Tag: Redfish

HPE Synergy’s Unified API for UEFI and Redfish

~ hucktech ~ Leave a comment

HP, now called HPE, has enhanced firmware/pre-OS support in their new servers, with their Synergy product having a “Unified API” that addresses Pre-OS technologies like Redfish and UEFI. They have a new RESTful API, and a tool for using that API. I am unclear, I think they are related. (I don’t have access to the latest HP hardware to clarify.

More information:
http://www.computerworld.com/article/3010261/servers/hpes-synergy-is-a-new-type-of-composable-infrastructure.html
http://www.theregister.co.uk/2015/12/01/hpe_synergy/
http://www.pcworld.com/article/3010526/hpes-synergy-is-a-new-type-of-composable-infrastructure.html

http://www8.hp.com/us/en/products/servers/proliant/restful-interface-tool.html
https://github.com/HewlettPackard/PowerShell-ProLiant-SDK
https://github.com/HewlettPackard/python-proliant-sdk
http://www8.hp.com/us/en/products/server-software/product-detail.html?oid=7630408
http://www8.hp.com/us/en/products/server-software/product-detail.html?oid=6935826

Facebook’s OpenBMC project

~ hucktech ~ Leave a comment

I just learned about Facebook’s OpenBMC, thanks to Sai Dasari of Facebook, who just posted a message to the Open Compute Project’s hardware management list, talking about DMTF Redfish and Facebook’s OpenBMC.

 OpenBMC is an open software framework to build a complete Linux image for a Board Management Controller (BMC).

When we were developing Facebook’s top-of-rack “Wedge” switch, we followed our usual process in the beginning; our partner was responsible for developing the BMC software. However, in the first months of the project, many requirements for the BMC software emerged, introducing extra complexity, coordination, and delays into the BMC software-development process. To address these challenges, at one of Facebook’s hackathon events, four engineers worked to create our own BMC software. Within 24 hours, we were able to build a minimum BMC software image, including an SSH server and the ability to change fan speed, power-on the host CPU, and blink some LEDs. It was far from a production image, but it gave us a strong confidence that we could eventually develop our own BMC software for “Wedge.” Fast-forward eight months, and we’ve deployed our solution — code-named “OpenBMC” — into production along with Wedge. And today we’re sharing OpenBMC with the open source community in the hope that we can collaborate based on this open software framework for next-generation system management.

More Information:
https://code.facebook.com/posts/1471778586452119/openbmc-for-server-porting-and-supporting-new-features-for-yosemite-/
https://code.facebook.com/posts/1601610310055392/introducing-openbmc-an-open-software-framework-for-next-generation-system-management/
https://github.com/facebook/openbmc
https://twitter.com/hashtag/openbmc

 

RedHelix-1: Java library for DMTF Redfish

~ hucktech ~ Leave a comment

Hank Bruning of JBlade has released a new Java-based library to interact with Redfish. He announced it today on the Open Compute Project’s Hardware Management mailing list. He’s also looking for vendors with actual hardware, beyond the DMTF RedFish Mockup; if you can help him out, please get in touch with Hank.

https://github.com/RedHelixOrg/RedHelix-1
http://jblade.com
http://opencompute.org
http://www.dmtf.org/standards/redfish
https://firmwaresecurity.com/tag/redfish/

Seagate on Redfish and IPMI

~ hucktech ~ Leave a comment

Lee Calcote of Seagate wrote an article on the recent DMTF Redfish 1.0 release, and about Seagate’s support of this new API, and IPMI. Excerpts:

Like most systems manufacturers, Seagate supports IPMI and will continue to support it as a critical standard in the data center in lieu of broad adoption of Redfish. Where IPMI strains to meet the requirements of today’s massive multiscale environments, Redfish addresses IPMI inadequacies of interoperability, security, simplicity and scalability.

Redfish 1.0 is only the beginning. Seagate and other industry leaders are already engaging within the DMTF Scalable Platform Management Forum on enhancements beyond Redfish 1.0 standard.

What does Redfish mean for Seagate partners and customers? It means a new level of control, management and monitoring for the data center, using a modern, secure RESTful API that is commonly understood and will be widely supported.

Read the full post here:

http://media.seagate.com/intelligent/redfish-slipstreams-ipmi-with-1-0-release/?cmpid=smc-css-twitter-seagateb4b-blog-sf40151081-sf40151081

AMI MegaRAC gets DMTF Redfish support

~ hucktech ~ Leave a comment

This week at Intel Developer Forum (IDF), AMI showcased their MegaRAC manageability solutions. MegaRAC is AMI’s Remote Management Firmware family of products for both in-band and out-of-band management, including supporting IPMI, Intel AMT, AMD systems with DMTF DASH. Amongst the new features of MegaRAC SP-X are DMTF Redfish support, and Intel(R) Innovation Engine support.

