 6/30/2015)
X10SL7-F (EOL’ed since 6/30/2015)
X10SLL-S/-SF (EOL’ed since 6/30/2015)

Supermicro recommends the following best practices:

Check devices to ensure that BIOS write protections are enabled.
Verify firmware integrity by checking firmware hashes against known good versions of firmware.
Update firmware to mitigate numerous vulnerabilities that have been discovered.

To minimize the exposure and prevent Trickbot infection, please follow the mitigation recommendations from the Center for internet Security:
https://www.cisecurity.org/white-papers/security-primer-trickbot/

Rackmount Servers

1U Dual Processor

2U Dual Processor

Single Processor

Multi Processor

Product Families

GPU Servers

8U GPU Lines

4U GPU Lines

2U GPU Lines

1U GPU Lines

Twin Servers

FlexTwin™

BigTwin®

GrandTwin®

TwinPro®

Twin

FatTwin®

Blade Servers

SuperBlade®

MicroBlade®

MicroCloud

Storage Servers

All Storage Systems

All-Flash NVMe

Top-Loading Storage

JBOF

Enterprise-Optimized Storage

JBOD Storage Enclosures

Motherboards

Server Boards

Workstation Boards

Embedded / IoT Boards

Desktop / Gaming Boards

Previous Gen.

Motherboard Matrix

Global SKUs

Chassis

1U Chassis

2U Chassis

3U Chassis

4U / Tower Chassis

Mid / Mini-Tower

Embedded / IoT Chassis

Mobile Racks / Drive Kits

JBOD Storage Enclosures

Global SKUs

SuperRack®

Data Center Solution Engineering (DCSE)

Rack Integration Service

Accessories

Cable Matrix

Riser Card Matrix

Storage AOC Matrix

Power Supply Matrix

Heatsink Matrix

System Fan Matrix

Mobile Racks / Drive Kits

Front Chassis Bezels

Storage, I/O, Security

Edge & Telecom Servers

Fanless Edge Systems

Compact Edge Systems

Outdoor Edge Systems

1U Edge Network Systems

5G/Telecom Systems

Embedded Components

Embedded Motherboards

Embedded Chassis

Switches

Adapters

SuperWorkstations

Liquid-Cooled AI Development Platform

Single-Processor

Dual-Processor

Supero™ Gaming Solutions

AI Infrastructure

AI SuperCluster

AI Solutions for Industries

Edge AI