CVE-2019-6260: Gaining control of BMC from the host processor
Posted on 23/01/2019 by Stewart Smith
This is details for CVE-2019-6260 – which has been nicknamed “pantsdown” due to the nature of feeling that we feel that we’ve “caught chunks of the industry with their…” and combined with the fact that naming things is hard, so if you pick a bad name somebody would have to come up with a better one before we publish.
I expect OpenBMC to have a statement shortly.[…]
Stewart Smith of IBM has a new blog post that gives an introduction to OpenPOWER firmware dev.
A (simplified) view of OpenPOWER Firmware Development
I’ve been working on trying to better document the whole flow of code that goes into a build of firmware for an OpenPOWER machine. This is partially to help those not familiar with it get a better grasp of the sheer scale of what goes into that 32/64MB of flash. I also wanted to convey the components that we heavily re-used from other Open Source projects, what parts are still “IBM internal” (as they relate to the open source workflow) and which bits are primarily contributed to by IBMers (at least at this point in time).[…]
Stewart Smith of IBM has a new blog post about adding ZMODEM support to OpenPOWER firmware.
From checkin: This enables the use of rz/sz to send/receive files using ZMODEM. This enables error detection and correction when using the console to transfer files to/from the host.
ZMODEM saves the day! Or, why my firmware for a machine with a CPU from 2017 contains a serial file transfer protocol from the 1980s
Recently, I added the package lrzsz to op-build in this commit. This package provides the rz and sz commands – for receive zmodem and send zmodem respectively. For those who don’t know, op-build builds a firmware image for OpenPOWER machines, and adding this package adds the commands to the petitboot shell (the busybox environment you get when you “exit to shell” from the boot menu).[…]
What’s next, a UEFI runtime service for Kermit, using CKermit? UEFI NNTP Boot, using signed images on alt.binaries.firmware.*? 🙂
Stewart Smith of IBM has a new blog post on how to compile your own firmware for the OpenPOWER-based IBM S822LC:
[…] IBM (my employer) recently announced the new S822LC for HPC POWER8+NVLINK NVIDIA P100 GPUs server. The “For HPC” suffix on the model number is significant, as the S822LC is a different machine. What makes the “for HPC” variant different is that the POWER8 CPU has (in addition to PCIe), logic for NVLink to connect the CPU to NVIDIA GPUs.[…]
Stewart Smith of IBM has an interesting new blog post about using afl to fuzz OpenPOWER’s firmware:
Stewart Smith has a new blog post about OpenPOWER, focusing on firmware development community changes, including comments on OpenBMC and other projects. As well, apparently now non-IBM developers can now contribute to OpenPOWER firmware, as someone from Foxconn.com has recently done, which sounds like an improvement.
Stewart Smith of IBM posted a new blog entry, announcing availability of the video of his recent OpenPOWER firmware talk at LinuxConf.AU:
In mid 2014, IBM released the first POWER8 based systems with the new Free and Open Source OPAL firmware. Since then, several members of the OpenPower foundation have produced (or are currently producing) machines based on the POWER8 processor with the OPAL firmware. This talk will cover the POWER8 chip with an open source firmware stack and how it all fits together. We will walk through all of the firmware components and what they do, including the boot sequence from power being applied up to booting an operating system. We’ll delve into:
– the time before you have RAM
– the time before you have thermal management
– the time before you have PCI
– runtime processor diagnostics and repair
– the bootloader (and extending it)
– building and flashing your own firmware
– using a simulator instead
– the firmware interface that Linux talks to
– device tree and OPAL calls
– fun in firmware QA and testing
Stewart Smith posted information about public availability of the OpenPOWER Foundation’s PAPR (Power Architecture Platform Reference) document:
PAPR is the Power Architecture Platform Reference document. It’s a short read at only 890 pages and defines the virtualised environment that guests run in on PowerKVM and PowerVM (i.e. what is referred to as ‘pseries’ platform in the Linux kernel). As part of the OpenPower Foundation, we’re looking at ensuring this is up to date, documents KVM specific things as well as splitting out the bits that are common to OPAL and PAPR into their own documents.
The document appears to be dated March 2015. There are lots of ‘firmware’ references in it! I couldn’t find any other information about this document from the openpowerfoundation.org web site. However, there are two other OpenPOWER specs under public review, due mid-month:
I’ve not had a chance to learn OpenPOWER’s firmware yet. Luckily, Stewart Smith blogs on this topic, so we can learn from him. He just posted two new articles on OpenPOWER, the second one is useful for newbies like me, getting started with OpenPOWER. 🙂