From 8c3aebf29cb0745d58da7b65452ea183bed3df96 Mon Sep 17 00:00:00 2001 From: lkcl Date: Fri, 15 Jul 2022 13:43:00 +0100 Subject: [PATCH] --- nlnet_2022_librebmc.mdwn | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/nlnet_2022_librebmc.mdwn b/nlnet_2022_librebmc.mdwn index d42dae1a1..5699edd84 100644 --- a/nlnet_2022_librebmc.mdwn +++ b/nlnet_2022_librebmc.mdwn @@ -20,6 +20,29 @@ if you need any HTML to make your point please include this as attachment. ## Abstract: Can you explain the whole project and its expected outcome(s). +LibreBMC replaces the proprietary Boot Management Controller and its +secret firmware, entirely. In servers typically used in Data Centres +and for scenarios where data privacy is paramount +this turns out to be critical. One of the most commonly-used BMC +Processors in the world has a silicon-baked plaintext password for its +Serial Console, and with a BMC being the very means by which +a processor's BIOS is uploaded it allows full bypass of every conceivable +security measure. + +BMC Processors are also present in every AMD and Intel desktop and Laptop +in the world. Even replacing the BIOS with coreboot is not enough to +gain trust because the BMC is in charge of uploading coreboot. +At least in this case if the BMC's firmware is replaced it increases +trust that the payload (coreboot) has not been tampered with. However +this is so low-level that there is serious risk of damaging the machine. + +LibreBMC therefore intends to make a low-cost dual FPGA-based "Experimentation" +platform, as Libre/Open Hardware, for developers to iteratively +test out development of alternative BMC Firmware (LibreBMC, OpenBMC), +without risk of damage to the machine it is managing. One FPGA will +run LibreBMC, the other Libre-SOC/Microwatt/A2O, and the first will boot +the second. + # Have you been involved with projects or organisations relevant to this project before? And if so, can you tell us a bit about your contributions? -- 2.30.2