I don’t know much about Intel’s new “Innovation Engine” is yet, so I’ll excerpt one paragraph from the AMI press release:

“The Innovation Engine is a small, embedded, Intel-architecture processor and I/O subsystem built into future Intel data center platforms,” said Lisa Spelman, General Manager of Data Center Marketing at Intel. “Firmware such as MegaRAC PM-X running on the IE can improve or differentiate the system-builders’ platforms in a wide range of ways, including manageability, cost reduction or security.”

Maybe this means that AMI is the second vendor to support Redfish, after HP?

Read AMI’s full press release here:

http://www.ami.com/news/press-releases/?PressReleaseID=325&/American%20Megatrends%20to%20Showcase%20MegaRAC%20Manageability%20Solutions%20for%20Rack%20Scale%20Architecture%20and%20Innovation%20Engine%20at%20IDF%20San%20Francisco%202015/
https://www.megarac.com/live/document-library/
http://www.ami.com/products/remote-management/
https://firmwaresecurity.com/tag/redfish/

UEFI at ELCE

~ hucktech ~ Leave a comment

The Embedded Linux Conference Europe (ELCE) is happening in October. There’s a set of UEFI talks happening at the event:

UEFI Forum Update and Open Source Community Benefits, Mark Doran

Learn about the recent UEFI Forum activities and the continued adoption of UEFI technology. To ensure greater transparency and participation from the open source community, the Forum has decided to allow for public review of all specification drafts. Find out more about this new offering and other benefits to being involved in firmware standards development by attending this session.   

What Linux Developers Need to Know About Recent UEFI Spec Advances, Jeff Bobzin

Users of modern client and server systems are demanding strong security and enhanced reliability. Many large distros have asked for automated installation of a local secure boot profile. The UEFI Forum has responded with the new Audit Mode specified in the UEFI specification, v2.5, offering new capabilities, enhanced system integrity, OS recovery and firmware update processes. Attend this session to find out more about the current plans and testing schedules of the new sample code and features.

LUV Shack: An automated Linux kernel and UEFI firmware testing infrastructure, Matt Fleming

The Linux UEFI Validation (LUV) Project was created out of necessity. Prior to it, there was no way to validate the interaction of the Linux kernel and UEFI firmware at all stages of the boot process and all levels of the software stack. At Intel, the LUV project is used to check for regressions and bugs in both eh Linux kernel and EDK2-based firmware. They affectionately refer to this testing farm as the LUV shack. This talk will cover the LUV shack architecture and validation processes.

The Move from iPXE to Boot from HTTP, Dong Wei

iPXE relies on Legacy BIOS which is currently is deployed by most of the world’s ISPs. As a result, the majority of x86 servers are unable to update and move to a more secure firmware platform using UEFI. Fortunately, there is a solution. Replacing iPXE with the new BOOT from HTTP mechanism will help us get there. Attend this session to learn more.

UEFI Development in an Open Source Ecosystem, Michael Krau, Vincent Zimmer

Open source development around UEFI technology continues to progress with improved community hosting, communications and source control methodologies. These community efforts create valuable opportunities to integrate firmware functions into distros. Most prevalent UEFI tools available today center on chain of trust security via Secure Boot and Intel® Platform Trust Technology (PTT) tools. This session will address the status of these and other tools. Attendees will have the opportunity to share feedback as well as recommendations for future open UEFI development resources and processes.

UEFI aside, there’s many other presentations that look interesting, for example:

Isn’t it Ironic? The Bare Metal Cloud – Devananda van der Veen, HP
Developing Electronics Using OSS Tools – Attila Kinali
How to Boot Linux in One Second – Jan Altenberg, linutronix GmbH
Reprogrammable Hardware Support for Linux – Alan Tull, Altera
Measuring and Reducing Crosstalk Between Virtual Machines – Alexander Komarov, Intel
Introducing the Industrial IO Subsystem: The Home of Sensor Drivers – Daniel Baluta, Intel
Order at Last: The New U-Boot Driver Model Architecture – Simon Glass, Google
Suspend/Resume at the Speed of Light – Len Brown, Intel
The Shiny New l2C Slave Framework – Wolfram Sang
Using seccomp to Limit the Kernel Attack Surface – Michael Kerrisk
Tracing Virtual Machines From the Host with trace-cmd virt-server – Steven Rostedt, Red Hat
Are today’s FOSS Security Practices Robust Enough in the Cloud Era – Lars Kurth, Citrix
Security within Iotivity – Sachin Agrawal, Intel
Creating Open Hardware Tools – David Anders, Intel
The Devil Wears RPM: Continuous Security Integration – Ikey Doherty, Intel
Building the J-Core CPU as Open Hardware: Disruptive Open Source Principles Applied to Hardware and Software – Jeff Dionne, Smart Energy Instruments
How Do Debuggers (Really) Work – Pawel Moll, ARM
Make your Own USB device and Driver with Ease! – Krzysztof Opasiak, Samsung
Debugging the Linux Kernel with GDB – Peter Griffin, Linaro

http://events.linuxfoundation.org/events/embedded-linux-conference-europe/program/schedule

Firmware at Intel Developer Forum

~ hucktech ~ Leave a comment

IDF, Intel’s Developer Forum, is happening shortly, August 18-20 (or so). It appears Brian and Vincent of Intel UEFI will be speaking, at least:

Vendors usually announce/release new things at their annual conferences, so I’m looking forward to seeing what Intel does… With 201 sessions, only a 2-minute glance at the schedule, here’s a teaser (but not all) of the more interesting presentations I noticed:

STTS001 — Firmware in the Data Center: Building a Modern Deployment Framework Using Unified Extensible Firmware Interface (UEFI) and Redfish REST APIs
STTS002 — Building a Firmware Component Ecosystem with the Intel® Firmware Engine
ACAS002 — Defense Against the Dark Arts – Introduction to Malware Research
STTS003 — Developing Best-in-Class Security Principles with Open Source Firmware
DCWC005 — Tech Chat: Trusted Networks in the Cloud – Attestation of Network Elements for Secure Cloud
ISGC003 — Tech Chat: A Primer on Intel® Software Guard Extensions (Intel® SGX)
SFTC003 — Tech Chat: Securing the Internet of Things with Intel® Micro Runtime (Intel® MRT)
ARCS003 — Intel® Architecture Code Name Skylake Deep Dive: Hardware-Based Security for Windows® 10
SPCS012 — Zoom-in on Your Code with Intel® Processor Trace and Supporting Tools
ISGC001 — Tech Chat: Intel® Security Controller – The Platform to Automate Your Security Application for Software-Defined Infrastructure
MAKE003 — Hands-on Maker Lab: Bring Up a MinnowBoard, the Intel® Atom™ Processor Based Open Hardware Platform
STTC003 — Tech Chat: Using Intel® Firmware Engine to Generate Simulated Platforms for Wind River Simics*
DCWC007 — Tech Chat: Differentiating Your Data Center Platforms in Firmware
ISGC003 — Tech Chat: A Primer on Intel® Software Guard Extensions (Intel® SGX)
SFTC003 — Tech Chat: Securing the Internet of Things with Intel® Micro Runtime (Intel® MRT)
SPCC002 — Tech Chat: A Wireless Smartphone-Based Pulmonary Function Analyzer
HSTS004 — Thunderbolt™ 3 Technology and USB-C*
INFS009 — Trusted Containers and VMs in Cloud Environments
ISGS004 — Biometric Authentication in Trusted Execution Environments
RPCS009 — Developer Training on Intel® Active Management Technology
SSDS004 — The Future of Storage Security

http://www.intel.com/content/www/us/en/intel-developer-forum-idf/san-francisco/2015/idf-2015-san-francisco-agenda.html

http://www.intel.com/content/www/us/en/intel-developer-forum-idf/san-francisco/2015/idf-2015-san-francisco.html

DMTF Redfish 1.0 released

~ hucktech ~ Leave a comment

Redfish, an IPMI replacement, has shipped the first release of their spec. Quoting the press release:

DMTF Helps Enable Multi-Vendor Data Center Management with New Redfish 1.0 Standard

DMTF has announced the release of  Redfish 1.0, a standard for data center and systems management that delivers improved performance, functionality, scalability and security. Designed to meet the expectations of end users for simple and interoperable management of modern scalable platform hardware, Redfish takes advantage of widely-used technologies to speed implementation and help system administrators be more effective. Redfish is developed by the DMTF’s Scalable Platforms Management Forum (SPMF), which is led by Broadcom, Dell, Emerson, HP, Intel, Lenovo, Microsoft, Supermicro and VMware with additional support from AMI, Oracle, Fujitsu, Huawei, Mellanox and Seagate. The release of the Redfish 1.0 standard by the DMTF demonstrates the broad industry support of the full organization.

http://dmtf.org/standards/redfish
http://dmtf.org/join/spmf

Don’t forget to grab the Redfish “Mockup” as well as the specs and schema.

