phosphor-ipmi-flash: Update over eSPI interface

Oskar Senft osk at google.com
Fri Sep 13 02:36:33 AEST 2019 

Here some more details on how the USB virtual NIC works:
Sources

   -


   https://events.static.linuxfound.org/sites/events/files/slides/USB%20Gadget%20Configfs%20API_0.pdf
   -

   https://developer.toradex.com/knowledge-base/usb-device-mode-(linux)


Build Configuration

linux/arch/arm/boot/dts/aspeed-bmc-[machine].dts

+&vhub {

+       status = "okay";

+};

+

gbmc/[...]/recipes-kernel/linux/linux-aspeed/[machine].cfg

+# Enable virtual USB NIC

+CONFIG_USB_CONFIGFS_ECM=y

+CONFIG_USB_CONFIGFS_ECM_SUBSET=y

BMC Runtime Configuration

See attached usb_network.sh. This needs to be executed at startup.
Obviously, you'll need to replace the vendor and product ID as well as the
strings with something different.


Network configuration needs to go into /etc/systemd/network. See
attached 00-bmc-usb0.network.


Host Runtime Configuration

As soon as the BMC is booted, the host should see the BMC as an additional
USB hub.


The last command on the BMC will cause an actual USB device to be visible
to the host. If it does not get auto-loaded, load the cdc_ether driver
manually. Once loaded, this adds a "usb0" network interface on the host
that can be configured like any other Ethernet device:

ifconfig usb0 169.254.254.1 netmask 255.255.255.0 up



>From here on you can then execute SSH / SCP from the host to the local BMC.
However, for phosphor-ipmi-flash, it might be better to implement a new
TCP-based method right in phosphor-ipmi-flash both on the BMC and the host
side. The important bit is that whatever method you use, it must only stage
the image to /tmp where phosphor-ipmi-flash-bios-verify.target can then
pick it up for verification. You certainly don't want to have root-level
access from the host to the BMC as that would allow the host to take
ownership of the BMC.

Oskar.

On Wed, Sep 11, 2019 at 11:23 AM Oskar Senft <osk at google.com> wrote:

> Hi Harry
>
> I've done some experiments with the USB virtual NIC on the AST2500 and
> found that to work rather nicely.
>
> We're currently investigating in my team to use that interface as the
> primary method for transferring data between the host and the BMC. From
> what I can tell, this seems to be the fastest, most secure method. The
> advantage also is that it doesn't need any low-level HW / memory access on
> the host. However, the host still needs to have the USB NIC on its side
> supported (driver) and configured (IP address). For our environment
> (Linux), this is easy to achieve.
>
> It should be possible to update the phosphor-ipmi-flash BMC and host side
> implementation to use a USB NIC for data transfer. However, we haven't
> investigated those details yet.
>
> Other methods for data transfer (LPC, PCIe, eSPI, SuperI/O) all seem to
> open up a large security hole in the AST2500.
>
> Oskar.
>
> On Wed, Sep 11, 2019 at 10:45 AM Patrick Venture <venture at google.com>
> wrote:
>
>> On Wed, Sep 11, 2019 at 1:59 AM Harry Sung1 <hsung1 at lenovo.com> wrote:
>> >
>> >
>> > > On Mon, Sep 9, 2019 at 7:01 AM Oskar Senft <osk at google.com> wrote:
>> > > >
>> > > > Hi Harry
>> > > >
>> > > > What's the behavior on eSPI? I assume you still have the
>> aspeed-lpc-ctrl
>> > > enabled, right?
>> > > >
>> > > > Thanks
>> > > > Oskar.
>> >
>> > Hi Oskar,
>> > Yes, I still enabled the aspeed-lpc-ctrl in my build. Because
>> phosphor-ipmi-flash has some mandatory actions on /dev/aspeed-lpc-ctrl
>> before flash (settings for HICR5, HICR7 and HICR8) even though these
>> settings are meaningless for eSPI.
>> >
>> > Currently, I set ESPI084 (source address) and ESPI088 (target address)
>> registers manually because linux seems not have a driver can help us to set
>> ESPI084 and ESPI088.
>> >
>> > Due to the limitation of AST2500, we can only write 256 bytes in one
>> write operation (write shared memory).
>> > Based on the test result, it takes about 30 mins to transfer a 32MB
>> image over eSPI.
>>
>> :( wow, that's unfortunately rather slow.
>>
>> >
>> > Thanks,
>> > Harry
>> > > >
>> > > > On Mon, Sep 9, 2019 at 4:41 AM Harry Sung1 <hsung1 at lenovo.com>
>> wrote:
>> > > >>
>> > > >> Hi Patrick,
>> > > >>
>> > > >>
>> > > >>
>> > > >> I found “phosphor-ipmi-flash” have not support flash over eSPI yet.
>> > > >>
>> > > >> May I ask if you have any plans to support flash over eSPI?
>> > > >>
>> > > >>
>> > > >>
>> > > >> I have done a simple test about shared memory between host and BMC
>> :
>> > > >>
>> > > >> The shared memory is work after I set ESPI084 (source address) and
>> ESPI088
>> > > (target address) registers.
>> > > >>
>> > > >> But it has an limitation that only 256 bytes are available on each
>> page (4KB).
>> > > >>
>> > > >>
>> > > >> For example, if host address starts to write from 0xFE0B0000 (BMC
>> > > >> reserved enough memory already)
>> > > >>
>> > > >> Writable area are:
>> > > >>
>> > > >> 0xFE0B0000 ~ 0xFE0B00FF
>> > > >>
>> > > >> 0xFE0B1000 ~ 0xFE0B10FF
>> > > >>
>> > > >> 0xFE0B2000 ~ 0xFE0B20FF
>> > > >>
>> > > >> 0xFE0B3000 ~ 0xFE0B30FF
>> > > >>
>> > > >> …
>> > > >>
>> > > >> …
>> > > >>
>> > > >> …
>> > > >>
>> > > >>
>> > > >>
>> > > >>
>> > > >>
>> > > >> Thanks,
>> > > >> Harry
>> > >
>> > > Harry, currently there's no plan to implement it as I have no method
>> of testing
>> > > it,  However, it should prove fairly straightforward to add another
>> option to
>> > > the transport mechanism list.  Please let me know if you run into any
>> > > blockers.
>> >
>> > Hi Patrick,
>> > Got it. The better way to set eSPI register is setting them by the
>> driver, right?
>> > For quick validation, I am going to use the " ipmilpc" interface and
>> set necessary eSPI registers manually.
>>
>> I don't know as much about the eSPI variation of this.  ipmilpc uses
>> whatever LPC memory shared option is available (in coordination with
>> the host+bmc).  If eSPI doesn't use the aspeed-lpc-ctrl driver for
>> what it needs, then perhaps a new option should be added ipmiespi?
>>
>> >
>> > Thanks,
>> > Harry
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190912/eb5019d1/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 00-bmc-usb0.network
Type: application/octet-stream
Size: 106 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190912/eb5019d1/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usb_network.sh
Type: application/x-shellscript
Size: 1648 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190912/eb5019d1/attachment-0001.bin>

More information about the openbmc mailing list