u-bmc uses u-root to create a Linux OS distribution that is fully open-source.
u-bmc borrows and contributes to OpenBMC which has similar high-level goals. The main difference is that u-bmc chooses to challenge the industry status quo, e.g. where OpenBMC uses IPMI, u-bmc uses gRPC.
This project is currently undergoing some heavy maintenance. Don't use in production yet!
BMC software has historically been known to be insecure. There is no inherent reason for that. u-bmc sets out to improve this by offering an alternative built on modern technologies.
u-bmc is still in experimental stage and is currently only supporting BMCs based on ASPEED AST2400 and AST2500. Other BMC SOCs are planned, and if you want to contribute let us know.
Currently the supported boards are:
- Open Compute Project: Quanta F06 Leopard DDR3
- Aspeed AST2500 Evaluation Board
Planned boards are:
- ASRock Rack PAUL
- Nuvoton Poleg BMC NPCM7XX Evaluation Board
- Open Compute Project: Quanta F20 Yosemite
- Tyan Tempest CX S7106
Do you want to become a contributor of a board? Let us know!
To give you some sense of what we want to create:
- All function exported over gRPC like:
- Serial-over-LAN
- Sensor data
- iKVM
- Updating BIOS
- POST information
- Implementation of OpenMetrics for Prometheus integration for sensors
- Offer SSH server for on-platform debugging
- Support SSH CA-signed certificates to avoid having to upload a bunch of certs
- USB device emulation
- Must have: USB storage from image
- Cool to have: USB ethernet to host, replaces KCS IPMI interface.
- Cool to have: USB graphics card + mouse + keyboard for KVM
- Optional WebUI
- Uses the same API as the gRPC client
- optional so the BMC can stay lean without loosing functionality
Prerequisites:
u-bmc uses the Taskfile build system, install it using their official installation guide.
Packages needed:
- go (at least 1.17)
- gcc-arm-none-eabi (for arm32)
- gcc-aarch64-linux-gnu (for arm64)
- mtd-utils (for targets using flash)
- erofs-utils (for targets using block devices)
- fakeroot
- flex
- bison
- device-tree-compiler
- bc
- libssl-dev
- libelf-dev
- qemu-kvm
Get them for 32bit via e.g.:
sudo apt install gcc-arm-none-eabi mtd-utils golang fakeroot flex bison device-tree-compiler bc libssl-dev libelf-dev qemu-kvm
We also need both u-bmc and u-root in our GOPATH so install them with:
GO111MODULE=off go get github.com/u-root/u-root
GO111MODULE=off go get github.com/u-root/u-bmc
Or use git clone:
mkdir $GOPATH/src/github.com/u-root
cd $GOPATH/src/github.com/u-root
git clone https://github.com/u-root/u-root
git clone https://github.com/u-root/u-bmc
Setup configuration:
# SSH ECDSA public keys does not work for now
cp ~/.ssh/*.pub config/ssh_keys.pub
# Agree to the terms of the configured ACME server
# By default it's just a toy ACME server so this is fine, but if you're
# using another ACME server like Let's Encrypt (LE) ensure you agree to their terms.
# For LE, you can find them at https://letsencrypt.org/repository/.
touch i_agree_to_the_acme_terms
task config:generate
Build image:
cp TARGET.tmpl TARGET
then uncomment the desired target platform e.g. qemu-virt-a72 in TARGET and run
task build
Since u-bmc uses signed binaries it is important that you back up the contents of build/boot/keys/ after building as u-bmc will only accept updates signed with these keys.
Trying out u-bmc is easiest using the simulator. First select a Qemu target in the TARGET file then to launch it, run:
# Build Qemu target
task build
# Launch a local ACME server in one terminal
task pebble
# Launch the u-bmc simulator in another terminal
task virtual-bmc -- 64bit
# (Optional, run in another terminal) Launch a local emulated BIOS to produce some data on the UART
# Needs to have u-bmc simulator above running for it to attach correctly.
task virtual-host
When simulating the following TCP/IP ports are set up:
- 6053/udp: u-bmc DNS
- 6443/tcp: u-bmc gRPC
- 9370/tcp: u-bmc OpenMetrics
When the u-bmc guest tries to access 10.0.2.100 a local service called ubmc-pebble is started which uses Let's Encrypt's pebble service to generate an HTTPS certificate. The CA used is located in config/sim-ca.crt.
You can interact with u-bmc running in the simulator by pressing Enter to get a shell or by using ubmcctl:
go install github.com/u-root/u-bmc/cmd/ubmcctl
# The root CA is regenerated every time pebble is started to prevent
# testing to accidentally become production
curl https://localhost:14000/root --cacert config/sim-pebble.crt > root.crt
echo '127.0.1.2 ubmc.example.com' | sudo tee -a /etc/hosts
SSL_CERT_FILE=root.crt ubmcctl -host ubmc.example.com:6443
If you restart pebble you need to update root.crt.
The easiest way to run all unit tests is to run task test.
To run the integration tests: task test.
If you're using a supported platform and want to try it on your hardware you can use socflash_x64 provided by ASPEED like this:
echo This is extremely likely to break things as u-bmc is still experimental
sudo ./socflash_x64 of=bmc-backup.img if=flash.img lpcport=0x2e option=glc
If you want to quickly upload a new build of u-bmc without updating the kernel, you can use SCP like this:
scp build/rootfs/bin/bb my-ubmc:/bb
scp build/rootfs/bin/bb.sig my-ubmc:/bb.sig
ssh my-ubmc
# Verify that bb is sane by executing /bb
/bb
# Should return:
# <timestmap> You need to specify which command to invoke.
# Exception: /bin/bb exited with 1
# [tty], line 1: /bin/bb
mv /bb /bin/bb
mv /bb.sig /bin/bb.sig
# Verify the signature before rebooting
gpgv /etc/u-bmc.pub /bin/bb.sig /bin/bb
sync
shutdown -r
See CONTRIBUTING.md
Since this is an early experiment if this is at all interesting for you or your company, do reach out in our Slack channel:
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent