<div dir="ltr">Here some more details on how the USB virtual NIC works:<div><div><span id="gmail-docs-internal-guid-26565387-7fff-97c2-5283-8e01c086a495"><h4 dir="ltr" style="line-height:1.38;margin-top:14pt;margin-bottom:4pt"><span style="font-size:12pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Sources</span></h4><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="https://events.static.linuxfound.org/sites/events/files/slides/USB%20Gadget%20Configfs%20API_0.pdf" style="text-decoration-line:none"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">https://events.static.linuxfound.org/sites/events/files/slides/USB%20Gadget%20Configfs%20API_0.pdf</span></a></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="https://developer.toradex.com/knowledge-base/usb-device-mode-(linux)" style="text-decoration-line:none"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">https://developer.toradex.com/knowledge-base/usb-device-mode-(linux)</span></a></p></li></ul><br><h4 dir="ltr" style="line-height:1.38;margin-top:14pt;margin-bottom:4pt"><span style="font-size:12pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Build Configuration</span></h4><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">linux/arch/arm/boot/dts/aspeed-bmc-[machine].dts</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Courier New";color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">+&vhub {</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Courier New";color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">+ status = "okay";</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Courier New";color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">+};</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Courier New";color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">+</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">gbmc/[...]/recipes-kernel/linux/linux-aspeed/[machine].cfg</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Courier New";color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">+# Enable virtual USB NIC</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Courier New";color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">+CONFIG_USB_CONFIGFS_ECM=y</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Courier New";color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">+CONFIG_USB_CONFIGFS_ECM_SUBSET=y</span></p><br><h4 dir="ltr" style="line-height:1.38;margin-top:14pt;margin-bottom:4pt"><span style="font-size:12pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">BMC Runtime Configuration</span></h4><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt">See attached usb_network.sh. This needs to be executed at startup. Obviously, you'll need to replace the vendor and product ID as well as the strings with something different.</p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt">Network configuration needs to go into /etc/systemd/network. See attached 00-bmc-usb0.network.</p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><h4 dir="ltr" style="line-height:1.38;margin-top:14pt;margin-bottom:4pt"><span style="font-size:12pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Host Runtime Configuration</span></h4><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">As soon as the BMC is booted, the host should see the BMC as an additional USB hub.</span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span id="gmail-docs-internal-guid-3081e104-7fff-73ee-12d2-13ca308fb39d"><br></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">The last command on the BMC will cause an actual USB device to be visible to the host. If it does not get auto-loaded, load the cdc_ether driver manually. Once loaded, this adds a "usb0" network interface on the host that can be configured like any other Ethernet device:</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:"Courier New";color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">ifconfig usb0 169.254.254.1 netmask 255.255.255.0 up</span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br class="gmail-Apple-interchange-newline"></p></span></div><div><br></div><div>From here on you can then execute SSH / SCP from the host to the local BMC. However, for phosphor-ipmi-flash, it might be better to implement a new TCP-based method right in phosphor-ipmi-flash both on the BMC and the host side. The important bit is that whatever method you use, it must only stage the image to /tmp where phosphor-ipmi-flash-bios-verify.target can then pick it up for verification. You certainly don't want to have root-level access from the host to the BMC as that would allow the host to take ownership of the BMC.</div><div><br></div><div>Oskar.