# NL.net proposal
-
## Project name
LibreBMC
<https://libre-soc.org/nlnet_2022_librebmc>
+## NLNet proposal 1 : LibreBMC Board Porting
+
+__Abstract__: LibreBMC replaces the proprietary Baseboard Management
+Controller (BMC) and its secret hidden firmware, entirely. In servers
+typically used in Data Centre's and for scenarios where data privacy is
+paramount this turns out to be critical. One of the most commonly-used
+BMC Processors in the world has a silicon-baked plaintext password
+for its Serial Console, and with a BMC being the very means by which a
+processor's BIOS is uploaded, this publicly-available password allows for
+a full bypass of every conceivable security measure. BMC (out-of-band)
+Processors are also present in every AMD and Intel desktop and laptop
+in the world, think the Intel Management Engine. Even replacing the
+BIOS with coreboot is not enough to gain trust because the BMC is in
+charge of uploading coreboot/oreboot, and could easily alter it. At
+least in this case if the BMC's firmware is replaced it increases trust
+that the payload (coreboot/oreboot) has not been tampered with. However
+this is so low-level that there is serious risk of damaging the user's
+machine. LibreBMC therefore intends to make a low-cost (dual) FPGA-based
+"Experimentation" platform, as Libre/Open Hardware, for developers to
+iteratively test out development of alternative BMC Firmware (LibreBMC,
+OpenBMC, u-bmc), without risk of damage to the machine it is managing. One
+FPGA will run LibreBMC, the other Libre-SOC/Microwatt/A2O, and the first
+will boot the second. This will allow the next phase - actual booting
+of servers and desktop machines - to proceed with confidence.
+
+__Experience__: I am the TSC of the OpenPOWER Foundation, and I am
+involved with Libre-SOC. I already build a full Linux Distribution,
+PowerEL to several platforms. However this work would be spread over
+several people in the company and within the Libre-SOC team.
+
+__Amount__: 50000 EUR
+
+__Use__:
+
+- Design and fabrication of Libre/Open Hardware Dual FPGA Carrier boards
+(most likely accepting ECP5 based devices such as the OrangeCrab module)
+- Porting of both LibreBMC and OpenBMC to the FPGA Board (with optionally u-bmc)
+- Porting to Raptor Engineering's Arctic Tern Board (Lattive ECP5 based FPGA board)
+- Implementation of server side LPC (client-side already exists)
+- Verilator simulation of both client and server side LPC and testing of the two simulations back-to-back
+
+__Comparison__: There are no real open source BMC stack projects, there
+is OpenBMC, u-bmc which is the software stack, there is an Arctic Tern
+board, and there is an DC-SCM board of Antmicro, however there is no
+real overall project that enables a user to pick up an hardware BMC and
+put their their software on that BMC
+
+__Challenges__: Making test boards, porting the software to those boards.
+
+__Ecosystem__: As a result of our efforts it will make it easier for
+other users to expand targets to existing hardware (this is not included
+in this project, however it is the end goal). In the long term we want
+manufacturers to make this a standard, as OCP NIC are becoming a standard
+on servers, and USB-C is required by the EU, we want DC-SCM, RunBMC
+modules to become standard (another proposal submitted for thiw work)
+
+
+## NLNet proposal 2 : LibreBMC User Standard
+
+__Abstract__: LibreBMC replaces the proprietary Baseboard Management
+Controller (BMC) and its secret hidden firmware, entirely. One of the most
+commonly-used BMC Processors in the world has a silicon-baked plaintext
+password for its Serial Console, and with a BMC being the very means by
+which a processor's BIOS is uploaded, this publicly-available password
+allows for a full bypass of every conceivable security measure. BMC
+(out-of-band) Processors are also present in every AMD and Intel desktop
+and laptop in the world, think the Intel Management Engine. Even replacing
+the BIOS with coreboot is not enough to gain trust because the BMC is
+in charge of uploading coreboot/oreboot, and could easily alter it. At
+least in this case if the BMC's firmware is replaced it increases trust
+that the payload (coreboot/oreboot) has not been tampered with. By using
+FPGA based BMC, the software, hardware can be open sourced and provides
+insight to the end-user, we want to make it easy for users to be able to
+build their on BMC firmware using minimal technical knowledge. However
+we will also need hardware to support that and part of this project is
+to make LibreBMC based design a standard as the OCP Mezz NIC standard
+is on servers, or SO-DIMM's or LPDDR on user devices, like laptops,
+and desktops.
+
+__Experience__: I am part of the LibreBMC project, the Libre-SOC project,
+the PowerEL project and we want to get involved with OCP to push the
+DC-SCM and RunBMC standard to go industry wide so the adoption becomes
+easy and manufacturers provide this standard on all devices.
+
+__Amount__: 50000 EUR
+
+__Use__:
+
+- Development of an EU Standard for Baseboard Management Control,
+suitable for EU end-user products such as chromebooks, laptops, and
+desktop computers (instead of the current soldered-down insecure ICs).
+- Build LibreBMC images for end-users to download and flash easily -
+Have a service to build own images for personal usage so people can
+customize their BMC image - Be involved with OCP to steer the DC-SCM
+and RunBMC standards
+
+__Comparison__: There has been no effort to open the BMC to this point,
+we started under the LibreBMC project backed by the OpenPOWER Foundation
+and as POWER users we have several experimental systems that are becoming
+available for testing use, those technical efforts need to be put to
+benefit of the end-user and their devices, such as laptops, desktops,
+servers and others.
+__Challenges__: Making a standard BMC for manufacturers to be able,
+willing and suggested to implement. Making users aware of the possibility
+to customize BMC setup to be security and privacy aware.
+
+__Ecosystem__: We want to persuade the OCP to make it mandatory and
+then convince the EU to also to that as they did with USB-C. We need
+end-users to care about the open source hardware and software stack
+running on a part most people do not even know exists, as it is hidden
+from the user in most cases.
+
+
+# NLNet draft
+## draft work version prior to submission
+
Please be short and to the point in your answers; focus primarily on
the what and how, not so much on the why. Add longer descriptions as
attachments (see below). If English isn't your first language, don't
projects / libreriscv.git / blobdiff