From: Luke Kenneth Casson Leighton Date: Mon, 1 Aug 2022 18:48:26 +0000 (+0100) Subject: whitespace X-Git-Tag: opf_rfc_ls005_v1~913 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=fa578e3997461a581d0872954477699dccde3214;p=libreriscv.git whitespace --- diff --git a/nlnet_2022_librebmc.mdwn b/nlnet_2022_librebmc.mdwn index aceecf692..125c35113 100644 --- a/nlnet_2022_librebmc.mdwn +++ b/nlnet_2022_librebmc.mdwn @@ -10,44 +10,115 @@ LibreBMC ## NLNet proposal 1 : LibreBMC Board Porting -__Abstract__: LibreBMC replaces the proprietary Baseboard Management Controller (BMC) and its secret hidden firmware, entirely. In servers typically used in Data Centre's and for scenarios where data privacy is paramount this turns out to be critical. One of the most commonly-used BMC Processors in the world has a silicon-baked plaintext password for its Serial Console, and with a BMC being the very means by which a processor's BIOS is uploaded, this publicly-available password allows for a full bypass of every conceivable security measure. BMC (out-of-band) Processors are also present in every AMD and Intel desktop and laptop in the world, think the Intel Management Engine. Even replacing the BIOS with coreboot is not enough to gain trust because the BMC is in charge of uploading coreboot/oreboot, and could easily alter it. At least in this case if the BMC's firmware is replaced it increases trust that the payload (coreboot/oreboot) has not been tampered with. However this is so low-level that there is serious risk of damaging the user's machine. LibreBMC therefore intends to make a low-cost (dual) FPGA-based "Experimentation" platform, as Libre/Open Hardware, for developers to iteratively test out development of alternative BMC Firmware (LibreBMC, OpenBMC, u-bmc), without risk of damage to the machine it is managing. One FPGA will run LibreBMC, the other Libre-SOC/Microwatt/A2O, and the first will boot the second. This will allow the next phase - actual booting of servers and desktop machines - to proceed with confidence. - -__Experience__: I am the TSC of the OpenPOWER Foundation, and I am involved with Libre-SOC. I already build a full Linux Distribution, PowerEL to several platforms. However this work would be spread over several people in the company and within the Libre-SOC team. +__Abstract__: LibreBMC replaces the proprietary Baseboard Management +Controller (BMC) and its secret hidden firmware, entirely. In servers +typically used in Data Centre's and for scenarios where data privacy is +paramount this turns out to be critical. One of the most commonly-used +BMC Processors in the world has a silicon-baked plaintext password +for its Serial Console, and with a BMC being the very means by which a +processor's BIOS is uploaded, this publicly-available password allows for +a full bypass of every conceivable security measure. BMC (out-of-band) +Processors are also present in every AMD and Intel desktop and laptop +in the world, think the Intel Management Engine. Even replacing the +BIOS with coreboot is not enough to gain trust because the BMC is in +charge of uploading coreboot/oreboot, and could easily alter it. At +least in this case if the BMC's firmware is replaced it increases trust +that the payload (coreboot/oreboot) has not been tampered with. However +this is so low-level that there is serious risk of damaging the user's +machine. LibreBMC therefore intends to make a low-cost (dual) FPGA-based +"Experimentation" platform, as Libre/Open Hardware, for developers to +iteratively test out development of alternative BMC Firmware (LibreBMC, +OpenBMC, u-bmc), without risk of damage to the machine it is managing. One +FPGA will run LibreBMC, the other Libre-SOC/Microwatt/A2O, and the first +will boot the second. This will allow the next phase - actual booting +of servers and desktop machines - to proceed with confidence. + +__Experience__: I am the TSC of the OpenPOWER Foundation, and I am +involved with Libre-SOC. I already build a full Linux Distribution, +PowerEL to several platforms. However this work would be spread over +several people in the company and within the Libre-SOC team. __Amount__: 50000 EUR __Use__: -- Design and fabrication of Libre/Open Hardware Dual FPGA Carrier boards (most likely accepting ECP5 based devices such as the OrangeCrab module) +- Design and fabrication of Libre/Open Hardware Dual FPGA Carrier boards +(most likely accepting ECP5 based devices such as the OrangeCrab module) - Porting of both LibreBMC and OpenBMC to the FPGA Board (with optionally u-bmc) - Porting to Raptor Engineering's Arctic Tern Board (Lattive ECP5 based FPGA board) - Implementation of server side LPC (client-side already exists) - Verilator simulation of both client and server side LPC and testing of the two simulations back-to-back -__Comparison__: There are no real open source BMC stack projects, there is OpenBMC, u-bmc which is the software stack, there is an Arctic Tern board, and there is an DC-SCM board of Antmicro, however there is no real overall project that enables a user to pick up an hardware BMC and put their their software on that BMC +__Comparison__: There are no real open source BMC stack projects, there +is OpenBMC, u-bmc which is the software stack, there is an Arctic Tern +board, and there is an DC-SCM board of Antmicro, however there is no +real overall project that enables a user to pick up an hardware BMC and +put their their software on that BMC __Challenges__: Making test boards, porting the software to those boards. -__Ecosystem__: As a result of our efforts it will make it easier for other users to expand targets to existing hardware (this is not included in this project, however it is the end goal). In the long term we want manufacturers to make this a standard, as OCP NIC are becoming a standard on servers, and USB-C is required by the EU, we want DC-SCM, RunBMC modules to become standard (another proposal submitted for thiw work) +__Ecosystem__: As a result of our efforts it will make it easier for +other users to expand targets to existing hardware (this is not included +in this project, however it is the end goal). In the