Course Outline
- BMC Threat Model
- Attack surface of server BMCs
- Common vulnerabilities in legacy BMC firmware
- OpenBMC security architecture overview
- Compliance requirements (NIST, PCI-DSS)
Secure Boot
- U-Boot verified boot chain
- Image signing with RSA and ECDSA
- Key hierarchy and revocation
- Measurement and attestation basics
Firmware Update Security
- Image signature verification flow
- Rollback protection and version policies
- Dual-bank update strategies
- Code update via Redfish and IPMI
Certificate Management
- Phosphor-certificate-manager architecture
- Installing and replacing HTTPS certificates
- Certificate Authority (CA) trust stores
- LDAPS and client certificate authentication
Authentication and Authorization
- Local user management and password policies
- LDAP and Active Directory integration
- PAM stack configuration
- Redfish RBAC and privilege mapping
Network Security
- Firewall rules and nftables
- TLS 1.3 configuration in bmcweb
- SSH hardening and key-based auth
- Network segmentation for BMC interfaces
Audit and Response
- Remote syslog configuration
- Security event logging
- SEL and audit trail management
- Incident response for compromised BMCs
Security Testing
- Static analysis with CodeQL and Bandit
- Fuzzing D-Bus interfaces
- Penetration testing REST and Redfish APIs
- CVE tracking and patch management
Requirements
- Understanding of PKI and TLS fundamentals
- Basic Linux security concepts
- Familiarity with embedded firmware update mechanisms
Audience
- Security engineers
- Firmware developers
- System administrators managing BMC infrastructure
Custom Corporate Training
Training solutions designed exclusively for businesses.
- Customized Content: We adapt the syllabus and practical exercises to the real goals and needs of your project.
- Flexible Schedule: Dates and times adapted to your team's agenda.
- Format: Online (live), In-company (at your offices), or Hybrid.
Price per private group, online live training, starting from 3200 € + VAT*
Contact us for an exact quote and to hear our latest promotions
Testimonials (4)
The trainer was helpful..
Attila - Lifial
Course - Compliance and the Management of Compliance Risk
I understood the process of the operating system and how do we link all factors together information of network as well so now I have an obvious and full picture about what is going on these computers how they communicate with each others ultimately gained knowledge about the most important operating system which is Linux and how do we implement our own embedded Linux
Rawda Alnaqbi - beamtrail
Course - Introduction to Embedded Linux (Hands-on training)
Speed of response and communication
Bader Bin rubayan - Lean Business Services
Course - ISO/IEC 27001 Lead Implementer
The knowledge of the trainer. He was able to answer all of my questions, even questions about our platform. He also continued to help until we all understood the material.
