This is why I am skeptical. I will not presume to know how Supermicro and Elemental operate but I find it unlikely that this would go unnoticed by both of them. The guys I work with raise hell if CRCs on firmware images don't match, much less a BOM change. There are a lot of QA breakdowns that have to happen after manufacturing for this sort of attack to be successful. Could it happen? Sure, but there should be some sort of available evidence. What about the rest of Elemental's customers? Did the government manage to quietly take all of their servers as well?

Eh... it's not quite that simple. Checking the firmware before it goes into the device is not the issue. It's after the firmware is in the (integrated) device that it's an issue. How do you check that? You have to boot the device to calculate the CRC. Now assume that the device's bootloader is compromised and that the device actually has more internal storage than you thought. Now what? Ensuring correctness of firmware to verify the device won't do something you've never seen it do is quite difficult.

I just brought up the CRCs as an example of due diligence. This attack, as I understand it, hinges on a design and BOM change to the board. So my question is how did that change manage to make it past both Supermicro and Elemental?

Simply put, they never checked?

Depending on what the chip did, the CRC on a firmware image may not actually change. If the chip was just listening to the SPI lines to the BMC's load, it could just inject additional data into the stream. The flash chip on the board could be 100% legit, but the final image loaded on to the BMC might be malicious. Do you really CRC the entire BMC environment after boot, or just check the image when you go to update the BMC?