FOSS BMC firmware

• 1 The Problems
• 2 Proprietary stuff
• 3 Projects

This page is for tracking projects working on trying to replace the proprietary firmware on Baseboard Management Controllers (BMC). They are very integrated with the system and can spy on busses, console, have DMA access, etc. A backdoor or compromise would give an attacker full access to everything.

The Problems¶

• fish2.com/ipmi
• community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
• community.rapid7.com/community/metasploit/blog/2013/11/15/exploiting-the-supermicro-onboard-ipmi-controller
• blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras
• recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf
• linux.conf.au/schedule/30130/view_talk?day=thursday (video article)

Proprietary stuff¶

• Source for BMC firmware on Intel boards
• dell iDRAC7 source, DRAC docs
• Supermicro
  • Supermicro and SFLC settle GPL case over busybox
  • Supermicro GPL releases
  • blog.flameeyes.eu/2012/07/more-on-the-supermicro-ikvm

Projects¶

• FOSS tools for configuring proprietary BMC firmware:
  • Python based tool for configuring Dell & Cisco devices
  • Patch for the Linux kernel exposing HP iLO configuration in sysfs
• Vendor selling a FOSS + hardware solution www.coreipm.com (does software work on other BMCs?)
• Multi-vendor replacement for IPMI www.redfishspecification.org
• Facebook project to FOSS all the things www.opencompute.org
  • www.opencompute.org/projects/hardware-management
  • github.com/opencomputeproject/lava-lmp-firmware
  • www.opencompute.org/wiki/Hardware_Management/SpecsAndDesigns
  • Facebook openbmc (announcement)
• IBM launched, LF managed OpenBMC www.openbmc.org
• Possibly interesting is the FOSS network switch O/S, Cumulus Linux, maybe it could eventually be used for this sort of thing (or openwrt, etc).