Announcement

**M@yeulC** · 19 March 2018, 04:26 PM

Wow, they have a quite well written, **small** charter on their website, detailing the project.
https://www.openbmc.org/wp-content/u...c_02142018.pdf

development under an OSI-approved
open source license

I hope it will be GPLv3 so that it is upgradeable by the user, but given who is on board, MIT or BSD sounds more likely (Apple isn't there, though, so there's still a chance!)

Edit: glanced at their GitHub repo from my phone, it seems that they use yocto as a base, which use GPLv2 and MIT in places. So it looks like they are building a distro. I am not very familiar with it, but wouldn't going with Nix be something more interesting?

**hiryu** · 19 March 2018, 07:08 PM

Worth noting that OpenBMC is already happening for the POWER9 powered Talos II workstation.

**amboar** · 20 March 2018, 03:54 AM

Originally posted by M@yeulC View Post

Wow, they have a quite well written, **small** charter on their website, detailing the project.
https://www.openbmc.org/wp-content/u...c_02142018.pdf

I hope it will be GPLv3 so that it is upgradeable by the user, but given who is on board, MIT or BSD sounds more likely (Apple isn't there, though, so there's still a chance!)

Edit: glanced at their GitHub repo from my phone, it seems that they use yocto as a base, which use GPLv2 and MIT in places. So it looks like they are building a distro. I am not very familiar with it, but wouldn't going with Nix be something more interesting?

The project licenses all code it creates under Apache 2.

OpenBMC is a meta distribution, the same as Yocto. It provides Yocto configurations for a number of different machines, as well as the pieces to assemble your own BMC firmware. The supported machines are mainly OpenPOWER-based platforms, though expect support for more Intel and ARM platforms in the near future.

It's mission isn't to be interesting, rather to be pragmatic and get open source code running in embedded environments that have previously been very much closed source.

Hope that clarifies a bit.

**DrYak** · 20 March 2018, 05:46 AM

So, basically, there's hope that IPMI will stop being the laughing stock at most computer security conferences ?

**starshipeleven** · 20 March 2018, 06:09 AM

Originally posted by DrYak View Post

So, basically, there's hope that IPMI will stop being the laughing stock at most computer security conferences ?

More like hope of having a custom firmware to reflash whatever crap IPMI garbage the vendor places in.

And IPMI isn't just shit for security, it's a shit show also for usability. I mean it's great to have it, but it is usually controllable from some dodgy Java application or something else that is full of its own issues.

**amboar** · 20 March 2018, 06:29 AM

Originally posted by DrYak View Post

So, basically, there's hope that IPMI will stop being the laughing stock at most computer security conferences ?

Only to a degree; for instance the IPMI specification makes user management hard to secure in a meaningful way. No amount of well reviewed code will fix that.

**starshipeleven** · 20 March 2018, 10:04 AM

Originally posted by amboar View Post

Only to a degree; for instance the IPMI specification makes user management hard to secure in a meaningful way. No amount of well reviewed code will fix that.

Could you go in a bit more detail?

**starshipeleven** · 20 March 2018, 10:27 AM

Originally posted by M@yeulC View Post

I hope it will be GPLv3 so that it is upgradeable by the user, but given who is on board, MIT or BSD sounds more likely (Apple isn't there, though, so there's still a chance!)

Edit: glanced at their GitHub repo from my phone, it seems that they use yocto as a base, which use GPLv2 and MIT in places. So it looks like they are building a distro. I am not very familiar with it, but wouldn't going with Nix be something more interesting?

It's basically going the Android route. Linux kernel + Apache 2 userspace, and it is basically an embedded Linux system.

They do have strong push on having all drivers upstreamed though:

docs/kernel-development.md at master · openbmc/docs

https://github.com/openbmc/docs/blob/master/kernel-development.md

OpenBMC Documentation. Contribute to openbmc/docs development by creating an account on GitHub.

This means that the situation should be similar to (but better than) Android, as if the drivers are upstreamed (opensource) you can theoretically nuke any vendor-customized closed variant and place a BMC firmware compiled from upstream sources.

Kinda like AOSP or LineageOS for Android.

As long as they let you "unlock" or "jailbreak" or however they call the procedure that lets the BMC bootloader start up an unsigned firmware, as with Android (or other embedded).

**amboar** · 20 March 2018, 05:05 PM

Originally posted by starshipeleven View Post

It's basically going the Android route. Linux kernel + Apache 2 userspace, and it is basically an embedded Linux system.

They do have strong push on having all drivers upstreamed though:

docs/kernel-development.md at master · openbmc/docs

https://github.com/openbmc/docs/blob/master/kernel-development.md

OpenBMC Documentation. Contribute to openbmc/docs development by creating an account on GitHub.

This means that the situation should be similar to (but better than) Android, as if the drivers are upstreamed (opensource) you can theoretically nuke any vendor-customized closed variant and place a BMC firmware compiled from upstream sources.

Kinda like AOSP or LineageOS for Android.

As long as they let you "unlock" or "jailbreak" or however they call the procedure that lets the BMC bootloader start up an unsigned firmware, as with Android (or other embedded).

Addressing a couple of points here:

Yes, we aggressively push to upstream the modifications to any existing open source project we use. We don't want to be carrying patches. Mainline Linux will boot on a number of Aspeed BMC chips, mainline QEMU boots images produced by an OpenBMC build and we have some support for the AST2500 in mainline u-boot.

Regarding unlocking, the OpenBMC project itself won't be locking down your BMCs. The tools will be provided for manufacturers to ensure only signed updates are accepted by their platform, but whether they choose to only accept signed images or what keys they choose to accept are entirely up to them (the platform developer) not the OpenBMC project

Announcement

Linux Foundation Announces OpenBMC Project To Create Open-Source BMC Firmware

Linux Foundation Announces OpenBMC Project To Create Open-Source BMC Firmware

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment