SuperMicro on using IPMI in a home lab

Here’s advice from a few months ago by SuperMicro on how to use IPMI in a network environment:


If you are utilizing Supermicro in your lab environment, there is a great feature that comes with Supermicro boards that allows BMC IPMI management of the server.  It is basically an out of band management of the server much like a switch OOB management interface.  I wanted to post some screenshots of most of the various areas of control you have with the IPMI console of a Supermicro box.  It is fairly comprehensive.  Let’s take a look at Supermicro IPMI management walkthrough.



Talos Secure Workstation: coreboot + POWER8

New potential product on CrowdSupply with a NICE set of features (…and I wonder how secure it will be):

* Blob-free operation
* Fully libre (open-source) IBM OPAL primary firmware w/ PetitBoot interface
* Fully libre (open-source) OpenBMC secondary (IPMI / OoBM) firmware
* NO signing keys preventing firmware modification



AMI and Realtek extend DMTF DASH to use WiFi

DMTF SMASH and DASH are pre-os technologies, somewhat like IPMI and Redfish. SMASH is for servers, DASH is for desktops. AMI and Realtek have DASH working over WiFi now. The new risk brought with this feature is that, if attacker can find exploit in WiFi DASH implementation, they can attack system remotely. Before, they needed an Ethernet connection, now they can use WiFi. IPMI and Redfish have similar risks. I wonder if servers are also available via WiFi with SMASH? Excerpt from press release:

American Megatrends Inc. (AMI), in collaboration with Realtek Semiconductor, an AMI Technology Partner, is pleased to introduce RealManage™ 2.0, a WiFi DASH solution integrated with the RTL8111FP-CG NIC controller chip from Realtek.

DASH (Desktop and mobile Architecture for System Hardware) is a client management standard released by the DMTF (Distributed Management Task Force) and is a web services-based standard for secure out-of-band and remote management of desktops and mobile systems. Realtek has long been an Ethernet NIC market leader and with the RTL8111FP-based next-generation DASH remote management solution called RealManage 2.0, Realtek aims to keep its market position and remain a force for technology innovation.

“With the rising popularity of the GUI BIOS, enterprise customers required out-of-band KVM (Keyboard, Video, and Mouse) functions beyond the standard ‘Text Console Redirection’ feature. Realtek’s RealManage 2.0 is our answer; a powerful DASH solution that supports Wi-Fi and Ethernet DASH, and is compliant with a GUI BIOS,” said Realtek’s Vice President and Spokesman, Yee-Wei Huang. “It brings a whole new application methodology and experience to commercial customers, providing a wealth of data and tools for remote out-of-band client management tasks.”

Full press release:


DMTF Redfish 1.0.2 released

DMTF released Redfish 1.0 a while ago, and now they’ve done their first revision to this IPMI replacement technology. Excerpting DMTF’s press release:

The latest specification and schemas for the DMTF’s Redfish standard are now available. Now available for download, the 2016.1 publication includes new Redfish schemas for AttributeRegistry, Bios, Drive, Memory, MemoryCollection, MemoryMetrics, SecureBoot, Storage, StorageCollection and Volume. In addition, this release includes minor updates to the Chassis, ComputerSystem, Event, Manager, Power, Resource, SimpleStorage and Thermal schemas, along with all previously released schemas using updated file naming conventions. Released separately as a Work in Progress (WIP) for public comment, the DSP8010-WIP-2016.0.9a () publication includes new Redfish schemas for providing firmware update services (UpdateService, FirmwareInventory) and PCIe switch and device management (PCIeDevice, PCIeFunction, PCIePort, PCIeSwitch, and PCIeZone, and respective Collection schemas). In addition, DMTF has released version 1.0.2 of the Redfish Scalable Platforms Management API Specification, which defines the protocols, data model, and behaviors for Redfish.



FWTS 16.05.01 released

Alex Hung of Canonical has announced the 16.05.01 release of FWTS, the FirmWare Test Suite.

There are new ACPI and IPMI and TCG OVAL and Linux device-tree tests. In addition to new features, there’s an even larger list of bugfixes for most classes (UEFI, BIOS, ACPI, etc.) of tools, not excerpted below, see the full announcement for those.

New Features:
  * acpi: add MSCT table sanity check
  * acpi: add EINJ table sanity check
  * ACPICA: Update to version 20160318 (LP: #1559312)
  * Introduce olog scan, to check OPAL msglog.
  * Introduce IPMI BMC Info
  * devicetree: add infrastructure for device-tree tests
  * devicetree/dt_sysinfo: Add device tree system information tests
  * devicetree/dt_base: Add base device-tree validity checks
  * debian/control: change depends on libjson0-dev to libjson-c-dev
  * auto-packager: mkpackage.sh: add yakkety and remove vivid
  * debian/control: add back libjson0-dev for precise




IPMIPWN came out 2 months ago and I missed it. 😦 IPMIPWN’s readme excerpt:

IPMI cipher 0 attack tool

There are a few good tools out there (Metasploit) to help you find and identify the IPMI cipher 0 vulnerability, but because its relatively trivial to exploit I have seen nothing that helps you pwn it. While it is easy to exploit, I have found I keep having to brush up on commands and junk every time I come across it which is where my tools comes in. My IPMIPWN tool does all the real work for you, it will attempt to exploit the cipher 0 vulnerability using a list of predefined default user accounts and setup an backdoor account with a semi-random username and random password. All successful backdoors are logged in loot.log. This tool works best on Kali, it does require you to have ipmiutils “apt-get install ipmitool” and NMAP installed. Enjoy.

Besides IPMIPWN, and Metasploit, the tools FreeIPMI and IPMItool are also worth checking out. There is an IPMI Util  tool for Windows, and an Intel IPMI tool for MS-DOS, both of which I have not tried out.

If you are new to IPMI security, start here:


FWTS gains IPMI BMC Info tool

Deb McLemore of IBM has submitted a BMC Info, new IPMI tool to FirmWare Test Suite (FWTS).

Introduce IPMI BMC Info

This feature adds the foundation to perform an IPMI BMC Info check that will determine if a Host is capable of IPMI messaging and if so will perform a basic IPMI message exchange to determine the version of IPMI running on the hardware.  In the future the IPMI infrastructure can be used to further interrogate the FRU Inventory and other Sensors to help correlate data and surface any discrepancies on inventory or hardware characteristics.

For more information, see the patch sent to the fwts-devel mailing list: