NL.net proposal

Project name

LibreBMC

Website / wiki

https://libre-soc.org/nlnet_2022_librebmc

NLNet proposal 1 : LibreBMC Board Porting

Abstract: LibreBMC replaces the proprietary Baseboard Management Controller (BMC) and its secret hidden firmware, entirely. In servers typically used in Data Centre's and for scenarios where data privacy is paramount this turns out to be critical. One of the most commonly-used BMC Processors in the world has a silicon-baked plaintext password for its Serial Console, and with a BMC being the very means by which a processor's BIOS is uploaded, this publicly-available password allows for a full bypass of every conceivable security measure. BMC (out-of-band) Processors are also present in every AMD and Intel desktop and laptop in the world, think the Intel Management Engine. Even replacing the BIOS with coreboot is not enough to gain trust because the BMC is in charge of uploading coreboot/oreboot, and could easily alter it. At least in this case if the BMC's firmware is replaced it increases trust that the payload (coreboot/oreboot) has not been tampered with. However this is so low-level that there is serious risk of damaging the user's machine. LibreBMC therefore intends to make a low-cost (dual) FPGA-based "Experimentation" platform, as Libre/Open Hardware, for developers to iteratively test out development of alternative BMC Firmware (LibreBMC, OpenBMC, u-bmc), without risk of damage to the machine it is managing. One FPGA will run LibreBMC, the other Libre-SOC/Microwatt/A2O, and the first will boot the second. This will allow the next phase - actual booting of servers and desktop machines - to proceed with confidence.

Experience: I am the TSC of the OpenPOWER Foundation, and I am involved with Libre-SOC. I already build a full Linux Distribution, PowerEL to several platforms. However this work would be spread over several people in the company and within the Libre-SOC team.

Amount: 50000 EUR

Use:

  • Design and fabrication of Libre/Open Hardware Dual FPGA Carrier boards (most likely accepting ECP5 based devices such as the OrangeCrab module)
  • Porting of both LibreBMC and OpenBMC to the FPGA Board (with optionally u-bmc)
  • Porting to Raptor Engineering's Arctic Tern Board (Lattive ECP5 based FPGA board)
  • Implementation of server side LPC (client-side already exists)
  • Verilator simulation of both client and server side LPC and testing of the two simulations back-to-back

Comparison: There are no real open source BMC stack projects, there is OpenBMC, u-bmc which is the software stack, there is an Arctic Tern board, and there is an DC-SCM board of Antmicro, however there is no real overall project that enables a user to pick up an hardware BMC and put their their software on that BMC

Challenges: Making test boards, porting the software to those boards.

Ecosystem: As a result of our efforts it will make it easier for other users to expand targets to existing hardware (this is not included in this project, however it is the end goal). In the long term we want manufacturers to make this a standard, as OCP NIC are becoming a standard on servers, and USB-C is required by the EU, we want DC-SCM, RunBMC modules to become standard (another proposal submitted for thiw work)

NLNet proposal 2 : LibreBMC User Standard

Abstract: LibreBMC replaces the proprietary Baseboard Management Controller (BMC) and its secret hidden firmware, entirely. One of the most commonly-used BMC Processors in the world has a silicon-baked plaintext password for its Serial Console, and with a BMC being the very means by which a processor's BIOS is uploaded, this publicly-available password allows for a full bypass of every conceivable security measure. BMC (out-of-band) Processors are also present in every AMD and Intel desktop and laptop in the world, think the Intel Management Engine. Even replacing the BIOS with coreboot is not enough to gain trust because the BMC is in charge of uploading coreboot/oreboot, and could easily alter it. At least in this case if the BMC's firmware is replaced it increases trust that the payload (coreboot/oreboot) has not been tampered with. By using FPGA based BMC, the software, hardware can be open sourced and provides insight to the end-user, we want to make it easy for users to be able to build their on BMC firmware using minimal technical knowledge. However we will also need hardware to support that and part of this project is to make LibreBMC based design a standard as the OCP Mezz NIC standard is on servers, or SO-DIMM's or LPDDR on user devices, like laptops, and desktops.

