CVE-2019-6260: PantsDown: Gaining control of BMC from the host processor

January 22, 2019 ~ hucktech ~ 1 Comment

CVE-2019-6260: Gaining control of BMC from the host processor
Posted on 23/01/2019 by Stewart Smith

This is details for CVE-2019-6260 – which has been nicknamed “pantsdown” due to the nature of feeling that we feel that we’ve “caught chunks of the industry with their…” and combined with the fact that naming things is hard, so if you pick a bad name somebody would have to come up with a better one before we publish.

I expect OpenBMC to have a statement shortly.[…]

CVE-2019-6260: Gaining control of BMC from the host processor

OpenPOWER firmware development

December 11, 2017 ~ hucktech ~ Leave a comment

Stewart Smith of IBM has a new blog post that gives an introduction to OpenPOWER firmware dev.

A (simplified) view of OpenPOWER Firmware Development
I’ve been working on trying to better document the whole flow of code that goes into a build of firmware for an OpenPOWER machine. This is partially to help those not familiar with it get a better grasp of the sheer scale of what goes into that 32/64MB of flash. I also wanted to convey the components that we heavily re-used from other Open Source projects, what parts are still “IBM internal” (as they relate to the open source workflow) and which bits are primarily contributed to by IBMers (at least at this point in time).[…]

A (simplified) view of OpenPOWER Firmware Development

OpenPOWER firmware updates using ZMODEM

October 20, 2017 ~ hucktech ~ Leave a comment

ZMODEM saves the day! Or, why my firmware for a machine with a CPU from 2017 contains a serial file transfer… https://t.co/mz0YG8QQkg

— Stewart Smith (@stewartsmith) October 20, 2017

Stewart Smith of IBM has a new blog post about adding ZMODEM support to OpenPOWER firmware.

From checkin: This enables the use of rz/sz to send/receive files using ZMODEM. This enables error detection and correction when using the console to transfer files to/from the host.

From blog:

ZMODEM saves the day! Or, why my firmware for a machine with a CPU from 2017 contains a serial file transfer protocol from the 1980s

Recently, I added the package lrzsz to op-build in this commit. This package provides the rz and sz commands – for receive zmodem and send zmodem respectively. For those who don’t know, op-build builds a firmware image for OpenPOWER machines, and adding this package adds the commands to the petitboot shell (the busybox environment you get when you “exit to shell” from the boot menu).[…]

ZMODEM saves the day! Or, why my firmware for a machine with a CPU from 2017 contains a serial file transfer protocol from the 1980s

https://en.wikipedia.org/wiki/ZMODEM

What’s next, a UEFI runtime service for Kermit, using CKermit? UEFI NNTP Boot, using signed images on alt.binaries.firmware.*? 🙂

op-test-framework: OpenPOWER firmware test harness

August 22, 2017 ~ hucktech ~ Leave a comment

op-test-framework: Let’s break the console!

https://github.com/open-power/op-test-framework

See-also Stewart’s pointer to a blog by Jeremy:

http://jk.ozlabs.org/blog/post/163/openpower-console-implementations/

Stewart on compiling your IBM S822LC’s firmware

September 12, 2016 ~ hucktech ~ Leave a comment

Stewart Smith of IBM has a new blog post on how to compile your own firmware for the OpenPOWER-based IBM S822LC:

[…] IBM (my employer) recently announced the new S822LC for HPC POWER8+NVLINK NVIDIA P100 GPUs server. The “For HPC” suffix on the model number is significant, as the S822LC is a different machine. What makes the “for HPC” variant different is that the POWER8 CPU has (in addition to PCIe), logic for NVLink to connect the CPU to NVIDIA GPUs.[…]

Compiling your own firmware for the S822LC for HPC

fuzzing OpenPOWER firmware

May 19, 2016 ~ hucktech ~ Leave a comment

Stewart Smith of IBM has an interesting new blog post about using afl to fuzz OpenPOWER’s firmware:

Fuzzing Firmware – afl-fuzz + skiboot

OpenPOWER firmware update from Stewart

April 29, 2016 ~ hucktech ~ Leave a comment

Stewart Smith has a new blog post about OpenPOWER, focusing on firmware development community changes, including comments on OpenBMC and other projects. As well, apparently now non-IBM developers can now contribute to OpenPOWER firmware, as someone from Foxconn.com has recently done, which sounds like an improvement.

OpenPOWER, OpenCompute and fostering a firmware development community

Stewart Smith on OpenPOWER firmware

February 8, 2016 ~ hucktech ~ Leave a comment

My https://t.co/ZInEO7bNxf 2016 talk “Adventures in OpenPower Firmware” is up! https://t.co/QBuwLjJtHA

— Stewart Smith (@stewartsmith) February 8, 2016

My #lca2016 talk is up: Adventures In OpenPOWER Firmware https://t.co/uxznT7yhMd

— Stewart Smith (@stewartsmith) February 6, 2016

Stewart Smith of IBM posted a new blog entry, announcing availability of the video of his recent OpenPOWER firmware talk at LinuxConf.AU:

In mid 2014, IBM released the first POWER8 based systems with the new Free and Open Source OPAL firmware. Since then, several members of the OpenPower foundation have produced (or are currently producing) machines based on the POWER8 processor with the OPAL firmware. This talk will cover the POWER8 chip with an open source firmware stack and how it all fits together. We will walk through all of the firmware components and what they do, including the boot sequence from power being applied up to booting an operating system. We’ll delve into:
– the time before you have RAM
– the time before you have thermal management
– the time before you have PCI
– runtime processor diagnostics and repair
– the bootloader (and extending it)
– building and flashing your own firmware
– using a simulator instead
– the firmware interface that Linux talks to
– device tree and OPAL calls
– fun in firmware QA and testing

My linux.conf.au 2016 talk “Adventures in OpenPower Firmware” is up!

OpenPOWER architecture platform reference doc available

October 1, 2015 ~ hucktech ~ Leave a comment

Stewart Smith posted information about public availability of the OpenPOWER Foundation’s PAPR (Power Architecture Platform Reference) document:

PAPR is the Power Architecture Platform Reference document. It’s a short read at only 890 pages and defines the virtualised environment that guests run in on PowerKVM and PowerVM (i.e. what is referred to as ‘pseries’ platform in the Linux kernel). As part of the OpenPower Foundation, we’re looking at ensuring this is up to date, documents KVM specific things as well as splitting out the bits that are common to OPAL and PAPR into their own documents.

Blog URL:

PAPR spec publicly available to download

Document URL:
https://members.openpowerfoundation.org/document/dl/469

The document appears to be dated March 2015. There are lots of ‘firmware’ references in it! I couldn’t find any other information about this document from the openpowerfoundation.org web site. However, there are two other OpenPOWER specs under public review, due mid-month:
http://openpowerfoundation.org/technical/technical-documents-public-review/

Running OpenPOWER firmware with QEMU

August 28, 2015 ~ hucktech ~ Leave a comment

I’ve not had a chance to learn OpenPOWER’s firmware yet. Luckily, Stewart Smith blogs on this topic, so we can learn from him. He just posted two new articles on OpenPOWER, the second one is useful for newbies like me, getting started with OpenPOWER. 🙂

doing nothing on modern CPUs

Running OPAL in qemu – the powernv platform