Redfish-Tacklebox: Python based utilities for performing common management operations with Redfish

December 2, 2019 ~ hucktech ~ Leave a comment

DMTF has a relatively-new Redfish project, with tools (currently 6 Python-based tools) that’re useful for security researchers, system administrators, and firmware testers:

Sensor List (rf_sensor_list.py): walk a Redfish service and list sensor info

System Inventory (rf_sys_inventory.py): walk a Redfish service and list component information

Power/Reset (rf_power_reset.py): perform a power/reset operation of a system

Boot Override (rf_boot_override.py): perform a one time boot override of a system

Accounts (rf_accounts.py): manage user accounts on a Redfish service

Update (rf_update.py): perform an update with a Redfish service

https://github.com/DMTF/Redfish-Tacklebox

Redfish Version 2019.1 released

May 22, 2019 ~ hucktech ~ Leave a comment

The new #RedfishAPI version 2019.1 is now available for download. Redfish delivers simple and secure management for converged, #HybridIT and the Software Defined Data Center (#SDDC). Learn more: https://t.co/IjFt1NgBS5
— DMTF (@DMTF) May 21, 2019

DMTF has released v2019.1 of Redfish, which includes 19 schema updates, revisions to the Redfish specification, and additional developer resources:

Redfish Schema Bundle (updated)
Redfish Specification (updated)
Redfish 2019.1 Overview (updated)
Redfish Resource and Schema Guide (updated)
Redfish Release History (updated)
Redfish Property Guide (new document)

https://www.dmtf.org/content/redfish-version-20191-now-available

https://www.dmtf.org/standards/redfish

Redfish-Recordings: Collection of Redfish service recordings

May 18, 2019 ~ hucktech ~ Leave a comment

This repository contains selection of Redfish recordings that can be served by the Redfish mock servers.

Hopefully they take patches; if so, please consider submitting info for Redfish-capable machines you have access to, it appears fairly easy to generate the necessary data. Right now, beyond the mockups, there’s one entry for a Lenovo system.

https://github.com/xlab-si/redfish-recordings

redfish-finder: utility to parse dmidecode output for Host Management Controllers, and setup canonically named access to them

April 13, 2019 ~ hucktech ~ Leave a comment

I just learned about redfish-finder, a Redfish discovery tool for Linux. It maps your BMC NIC to the name redfish-localhost. When the Spring 2019 UEFI Forum Plugfest slides and videos are uploaded, there’s a presentation that talks about this tool. It is in the latest version of Fedora. Hopefully coming soon to other distros….

https://github.com/nhorman/redfish-finder

OpenBMC 2.6 released

February 18, 2019 ~ hucktech ~ Leave a comment

This is the first release with Redfish support!

OpenBMC 2.6 Release – https://t.co/zc9JilrbkY

— Kurt R Taylor (@kurtrtaylor) February 15, 2019

http://www.kurttaylor.com/blog/2019/02/openbmc-2-6-release/

https://github.com/openbmc/docs/blob/master/release/release-notes.md#26-feb-4-2019

Redfish-CompareWithSPEC: A GUI Test Tool comparing JSON with SPEC using excel

January 8, 2019 ~ hucktech ~ Leave a comment

https://github.com/smilliy/Redfish-CompareWithSPEC

A GUI Test Tool comparing JSON with SPEC using excel

Nfish: C# .NET Redfish library

December 24, 2018 ~ hucktech ~ Leave a comment

A new Redfish library:

.Net library to consume Redfish API.

https://github.com/nildoadao/Nfish

libredfish: Rust Redfish library

December 17, 2018 ~ hucktech ~ Leave a comment

libredfish is a new Rust-based Redfish library. Not to be confused by the libredfish library in C by the DMTF.

https://github.com/cholcombe973/libredfish

https://github.com/DMTF/libredfish

PSRedfishEventListener: Redfish Event Listener in PowerShell

December 11, 2018 ~ hucktech ~ Leave a comment

The Redfish specification supports event mechanism through which the target redfish devices can send events from different components in the system to an event listener. This project provides an event listener that is create in native PowerShell.

https://github.com/rchaganti/PSRedfishEventListener

https://www.powershellmagazine.com/2018/11/13/redfish-event-listener-in-powershell/

https://psredfishlistener.readthedocs.io/en/latest/

BadFish: Redfish-based API tool for managing bare-metal systems

October 25, 2018 ~ hucktech ~ 1 Comment

https://github.com/redhat-performance/badfish

Redfish-based API tool for managing bare-metal systems via the Redfish API

[I’m also posting this so any Redfish exploiters realize that this name is already taken. 🙂 There’s actually a few dozen interesting Redfish tools/libraries that I need to make posts on.]