UEFI 2.5 has a JSON API to enable accessing Redfish. HP was first vendor with systems that supported UEFI 2.5’s new HTTP Boot, a PXE replacement.  Intel checked in HTTP Boot support into TianoCore, so it’s just a matter of time until other vendors have similar products. JSON-based Redfish and HTTP-based booting makes UEFI much more of a “web app”, w/r/t security research, and the need for system administrators to more closely examine how firmware is updated on their systems, to best protect them.
https://firmwaresecurity.com/tag/uefi-http-boot/

More Info on UEFI 2.5 HTTP Boot Implementations

~ hucktech ~ 1 Comment

Earlier, I made this blog post on UEFI 2.5’s new HTTP Boot feature. At that time, I was unaware of some details, like if this feature will be implemented in TianoCore, or only in commercial products. HP gave a talk at the Spring UEFI Forum on UEFI 2.5 HTTP Boot (to replace PXE) and DMTF Redfish (to replace IPMI), so I presume some new HP products will have these new features soon, if not already. On the EFI development list, I asked a question about Tianocore and vendor support of UEFI HTTP boot, as well as DMTF Redfish, and got 2 replies, one from Intel and one from HP.

Ye Ting of Intel replied and said:

“Intel is working on implementation of UEFI 2.5 HTTP boot support.”

Samer El-Haj-Mahmoud of HP also replied, and said:

“Both HTTP Boot and Redfish are very new standards. HTTP Boot got standardized as part of UEFI 2.5 in March. Redfish is still not even 1.0 (last published spec is 0.96.0a, with a target 1.0 spec sometime this month according to DMTF). It is expected that implementation will take some time to catch up to the spec. At the same time, PXE and IPMI have been there for quite some time, are implemented across the board on servers (and many clients), and are already in wide use. I do not expect them to go away anytime soon. But the goal is to switch over to HTTP and Redfish/REST over time, especially as they enable new use cases and capabilities that were not possible (or easy to do) before. The first step though is to get the specs implemented. As Ting explained, Intel is working on UEFI 2.5 HTTP Boot implementation (that I expect will show up in EDK2. I see the header files submitted already). DMTF is also working on a Redfish mockup/simulator that can be used to exercise clients. HP ProLiant Gen9 servers already support proprietary flavors of both HTTP Boot (or “Boot from URL”) and Redfish (or the “HP RESTful API”). I do not know of any other servers that implement such technologies at this time.”

So, it sounds like HP is the only vendor that supports UEFI HTTP Boot at the moment, and Intel is working on an implementation. If Intel’s implementation is part of TianoCore, other vendors may use it.

I’m looking forward to a TianoCore implementation, as well as DMTF’s Redfish simulator.

Thanks to Ye Ting and Samer El-Haj-Mahmoud for the answers!

Spring Plugfest presentations uploaded

~ hucktech ~ Leave a comment

The PDFs of the presentations from last months’ UEFI Forum plugfest have been uploaded to uefi.org.

http://www.uefi.org/learning_center/presentationsandvideos
(scroll about half-way through the page, after the Youtube videos…)

* System Prep Applications – Powerful New Feature in UEFI 2.5 – Kevin Davis (Insyde Software)
* Filling UEFI/FW Gaps in the Cloud – Mallik Bulusu (Microsoft) and Vincent Zimmer (Intel)
* PreBoot Provisioning Solutions with UEFI – Zachary Bobroff (AMI)
* An Overview of ACPICA Userspace Tools – David Box (Intel)
* UEFI Firmware – Securing SMM – Dick Wilkins (Phoenix Technologies)
* Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot – Gabe Stocco, Scott Anderson and Suhas Manangi (Microsoft)
* Porting a PCI Driver to ARM AArch64 Platforms – Olivier Martin (ARM)
* Firmware in the Data Center: Goodbye PXE and IPMI. Welcome HTTP Boot and Redfish! – Samer El-Haj-Mahmoud (Hewlett Packard)
* A Common Platforms Tree – Leif Lindholm (Linaro)

This’ll be a very short blog, as I’m busy reading 9 new PDFs… 🙂 I’ll do blogs on some these specific presentations in the coming days.