long term we want +manufacturers to make this a standard, as OCP NIC are becoming a standard +on servers, and USB-C is required by the EU, we want DC-SCM, RunBMC +modules to become standard (another proposal submitted for thiw work) ## NLNet proposal 2 : LibreBMC User Standard -__Abstract__: LibreBMC replaces the proprietary Baseboard Management Controller (BMC) and its secret hidden firmware, entirely. One of the most commonly-used BMC Processors in the world has a silicon-baked plaintext password for its Serial Console, and with a BMC being the very means by which a processor's BIOS is uploaded, this publicly-available password allows for a full bypass of every conceivable security measure. BMC (out-of-band) Processors are also present in every AMD and Intel desktop and laptop in the world, think the Intel Management Engine. Even replacing the BIOS with coreboot is not enough to gain trust because the BMC is in charge of uploading coreboot/oreboot, and could easily alter it. At least in this case if the BMC's firmware is replaced it increases trust that the payload (coreboot/oreboot) has not been tampered with. By using FPGA based BMC, the software, hardware can be open sourced and provides insight to the end-user, we want to make it easy for users to be able to build their on BMC firmware using minimal technical knowledge. However we will also need hardware to support that and part of this project is to make LibreBMC based design a standard as the OCP Mezz NIC standard is on servers, or SO-DIMM's or LPDDR on user devices, like laptops, and desktops. - -__Experience__: I am part of the LibreBMC project, the Libre-SOC project, the PowerEL project and we want to get involved with OCP to push the DC-SCM and RunBMC standard to go industry wide so the adoption becomes easy and manufacturers provide this standard on all devices. +__Abstract__: LibreBMC replaces the proprietary Baseboard Management +Controller (BMC) and its secret hidden firmware, entirely. One of the most +commonly-used BMC Processors in the world has a silicon-baked plaintext +password for its Serial Console, and with a BMC being the very means by +which a processor's BIOS is uploaded, this publicly-available password +allows for a full bypass of every conceivable security measure. BMC +(out-of-band) Processors are also present in every AMD and Intel desktop +and laptop in the world, think the Intel Management Engine. Even replacing +the BIOS with coreboot is not enough to gain trust because the BMC is +in charge of uploading coreboot/oreboot, and could easily alter it. At +least in this case if the BMC's firmware is replaced it increases trust +that the payload (coreboot/oreboot) has not been tampered with. By using +FPGA based BMC, the software, hardware can be open sourced and provides +insight to the end-user, we want to make it easy for users to be able to +build their on BMC firmware using minimal technical knowledge. However +we will also need hardware to support that and part of this project is +to make LibreBMC based design a standard as the OCP Mezz NIC standard +is on servers, or SO-DIMM's or LPDDR on user devices, like laptops, +and desktops. + +__Experience__: I am part of the LibreBMC project, the Libre-SOC project, +the PowerEL project and we want to get involved with OCP to push the +DC-SCM and RunBMC standard to go industry wide so the adoption becomes +easy and manufacturers provide this standard on all devices. __Amount__: 50000 EUR __Use__: -- Development of an EU Standard for Baseboard Management Control, suitable for EU end-user products such as chromebooks, laptops, and desktop computers (instead of the current soldered-down insecure ICs). -- Build LibreBMC images for end-users to download and flash easily - Have a service to build own images for personal usage so people can customize their BMC image - Be involved with OCP to steer the DC-SCM and RunBMC standards - -__Comparison__: There has been no effort to open the BMC to this point, we started under the LibreBMC project backed by the OpenPOWER Foundation and as POWER users we have several experimental systems that are becoming available for testing use, those technical efforts need to be put to benefit of the end-user and their devices, such as laptops, desktops, servers and others. -__Challenges__: Making a standard BMC for manufacturers to be able, willing and suggested to implement. Making users aware of the possibility to customize BMC setup to be security and privacy aware. - -__Ecosystem__: We want to persuade the OCP to make it mandatory and then convince the EU to also to that as they did with USB-C. We need end-users to care about the open source hardware and software stack running on a part most people do not even know exists, as it is hidden from the user in most cases. +- Development of an EU Standard for Baseboard Management Control, +suitable for EU end-user products such as chromebooks, laptops, and +desktop computers (instead of the current soldered-down insecure ICs). +- Build LibreBMC images for end-users to download and flash easily - +Have a service to build own images for personal usage so people can +customize their BMC image - Be involved with OCP to steer the DC-SCM +and RunBMC standards + +__Comparison__: There has been no effort to open the BMC to this point, +we started under the LibreBMC project backed by the OpenPOWER Foundation +and as POWER users we have several experimental systems that are becoming +available for testing use, those technical efforts need to be put to +benefit of the end-user and their devices, such as laptops, desktops, +servers and others. +__Challenges__: Making a standard BMC for manufacturers to be able, +willing and suggested to implement. Making users aware of the possibility +to customize BMC setup to be security and privacy aware. + +__Ecosystem__: We want to persuade the OCP to make it mandatory and +then convince the EU to also to that as they did with USB-C. We need +end-users to care about the open source hardware and software stack +running on a part most people do not even know exists, as it is hidden +from the user in most cases. # NLNet draft