What is OpenBMC server software
Joseph Reynolds
jrey at linux.ibm.com
Wed Apr 21 11:50:26 AEST 2021
On 4/17/21 3:27 AM, Thang Nguyen OS wrote:
> Hi,
>
> The Mozilla firefox SSL configuration, https://ssl-config.mozilla.org,
> provide suggestion for Web server software to use secure config by
> selecting the right Web server software, version and OpenSSL version.
>
> However, I can't find what Web server software and version that
> OpenBMC is using. How can I find the information and check if OpenBMC
> is using the best secure configuration?
Thang,
I had the same questions a while ago: When given a specific version of
OpenBMC, how do I know which versions of open source packages are pulled
in? This is useful for both license compliance and to understand if
specific vulnerabilities are in your code. I think I have some partial
answers.
Note that OpenBMC releases are shown here
https://github.com/openbmc/openbmc/wiki/Releases
but OpenBMC versions are often identified by a git commit. You can find
the OpenBMC version like this:
- If you are in your source tree, `git log -1` will show the commit number.
- If you have access to the BMC's file system, see file /etc/os-release.
The bitbake build process can produce license information; this also has
the exact source package versions used. For example, it can reliably
tell you which version of OpenSSL your build used. For details, refer
to the Yocto project `license.bbclass` and the Yocto project development
manual section titled "Maintaining Open Source License Compliance During
Your Product's Lifecycle". I believe OpenBMC produces this data by
default, which means the build process writes license manifest data to
files under build/tmp/deploy/licenses/{your-image-name}/.
If you are interested in how the source package versions are configured
in the OpenBMC source tree, you need to study the Yocto documentation.
Here are some specifics for component parts of an OpenBMC image
including the Linux kernel and OpenSSL:
1. You can find the Linux kernel version from your source, like this:
https://github.com/openbmc/openbmc/blob/master/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
2. You can find the OpenSSL recipe under:
https://github.com/openbmc/openbmc/tree/master/poky/meta/recipes-connectivity/openssl
You can find OpenBMC's SSL transport layer security configurations here:
- For the Web/REST API server SSL configuration, see hard-coded values
here:
https://github.com/openbmc/bmcweb/blob/master/include/ssl_key_handler.hpp
- For the SSH server SSL configuration (if using the dropbear server),
see compile time options here:
https://github.com/openbmc/openbmc/blob/master/meta-phosphor/recipes-core/dropbear/dropbear/options.patch
Finally, I've added this explanation to the OpenBMC project
configuration guide:
https://github.com/openbmc/openbmc/wiki/Configuration-guide
Thanks for asking!
- Joseph
>
> Best Regards,
>
> Thang Q. Nguyen -
>
More information about the openbmc
mailing list