RMCP support

Alexander Amelkin a.amelkin at yadro.com
Fri Sep 13 17:50:31 AEST 2019


11.09.2019 20:31, Vernon Mauery wrote:
> On 11-Sep-2019 05:27 AM, Neeraj Ladkani wrote:
>> Is there any plan to add RMCP support in IPMI LAN stack ?
> There are no plans for adding RMCP support. RMCP is horribly insecure; 
> even more insecure than the least secure RMCP+ cipher suites (not 
> counting cipher suite 0, which should not even be a thing.)
>
> Not implementing RMCP was an intentional choice. RMCP+ is insecure, 
> especially with passwords shorter than 8 (as shown by Rick Altherr's 
> OSFC 2019 presentation). It is recommended that RMCP+ is only used with 
> cipher suite 17 and maximum length passwords (20 characters). Ideally, 
> it would not be used at all, preferring Redfish, which uses modern 
> crypto.
>
> Every open source IPMI utility out there supports RMCP+. That should be 
> used instead of RMCP.

What about RMCP pings used for device discovery as described in section 13.13 of
IPMI specification?

AFAIK, it's not supported in OpenBMC and so `ipmiutil discover` fails to
discover OpenBMC devices.

With best regards,
Alexander Amelkin,
BIOS/BMC Team Lead, YADRO
https://yadro.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190913/915ceed7/attachment.sig>


More information about the openbmc mailing list