RMCP support
Alexander Amelkin
a.amelkin at yadro.com
Fri Sep 13 17:50:31 AEST 2019
11.09.2019 20:31, Vernon Mauery wrote:
> On 11-Sep-2019 05:27 AM, Neeraj Ladkani wrote:
>> Is there any plan to add RMCP support in IPMI LAN stack ?
> There are no plans for adding RMCP support. RMCP is horribly insecure;
> even more insecure than the least secure RMCP+ cipher suites (not
> counting cipher suite 0, which should not even be a thing.)
>
> Not implementing RMCP was an intentional choice. RMCP+ is insecure,
> especially with passwords shorter than 8 (as shown by Rick Altherr's
> OSFC 2019 presentation). It is recommended that RMCP+ is only used with
> cipher suite 17 and maximum length passwords (20 characters). Ideally,
> it would not be used at all, preferring Redfish, which uses modern
> crypto.
>
> Every open source IPMI utility out there supports RMCP+. That should be
> used instead of RMCP.
What about RMCP pings used for device discovery as described in section 13.13 of
IPMI specification?
AFAIK, it's not supported in OpenBMC and so `ipmiutil discover` fails to
discover OpenBMC devices.
With best regards,
Alexander Amelkin,
BIOS/BMC Team Lead, YADRO
https://yadro.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190913/915ceed7/attachment.sig>
More information about the openbmc
mailing list