nlnet_2022_librebmc.mdwn

   1 # NL.net proposal
   2
   3
   4 ## Project name
   5
   6 LibreBMC
   7
   8 ## Website / wiki
   9
  10 <https://libre-soc.org/nlnet_2022_librebmc>
  11
  12 Please be short and to the point in your answers; focus primarily on
  13 the what and how, not so much on the why. Add longer descriptions as
  14 attachments (see below). If English isn't your first language, don't
  15 worry - our reviewers don't care about spelling errors, only about
  16 great ideas. We apologise for the inconvenience of having to submit in
  17 English. On the up side, you can be as technical as you need to be (but
  18 you don't have to). Do stay concrete. Use plain text in your reply only,
  19 if you need any HTML to make your point please include this as attachment.
  20
  21 ## Abstract: Can you explain the whole project and its expected outcome(s).
  22
  23 LibreBMC replaces the proprietary Base board Management Controller (BMC) and its
  24 secret firmware, entirely. In servers typically used in Data Centres
  25 and for scenarios where data privacy is paramount
  26 this turns out to be critical.  One of the most commonly-used BMC
  27 Processors in the world has a silicon-baked plaintext password for its
  28 Serial Console, and with a BMC being the very means by which
  29 a processor's BIOS is uploaded, this publicly-available password
  30 allows for a full bypass of every conceivable
  31 security measure.
  32
  33 BMC Processors are also present in every AMD and Intel desktop and Laptop
  34 in the world.  Even replacing the BIOS with coreboot is not enough to
  35 gain trust because the BMC is in charge of uploading coreboot, and could
  36 easily alter it.
  37 At least in this case if the BMC's firmware is replaced it increases
  38 trust that the payload (coreboot) has not been tampered with. However
  39 this is so low-level that there is serious risk of damaging the user's
  40 machine.
  41
  42 LibreBMC therefore intends to make a low-cost dual FPGA-based "Experimentation"
  43 platform, as Libre/Open Hardware, for developers to iteratively
  44 test out development of alternative BMC Firmware (LibreBMC, OpenBMC),
  45 without risk of damage to the machine it is managing.  One FPGA will
  46 run LibreBMC, the other Libre-SOC/Microwatt/A2O, and the first will boot
  47 the second.
  48
  49 This will allow the next phase - actual booting of servers and desktop
  50 machines - to proceed with confidence.
  51
  52 # Have you been involved with projects or organisations relevant to this project before? And if so, can you tell us a bit about your contributions?
  53
  54
  55 # Requested Amount
  56
  57 EUR 75,000.
  58
  59 # Explain what the requested budget will be used for?
  60
  61 * Design and fabrication of Libre/Open Hardware Dual FPGA Carrier
  62   boards (most likely accepting OrangeCrab as a module)
  63 * Porting of both LibreBMC and OpenBMC to the FPGA Board
  64 * Porting to Raptor Engineering's Arctic Tern Board
  65 * Implementation of *server* side LPC (client-side already exists)
  66 * Verilator simulation of both client and server side LPC
  67   and testing of the two simulations back-to-back
  68 * Development of an EU Standard for Baseboard Management Control,
  69   suitable for EU end-user products such as chromebooks, laptops,
  70   and desktop computers (instead of the current soldered-down
  71   insecure ICs).
  72
  73 # Compare your own project with existing or historical efforts.
  74
  75 TODO compare with RunBMC and OpenBMC.
  76
  77 ## What are significant technical challenges you expect to solve during the project, if any?
  78
  79
  80
  81 ## Describe the ecosystem of the project, and how you will engage with relevant actors and promote the outcomes?
  82
  83
  84 # Extra info to be submitted
  85
  86 * TODO URLs etc