Redfish-finder: utility to parse dmidecode output for Host Management Controllers, and setup canonically named access to them

October 20, 2018 ~ hucktech ~ Leave a comment

One of the difficulties of using the Redfish host api is the translation of the SMBIOS data above into meaningful application configuration data.[…]redfish-finder: parses the smbios data for Redfish access, translates the device specification to an OS interface name, uses NetworkManager to configure the network interface with the appropriate settings, and adds an entry to /etc/hosts mapping the name redfish-localhost to the Discovered Redfish service address.[…]

https://github.com/nhorman/redfish-finder

Eclypsium research on SuperMicro BMC/Redfish vulnerability

September 8, 2018 ~ hucktech ~ Leave a comment

Insecure Firmware Updates in Server Management Systems

We published a new research about vulnerability in Supermicro BMCs (from X8 to X11 gen) which can be compromised from software to take full control (implant BMC or System Firmware) or even brick a system: https://t.co/axZnhSRrm5 with @jessemichael & @HackingThings pic.twitter.com/SKJAvRLI96

— Alex Bazhaniuk (@ABazhaniuk) September 6, 2018

Vulnerabilities found in the remote management interface of Supermicro servers.

All X8 through X11 generation Supermicro servers impacted.https://t.co/lD7LVyP64C pic.twitter.com/OGey8myYjY

— Catalin Cimpanu (@campuscodi) September 6, 2018

New blog by Eclypsium research team:

Insecure #Firmware Updates in Server Management Systems: Supermicro #BMC Case Studyhttps://t.co/uoLyH39qKx pic.twitter.com/7kRjlGMtbo

— Eclypsium (@eclypsium) September 6, 2018

BMC is a critical subsystem on each server responsible for remote server management including recovering the host if it’s corrupted.

What if the BMC firmware itself can be infected?

Read @eclypsium‘s new research: https://t.co/ZuyJ9ScmUZ

— Yuriy Bulygin (@c7zero) September 6, 2018

Redfish releases new schema and spec

May 23, 2018 ~ hucktech ~ Leave a comment

DMTF Redfish has updated their schema and specs.

New Redfish Schema, Specification and Developer Resources Now Available. New items just released include:

* 2018.1 Redfish Schema Bundle: A .zip file that contains the current versions of all Redfish schema, including a new ExternalAccountProvider schema for LDAP/ActiveDirectory support. Additional schema updates enable support for Server Sent-Eventing (SSE), provide additional information for Processors and Settings, and more.

* Redfish Specification v1.5.0: Adds new support for SSE, enabling the streaming of events to web-based GUIs and other clients. Other specification updates in this release include a mechanism for specifying deterministic behavior for the application of Create, Delete or Action (POST) operations.

* Redfish Resource and Schema Guide: New for 2018, this human-readable guide to the Redfish Schema is designed to help educate users of Redfish. Application developers and DevOps personnel creating client-side software to communicate with a Redfish service, as well as other consumers of the API, will benefit from the explanations in this resource.

* Redfish 2018.1 Overview: Provides detailed descriptions of each revision in the latest version of the Redfish Schema and Specification.

https://www.dmtf.org/sites/default/files/standards/documents/DSP8010_2018.1.zip

Click to access DSP0266_1.5.0.pdf

Click to access DSP2046_2018.1_0.pdf

Click to access Redfish_2018_Release_1_Overview.pdf

http://redfish.dmtf.org/
http://www.dmtf.org/standards/redfish

DMTF Redfish and PCIMG form alliance for Industrial IoT standards

May 10, 2018 ~ hucktech ~ Leave a comment

DMTF and PICMG have formed an alliance to help ensure the two organizations’ standards are coordinated and aligned. Learn more: https://t.co/YPkFq6szS6

— DMTF (@DMTF) May 10, 2018

DMTF and PICMG Form Alliance

DMTF and the PCI Industrial Computer Manufacturer Group (PICMG) have formed an alliance to help ensure the two organizations’ standards are coordinated and aligned in the Industrial Internet of Things (IIoT) domain.

Click to access PICMG_Work_Register_v1.0.pdf

https://www.picmg.org/https://dmtf.org/

Expect to see Redfish listed as 10th entry here shortly, I am guessing:

https://www.picmg.org/openstandards/

DMTF, NVMe and SNIA form 3-way alliance for SSD storage mgmt

April 30, 2018 ~ hucktech ~ Leave a comment

The DMTF, NVM Express, Inc. and Storage Networking Industry Association (SNIA) have formed a new three-way alliance to coordinate standards for managing solid state drive (SSD) storage devices. Learn more: https://t.co/71pLHa4TOd

— DMTF (@DMTF) April 30, 2018

The DMTF, NVM Express, Inc. and SNIA have formed a new three-way alliance to coordinate standards for managing SSD storage devices. […] In addition to SNIA’s Swordfish and DMTF’s Redfish, the alliance’s collaborative work will include the following standards:

* NVM Express™(NVMe™) is the register interface and command set for PCI Express attached storage with industry standard software available for numerous operating systems. The NVM Express™Management Interface (NVMe-MI™) is the command set and architecture for management of NVM Express storage (e.g., discovering, monitoring, and updating NVMe devices using a BMC).

* DMTF’s Management Component Transport Protocol (MCTP) is a protocol and Platform Level Data Model (PLDM) is a low-level data model defined by the DMTF Platform Management Components Intercommunications (PMCI) Working Group (https://www.dmtf.org/standards/pmci) . MCTP is designed to support communications between different intelligent hardware components that make up a platform management subsystem that provides monitoring and control functions inside a managed system.

* DMTF’s PLDM for Redfish Device Enablement (RDE) defines messages and data structures used for enabling PLDM devices to participate in Redfish-based management without needing to support either JavaScript Object Notation (JSON, used for operation data payloads) or the [Secure] Hypertext Transfer Protocol (HTTP/HTTPS, used to transport and configure operations).

[…]

Click to access NVMe-DMTF-SNIA_Work_Register_v1.0.pdf

https://www.dmtf.org/
http://nvmexpress.org/
https://www.snia.org/
https://www.snia.org/forums/smi/swordfish
http://www.dmtf.org/standards/redfish

DMTF Redfish becomes ISO/IEC 30115:2018 Redfish

April 26, 2018 ~ hucktech ~ Leave a comment

DMTF announces adoption of Redfish by ISO and IEC. Learn more: https://t.co/PbEeNAFRHG

— DMTF (@DMTF) April 26, 2018

https://www.dmtf.org/content/dmtf-announces-adoption-redfish-iso-and-iec

ISO/IEC 30115:2018: The Redfish Scalable Platforms Management API (“Redfish”) is a new specification that uses RESTful interface semantics to access data defined in model format to perform out-of-band systems management. It is suitable for a wide range of servers, from stand-alone servers to rack mount and bladed environments but scales equally well for large scale cloud environments. There are several out-of-band systems management standards (defacto and de jour) available in the industry. They all either vary widely in implementation, were developed for single server embedded environments or have their roots in antiquated software modeling constructs. There is no single industry standard that is simple to use, based on emerging programming standards, embedded friendly and capable of meeting large scale data center & cloud needs.

https://www.iso.org/standard/53235.html

Redfish-JSON-C-Struct-Converter: Convert Redfish JSON resource to C structure and vice versa

