LibreBMC project to open source baseboard management controllers with security as a priority
Freely available from the hardware schematics to OpenPOWER cores on an FPGA, to the firmware on top
The OpenPOWER Foundation, formed to promote IBM's open-source POWER instruction set architecture (ISA), on Monday said it is putting together a new working group to develop LibreBMC, claimed to be the first baseboard management controller (BMC) designed with open source software and hardware.
"The LibreBMC project came out of a desire to both utilize and showcase the fully open POWER cores, and apply software driven development to hardware design," said James Kulina, executive director of the OpenPOWER Foundation, in an email to The Register. "We determined the lowly BMC controller – something that the broader industry doesn’t think too much about – is a great use case that if successful will have a real positive impact."
BMCs monitor and manage devices in data centers. They collect sensor data like temperature, humidity, fan speed, power supply voltage, and provide administrative functions like remote access.
Infosec folks have described BMCs as the perfect backdoor, a role they've played in vulnerabilities like USBAnywhere, which affected Supermicro BMCs. At the Black Hat security conference in 2018, researchers Nico Waisman and Matias Soler, both with Immunity at the time, presented a talk titled "The Unbearable Lightness of BMCs," which delved into the many weaknesses of BMCs.
BMCs generally communicate using the intelligent platform management interface (IPMI), a specification for managing and interacting with computer systems that leaves much to be desired with regard to defenses.
As Jessie Frazelle, co-founder of Oxide Computer Company, has explained, "The IPMI stack was not designed with security in mind (the IPMI spec requires making the hash of a user's password available over the stack). The assumption was the data center control networks would be segregated and trusted, which is why IPMI is notorious for security vulnerabilities."
Perhaps unsurprisingly, security is one of the primary goals of those developing LibreBMC hardware.
"Improving security is at the very top of the list of our ambitions for LibreBMC, alongside improved performance, reliability and customization," said Kulina. "We’re aiming to deliver a fully open source design that will allow anyone technically capable of testing and auditing that design to ensure the highest level of security."
The plan is outfit LibreBMC hardware with firmware from OpenBMC, a project that Facebook started in 2014 and later merged with a parallel BMC project from IBM and Rackspace. Now run by Arm, Facebook, Google, IBM, Intel, and Microsoft, OpenBMC consists of a Linux distribution for embedded devices to provide BMC functionality to a host system.
The LibreBMC project expects to rely on open-source FPGA tooling like SymbiFlow, an open source alternative to Xilinx Vivado, and LiteX, an open-source alternative to MicroBlaze and NIOS SoC ecosystems.
Thus, LibreBMC devices are expected to be open-source from the circuit board design and OpenPOWER CPU cores on an FPGA, or a suitable open-source SoC, to the OpenBMC software running on top, all to provide remote management of servers and the like.
Antmicro is in the process of creating LibreBMC cards based on the DC-SCM (Data Center Security Communication Module) spec from the Open Compute Project Foundation (OCPF). These include versions of its Lattice ECP5 and Xilinx Artix-7 FPGAs.
Kulina said that the OpenPOWER Foundation believes firmly that open, transparent hardware and software are necessary to improve the security posture of any technology, BMCs included.
"To date, BMCs have achieved half of the equation thanks to OpenBMC software – so we’re taking the next logical step in providing an open hardware design," he said.
"It’s important to us that the entire project be based on open source technology – not just the hardware and the software, but also the tooling and even the module design specification. Open Compute Project’s Datacenter-ready Secure Control Module, DC-SCM, is a common carrier board design that moves the BMC from soldered directly onto the main motherboard onto a removable module board." ®
Editor's note: This story was revised to make clear LibreBMC will use OpenPOWER CPU cores, as per a spokesperson for the OpenPOWER Foundation.