1) Requiring signing of all firmwares, and putting those firmware private keys in control of Rackspace whenever possible.
2) Disabling systems of integration between the BMC and Operating system -- for example we completely disable the HECI bus, removing a major surface area for the operating system to affect the BMC.
I suspect an ideal state to be in would be that there was no firmware flashing at all, the various bits of hardware would have some version of the firmware in ROM and could load a replacement firmware into RAM, but never be able to store that in a PROM, thus guaranteeing that no malicious code could ever persist between tenants. Probably a lot harder to arrange with hardware people though.
I guess my concern with signed firmware is that it's increasing the attack surface of the firmware by adding in crypto code. Identifying malicious code is going to be hard enough to start with, let alone hunting down its attack vector, let alone getting a decent fix from some vendor in a useful timeframe!
thanks for telling the story. it is encouraging for us as we are bringing up ironic support ourselves.