</div><div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Sep 11, 2019 at 11:23 AM Oskar Senft <<a href="mailto:osk@google.com">osk@google.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Harry<br><div><br></div><div>I've done some experiments with the USB virtual NIC on the AST2500 and found that to work rather nicely.</div><div><br></div><div>We're currently investigating in my team to use that interface as the primary method for transferring data between the host and the BMC. From what I can tell, this seems to be the fastest, most secure method. The advantage also is that it doesn't need any low-level HW / memory access on the host. However, the host still needs to have the USB NIC on its side supported (driver) and configured (IP address). For our environment (Linux), this is easy to achieve.</div><div><br></div><div>It should be possible to update the phosphor-ipmi-flash BMC and host side implementation to use a USB NIC for data transfer. However, we haven't investigated those details yet.</div><div><br></div><div>Other methods for data transfer (LPC, PCIe, eSPI, SuperI/O) all seem to open up a large security hole in the AST2500.</div><div><br></div><div>Oskar.</div><div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Sep 11, 2019 at 10:45 AM Patrick Venture <<a href="mailto:venture@google.com" target="_blank">venture@google.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, Sep 11, 2019 at 1:59 AM Harry Sung1 <<a href="mailto:hsung1@lenovo.com" target="_blank">hsung1@lenovo.com</a>> wrote:<br>
><br>
><br>
> > On Mon, Sep 9, 2019 at 7:01 AM Oskar Senft <<a href="mailto:osk@google.com" target="_blank">osk@google.com</a>> wrote:<br>
> > ><br>
> > > Hi Harry<br>
> > ><br>
> > > What's the behavior on eSPI? I assume you still have the aspeed-lpc-ctrl<br>
> > enabled, right?<br>
> > ><br>
> > > Thanks<br>
> > > Oskar.<br>
><br>
> Hi Oskar,<br>
> Yes, I still enabled the aspeed-lpc-ctrl in my build. Because phosphor-ipmi-flash has some mandatory actions on /dev/aspeed-lpc-ctrl before flash (settings for HICR5, HICR7 and HICR8) even though these settings are meaningless for eSPI.<br>
><br>
> Currently, I set ESPI084 (source address) and ESPI088 (target address) registers manually because linux seems not have a driver can help us to set ESPI084 and ESPI088.<br>
><br>
> Due to the limitation of AST2500, we can only write 256 bytes in one write operation (write shared memory).<br>
> Based on the test result, it takes about 30 mins to transfer a 32MB image over eSPI.<br>
<br>
:( wow, that's unfortunately rather slow.<br>
<br>
><br>
> Thanks,<br>
> Harry<br>
> > ><br>
> > > On Mon, Sep 9, 2019 at 4:41 AM Harry Sung1 <<a href="mailto:hsung1@lenovo.com" target="_blank">hsung1@lenovo.com</a>> wrote:<br>
> > >><br>
> > >> Hi Patrick,<br>
> > >><br>
> > >><br>
> > >><br>
> > >> I found “phosphor-ipmi-flash” have not support flash over eSPI yet.<br>
> > >><br>
> > >> May I ask if you have any plans to support flash over eSPI?<br>
> > >><br>
> > >><br>
> > >><br>
> > >> I have done a simple test about shared memory between host and BMC :<br>
> > >><br>
> > >> The shared memory is work after I set ESPI084 (source address) and ESPI088<br>
> > (target address) registers.<br>
> > >><br>
> > >> But it has an limitation that only 256 bytes are available on each page (4KB).<br>
> > >><br>
> > >><br>
> > >> For example, if host address starts to write from 0xFE0B0000 (BMC<br>
> > >> reserved enough memory already)<br>
> > >><br>
> > >> Writable area are:<br>
> > >><br>
> > >> 0xFE0B0000 ~ 0xFE0B00FF<br>
> > >><br>
> > >> 0xFE0B1000 ~ 0xFE0B10FF<br>
> > >><br>
> > >> 0xFE0B2000 ~ 0xFE0B20FF<br>
> > >><br>
> > >> 0xFE0B3000 ~ 0xFE0B30FF<br>
> > >><br>
> > >> …<br>
> > >><br>
> > >> …<br>
> > >><br>
> > >> …<br>
> > >><br>
> > >><br>
> > >><br>
> > >><br>
> > >><br>
> > >> Thanks,<br>
> > >> Harry<br>
> ><br>
> > Harry, currently there's no plan to implement it as I have no method of testing<br>
> > it, However, it should prove fairly straightforward to add another option to<br>
> > the transport mechanism list. Please let me know if you run into any<br>
> > blockers.<br>
><br>
> Hi Patrick,<br>
> Got it. The better way to set eSPI register is setting them by the driver, right?<br>
> For quick validation, I am going to use the " ipmilpc" interface and set necessary eSPI registers manually.<br>
<br>
I don't know as much about the eSPI variation of this. ipmilpc uses<br>
whatever LPC memory shared option is available (in coordination with<br>
the host+bmc). If eSPI doesn't use the aspeed-lpc-ctrl driver for<br>
what it needs, then perhaps a new option should be added ipmiespi?<br>
<br>
><br>
> Thanks,<br>
> Harry<br>
</blockquote></div>
</blockquote></div>