March 12, 2018 ~ hucktech ~ Leave a comment

[…]Redfish-JSON-C-Struct-Converter is a C client library which used to convert Redfish resource in JSON text format to C structure and vice versa. The functions in Redfish-JSON-C-Struct-Converter library provides the C language friendly structure which can be easily utilized in C programs. Bindings also provided on top of C source/header files for different computer languages and build environments, such as UEFI EDK2 environment or akin to the bindings for Java and Python in libredfish library. Each C file is a converter for the specific version of Redfish schema released by SPFM. For example, ServiceRoot.v1_2_0.c under /ServiceRoot/ServiceRoot.v1_2_0 provides functions to convert ServiceRoot.v1_2_0.ServiceRoot property to predefined RedfishServiceRootV1_2_0_CS C structure. It also provides functions to convert RedfishServiceRootV1_2_0_CS C structure to JSON text file. All C files under /src are built into a single library. Other programs which built with Redfish-JSON-C-Struct-Converter library must links with this library and invokes the conversion functions as it needs.[…]

https://github.com/changab/Redfish-JSON-C-Struct-Convertor

DMTF Releases New PLDM for Redfish Device Enablement Specification

March 1, 2018March 1, 2018 ~ hucktech ~ Leave a comment

The new PLDM for Redfish Device Enablement Specification from DMTF enables a management controller to present #RedfishAPI-conformant management of I/O adapters in a server, without the need for code specific to each adapter family/vendor/model: https://t.co/C4eOAY2JiI

— DMTF (@DMTF) March 1, 2018

The DMTF has released its new Platform Level Data Model (PLDM) for Redfish® Device Enablement Specification [1] as a Work in Progress, inviting public review and comment. This standard enables a management controller to present Redfish -conformant management of I/O adapters in a server, without the need for code specific to each adapter family/vendor/model. PLDM for Redfish Device Enablement describes the operation and format of request messages (also referred to as commands) and response messages, designed to be delivered using PLDM messaging. Using Redfish, messages are generated by a Redfish client through interactions with a user or a script, and communicated via JSON over HTTP or HTTPS to a management controller. Using the new standard, the management controller will encode the message into a binary format (Binary Encoded JSON, or BEJ) and communicate it using PLDM to an appropriate device for servicing. The device processes the message and returns the response back using PLDM to the management controller, again in binary format. The management controller then decodes the response and constructs a standard Redfish response in JSON over HTTP or HTTPS for delivery back to the client. PLDM for Redfish Device Enablement is developed by the DMTF’s Platform Management Components Intercommunications (PMCI) Working Group [2], which defines standards to address “inside the box” communication and functional interfaces. It can be used in conjunction with other PMCI standards, such as the PLDM Firmware Update Specification, to provide a comprehensive, common architecture for improved communication between management subsystem components. The new WIP release is the latest example of the ongoing hard work and close collaboration between DMTF Working Groups (including PMCI, SMBIOS and SPMF) to seamlessly address both internal- and external-facing interfaces and protocols for system management.

[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0218_0.8.0a.pdf
[2] https://www.dmtf.org/standards/pmci
https://www.dmtf.org/standards/redfish
http://www.dmtf.org/standards/smbioswg
http://www.dmtf.org/standards/spmf

Redfish 2017.3 released

January 16, 2018 ~ hucktech ~ Leave a comment

Redfish Specification v1.4.0 is released.

DMTF’s #RedfishAPI standard offers simple and secure management for #SDDC environments. Learn more about Version 2017.3: https://t.co/yt1DDEmuZR

— DMTF (@DMTF) January 16, 2018

DMTF’s Redfish Version 2017.3 is now available. Version 2017.3 adds new schemas for BootOption, Assembly, Protocol, and more.

https://www.dmtf.org/sites/default/files/DSP8010_2017.3.zip
http://www.dmtf.org/standards/redfish
http://redfish.dmtf.org/
https://www.dmtf.org/content/redfish-release-january-2018

Dell releases Redfish-based OpenUSM, has firmware-update feature

December 22, 2017 ~ hucktech ~ Leave a comment

” OpenUSM – Let Docker Containers Manage Your Datacenter
OpenUSM is a suite of tools and utilities which configures and manage the lifecycle of system management. OpenUSM has a capability to perform the following functions:
* BIOS Token Change
* Firmware Update
[…]”

https://github.com/openusm/openusm

http://en.community.dell.com/techcenter/dell_emc_custom_solutions_engineering/b/blog/archive/2017/10/03/dell-emc_2c00_-redfish-and-docker-_3a00_-simplifying-modern-datacenter-management

alt text