Experience: I am part of the LibreBMC project, the Libre-SOC project, the PowerEL project and we want to get involved with OCP to push the DC-SCM and RunBMC standard to go industry wide so the adoption becomes easy and manufacturers provide this standard on all devices.

Amount: 50000 EUR

Use:

  • Development of an EU Standard for Baseboard Management Control, suitable for EU end-user products such as chromebooks, laptops, and desktop computers (instead of the current soldered-down insecure ICs).
  • Build LibreBMC images for end-users to download and flash easily - Have a service to build own images for personal usage so people can customize their BMC image - Be involved with OCP to steer the DC-SCM and RunBMC standards

Comparison: There has been no effort to open the BMC to this point, we started under the LibreBMC project backed by the OpenPOWER Foundation and as POWER users we have several experimental systems that are becoming available for testing use, those technical efforts need to be put to benefit of the end-user and their devices, such as laptops, desktops, servers and others. Challenges: Making a standard BMC for manufacturers to be able, willing and suggested to implement. Making users aware of the possibility to customize BMC setup to be security and privacy aware.

Ecosystem: We want to persuade the OCP to make it mandatory and then convince the EU to also to that as they did with USB-C. We need end-users to care about the open source hardware and software stack running on a part most people do not even know exists, as it is hidden from the user in most cases.

NLNet draft

draft work version prior to submission

Please be short and to the point in your answers; focus primarily on the what and how, not so much on the why. Add longer descriptions as attachments (see below). If English isn't your first language, don't worry - our reviewers don't care about spelling errors, only about great ideas. We apologise for the inconvenience of having to submit in English. On the up side, you can be as technical as you need to be (but you don't have to). Do stay concrete. Use plain text in your reply only, if you need any HTML to make your point please include this as attachment.

Abstract: Can you explain the whole project and its expected outcome(s).

LibreBMC replaces the proprietary Base board Management Controller (BMC) and its secret firmware, entirely. In servers typically used in Data Centres and for scenarios where data privacy is paramount this turns out to be critical. One of the most commonly-used BMC Processors in the world has a silicon-baked plaintext password for its Serial Console, and with a BMC being the very means by which a processor's BIOS is uploaded, this publicly-available password allows for a full bypass of every conceivable security measure.

BMC Processors are also present in every AMD and Intel desktop and Laptop in the world. Even replacing the BIOS with coreboot is not enough to gain trust because the BMC is in charge of uploading coreboot, and could easily alter it. At least in this case if the BMC's firmware is replaced it increases trust that the payload (coreboot) has not been tampered with. However this is so low-level that there is serious risk of damaging the user's machine.

LibreBMC therefore intends to make a low-cost dual FPGA-based "Experimentation" platform, as Libre/Open Hardware, for developers to iteratively test out development of alternative BMC Firmware (LibreBMC, OpenBMC), without risk of damage to the machine it is managing. One FPGA will run LibreBMC, the other Libre-SOC/Microwatt/A2O, and the first will boot the second.

This will allow the next phase - actual booting of servers and desktop machines - to proceed with confidence.

Have you been involved with projects or organisations relevant to this project before? And if so, can you tell us a bit about your contributions?

Requested Amount

EUR 75,000.

Explain what the requested budget will be used for?

  • Design and fabrication of Libre/Open Hardware Dual FPGA Carrier boards (most likely accepting OrangeCrab as a module)
  • Porting of both LibreBMC and OpenBMC to the FPGA Board
  • Porting to Raptor Engineering's Arctic Tern Board
  • Implementation of server side LPC (client-side already exists)
  • Verilator simulation of both client and server side LPC and testing of the two simulations back-to-back
  • Development of an EU Standard for Baseboard Management Control, suitable for EU end-user products such as chromebooks, laptops, and desktop computers (instead of the current soldered-down insecure ICs).

Compare your own project with existing or historical efforts.

TODO compare with RunBMC and OpenBMC.

What are significant technical challenges you expect to solve during the project, if any?

Describe the ecosystem of the project, and how you will engage with relevant actors and promote the outcomes?

Extra info to be submitted

  • TODO URLs etc