Open Source Firmware in the Bare-Metal Cloud Scott Burns Senior Director of Research and Development packet.com / @packethost Greetings, OSFC 2019! A great place to collaborate on the future of open source firmware packet.com / @packethost What is Packet? ● Packet is a bare-metal cloud computing provider packet.com / @packethost What is Packet? ● Packet is a bare-metal cloud computing provider ● Minimum unit is a full server packet.com / @packethost What is Packet? ● Packet is a bare-metal cloud computing provider ● Minimum unit is a full server ● Different server “sizes” are available packet.com / @packethost What is Packet? ● Packet is a bare-metal cloud computing provider ● Minimum unit is a full server ● Different server “sizes” are available ● Direct access to server, without virtualization packet.com / @packethost What is Packet? ● Packet is a bare-metal cloud computing provider ● Minimum unit is a full server ● Different server “sizes” are available ● Direct access to server, without virtualization ● Bring your own virtualization if you like! packet.com / @packethost What is Packet? ● Packet is a bare-metal cloud computing provider ● Minimum unit is a full server ● Different server “sizes” are available ● Direct access to server, without virtualization ● Bring your own virtualization if you like! ● Proud to support open source organizations such as Linux Foundation and Cloud Native Computing Foundation packet.com / @packethost Open Source Firmware BMC: ● OpenBMC ● u-bmc BIOS: ● Coreboot ● TianoCore ● LinuxBoot ● SeaBIOS ● TrustedFirmware.org packet.com / @packethost Open Source BMC Firmware ● OpenBMC ● u-bmc packet.com / @packethost OpenBMC ● Facebook OpenBMC ○ Prototyped in 2014 ○ Released in 2015 ○ https://github.com/facebook/openbmc packet.com / @packethost OpenBMC ● Facebook OpenBMC ○ Prototyped in 2014 ○ Released in 2015 ○ https://github.com/facebook/openbmc ● IBM OpenBMC ○ Released in 2015 ○ https://github.com/openbmc/openbmc packet.com / @packethost OpenBMC ● Facebook OpenBMC ● IBM OpenBMC ● Linux Foundation OpenBMC ○ Released in 2018 ○ Facebook, Google, IBM, Intel, Microsoft ○ https://github.com/openbmc/openbmc packet.com / @packethost u-bmc ● Released in 2018 ● Based on the Go language ● Built on u-root ● Replaces IPMI with gRPC packet.com / @packethost Replacing proprietary BMC firmware How do we replace proprietary BMC firmware with an open source image? packet.com / @packethost Physical access packet.com / @packethost Physical access SOIC clip + Raspberry Pi packet.com / @packethost Physical access SOIC clip + Raspberry Pi Fine for prototyping, but doesn’t scale packet.com / @packethost socflash (for Aspeed BMCs) ● Runs on host system ● Bypasses BMC software stack packet.com / @packethost socflash (for Aspeed BMCs) ● Runs on host system ● Bypasses BMC software stack ● Recent firmware disables this feature packet.com / @packethost Vendor image format ● Server vendors provide BMC firmware in a proprietary format packet.com / @packethost Vendor image format ● Server vendors provide BMC firmware in a proprietary format ● In most cases, the format is easy to reverse engineer packet.com / @packethost Vendor image format ● Server vendors provide BMC firmware in a proprietary format ● In most cases, the format is easy to reverse engineer ● It’s possible to modify vendor-provided firmware packet.com / @packethost Vendor image format ● Server vendors provide BMC firmware in a proprietary format ● In most cases, the format is easy to reverse engineer ● It’s possible to modify vendor-provided firmware ● Modified firmware can be used for raw flash access packet.com / @packethost Porting BMC firmware ● Many servers use the same BMC SOC, but they connect it in different ways packet.com / @packethost Porting BMC firmware ● Many servers use the same BMC SOC, but they connect it in different ways ● To port to a new model, we need to know the device tree and sensor list packet.com / @packethost Porting BMC firmware ● Many servers use the same BMC SOC, but they connect it in different ways ● To port to a new model, we need to know the device tree and sensor list ● Many of these details can be extracted from the vendor’s firmware image packet.com / @packethost Open Source BIOS ● Coreboot ● TianoCore ● LinuxBoot ● SeaBIOS ● TrustedFirmware.org packet.com / @packethost Coreboot ● Basic hardware initialization only ● Load a payload for more advanced functionality packet.com / @packethost TianoCore ● Most UEFI implementations are based on TianoCore EDK2 ● Works as Coreboot payload packet.com / @packethost LinuxBoot ● Partial UEFI implementation on Linux kernel ● Works as Coreboot payload packet.com / @packethost SeaBIOS ● Legacy x86 BIOS implementation ● Works as Coreboot payload packet.com / @packethost TrustedFirmware.org ● Open Source reference implementation for Arm secure world ● Contributed by Arm ● Maintained by Linaro ● Can be integrated with Coreboot packet.com / @packethost Flexible boot ● Initialize hardware with Coreboot ● Load appropriate payload on-demand ● Coordinate with BMC to select payload packet.com / @packethost Benefits of open source BIOS for bare metal ● Check option ROM and UEFI driver hash before loading ● Ignore unneeded option ROMs and UEFI drivers ● Fast! Boot in seconds instead of minutes ● Ability to add custom system management interrupt handlers ● Integration with open source BMC firmware ● Anything we can think of! packet.com / @packethost System Management Mode ● “Ring -2” on x86 ● Higher privilege than OS (ring 0) or even hypervisor (ring -1) ● OS/hypervisor can’t access SMM memory ● OS/hypervisor can’t disable System Management Interrupts ● Originally used for power management ● Can be used for security features packet.com / @packethost Flash monitoring with System Management Mode ● Configure chipset to generate SMI on flash access ● SMI handler installed by Coreboot (or later payload) ● Combine with open source BMC to send real-time alert packet.com / @packethost Open hardware ● Improved security is possible with additional hardware ● Security controller can protect firmware for CPU, BMC, NIC, etc. ● Hold system in reset until early firmware is verified ● Provide multiple SPI bus lines for devices ● Emulate multiple flash chips while sharing just one ● Compression: firmware images often waste a lot of space ● Could build on Microsoft Project Cerberus ● Packet prototype design based on small, non-volatile FPGA packet.com / @packethost Bonus topics ● SmartNIC firmware ● Easier hardware access for firmware developers ● Collaboration with server vendors packet.com / @packethost Special thanks to Packet colleagues Manny Mendez Carl Perry My Truong packet.com / @packethost Questions? Scott Burns Senior Director of R&D [email protected] packet.com / @packethost .