OpenBMC 2.6 released

February 18, 2019 ~ hucktech ~ Leave a comment

This is the first release with Redfish support!

OpenBMC 2.6 Release – https://t.co/zc9JilrbkY

— Kurt R Taylor (@kurtrtaylor) February 15, 2019

http://www.kurttaylor.com/blog/2019/02/openbmc-2-6-release/

https://github.com/openbmc/docs/blob/master/release/release-notes.md#26-feb-4-2019

OpenBMC on PantsDown

January 31, 2019 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2019/01/22/cve-2019-6260-pantsdown-gaining-control-of-bmc-from-the-host-processor/

[…]Solution: The mitigations are in the 2.6 level of OpenBMC for all supported SPEED-based platforms. The complete solution is platform dependent because it can involve patching both the BMC firmware and the host firmware. For example, disabling the iLPC2AHB bridge can be a bit of a finicky process. The host platform’s operating system may be impacted when the P2A bridge is disabled. The solution may require an updated ASPEED video driver. See Linux commit 71f677a.[…]

https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/11164

https://github.com/openbmc/openbmc/issues/3475

CVE-2019-6260: PantsDown: Gaining control of BMC from the host processor

January 22, 2019 ~ hucktech ~ 1 Comment

CVE-2019-6260: Gaining control of BMC from the host processor
Posted on 23/01/2019 by Stewart Smith

This is details for CVE-2019-6260 – which has been nicknamed “pantsdown” due to the nature of feeling that we feel that we’ve “caught chunks of the industry with their…” and combined with the fact that naming things is hard, so if you pick a bad name somebody would have to come up with a better one before we publish.

I expect OpenBMC to have a statement shortly.[…]

https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260-gaining-control-of-bmc-from-the-host-processor/

MORF – AMI’s open source Redfish Framework in OpenBMC

March 30, 2018 ~ hucktech ~ Leave a comment

From [1]:

> AMI has made Megarac Open Redfish Framework available as open-source under Apache 2.0 License.

See, https://t.co/EUCAnmXIz4.

There are also commits with https://t.co/0v1CqKEf0N domain in the author address in the #coreboot repository.

[1] https://t.co/pxQSclCfIm

— Paul Menzel (@pmenzel_molgen) March 29, 2018

https://github.com/ami-megarac/

https://lists.ozlabs.org/pipermail/openbmc/2018-March/011255.html

Click to access MegaRAC%20Open%20Redfish%20Framework%20(MORF).pdf

IBM providing their OpenBMC code to Linux Foundation

March 20, 2018 ~ hucktech ~ Leave a comment

[…]IBM is providing their OpenBMC code base to The Linux Foundation, and this project will be supported by several organizations, including Facebook, Google, Intel, and Microsoft. The community is looking to expand and invites contributors from across the industry to come together in defining and creating the OpenBMC stack.[…]The Linux Foundation is pleased to welcome OpenBMC to our family of open source projects and to work with the community to support its growth.[…]

https://www.linuxfoundation.org/blog/openbmc-project-community-comes-together-at-the-linux-foundation-to-define-open-source-implementation-of-bmc-firmware-stack/

https://www.openbmc.org/

https://github.com/openbmc/openbmc

Raptor meets OpenBMC crowdsourcing pledge goal!

March 2, 2017 ~ hucktech ~ Leave a comment

Base OpenBMC port pledge goal met! Work to begin after pledge collection, stretch goal funding active until 3/10: https://t.co/IpJxWSQt9t

— Raptor Engineering (@RaptorEng) March 1, 2017

Overall Goal:   $50,000 USD
Raptor’s Contribution:   $30,000 USD
Community Goal:   $20,000 USD
Current Pledges:   $20,000 USD
Remaining Deficit:   $0 USD
Overall Funding Status:   100.0%
Community Funding Status:   100.0%

https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-offer.php

One week left to help Raptor with OpenBMC port!

February 21, 2017 ~ hucktech ~ Leave a comment

With around a week left, we have reached 61.6% of the required funding for our OpenBMC port. Please pledge today! https://t.co/IpJxWSQt9t

— Raptor Engineering (@RaptorEng) February 20, 2017

https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-offer.php

https://firmwaresecurity.com/2017/02/13/raptor-engineering-seeks-funds-for-openbmc-port/

Raptor Engineering seeks funds for OpenBMC port

February 13, 2017 ~ hucktech ~ Leave a comment

Interested in a libre BMC firmware for the blob-free ASUS KGPE-D16? https://t.co/IpJxWT8411

— Raptor Engineering (@RaptorEng) February 13, 2017

Raptor Engineering is asking for crowdsource funding to help them port OpenBMC to an ASUS system:

“Make coreboot a first-class citizen in the datacenter on modern, blob-free hardware.”

https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-offer.php

Talos Secure Workstation: coreboot + POWER8

September 2, 2016 ~ hucktech ~ Leave a comment

Interested in a blob-free system running @coreboot_org and FSF compliant ? Coming soon: https://t.co/YwjxQcS4AW Awesome!

— coreboot (@coreboot_org) September 1, 2016

New potential product on CrowdSupply with a NICE set of features (…and I wonder how secure it will be):

* Blob-free operation
* Fully libre (open-source) IBM OPAL primary firmware w/ PetitBoot interface
* Fully libre (open-source) OpenBMC secondary (IPMI / OoBM) firmware
* NO signing keys preventing firmware modification

https://www.crowdsupply.com/raptorcs/talos

OpenPOWER firmware update from Stewart

April 29, 2016 ~ hucktech ~ Leave a comment

Stewart Smith has a new blog post about OpenPOWER, focusing on firmware development community changes, including comments on OpenBMC and other projects. As well, apparently now non-IBM developers can now contribute to OpenPOWER firmware, as someone from Foxconn.com has recently done, which sounds like an improvement.

https://www.flamingspork.com/blog/2016/04/29/openpower-opencompute-and-fostering-a-firmware-development-community/

Facebook’s OpenBMC project

September 16, 2015 ~ hucktech ~ Leave a comment

I just learned about Facebook’s OpenBMC, thanks to Sai Dasari of Facebook, who just posted a message to the Open Compute Project’s hardware management list, talking about DMTF Redfish and Facebook’s OpenBMC.

OpenBMC is an open software framework to build a complete Linux image for a Board Management Controller (BMC).

When we were developing Facebook’s top-of-rack “Wedge” switch, we followed our usual process in the beginning; our partner was responsible for developing the BMC software. However, in the first months of the project, many requirements for the BMC software emerged, introducing extra complexity, coordination, and delays into the BMC software-development process. To address these challenges, at one of Facebook’s hackathon events, four engineers worked to create our own BMC software. Within 24 hours, we were able to build a minimum BMC software image, including an SSH server and the ability to change fan speed, power-on the host CPU, and blink some LEDs. It was far from a production image, but it gave us a strong confidence that we could eventually develop our own BMC software for “Wedge.” Fast-forward eight months, and we’ve deployed our solution — code-named “OpenBMC” — into production along with Wedge. And today we’re sharing OpenBMC with the open source community in the hope that we can collaborate based on this open software framework for next-generation system management.

More Information:
https://code.facebook.com/posts/1471778586452119/openbmc-for-server-porting-and-supporting-new-features-for-yosemite-/
https://code.facebook.com/posts/1601610310055392/introducing-openbmc-an-open-software-framework-for-next-generation-system-management/
https://github.com/facebook/openbmc
https://twitter.com/hashtag/openbmc