Vernon Mauery

Vernon Mauery

Vernon has been working in the open source world through college and most of his career. His interests lie in embedded firmware and has found BMC firmware development, especially work on OpenBMC, to be a fulfilling job. One of his roles at work is a Product Security Expert, in which he has the opportunity to find ways to make Intel's BMCs more secure. In his spare time, Vernon has a passion for making excellent bread and pizza.

Improving Security and Readability at the Same Time

IPMI (Intelligent Platform Management Interface) is an old standard that was originally created during the time of 8051s and minimal processor capabilities. Security was not really one of the major concerns at the time. Now that BMCs (Baseboard Management Controllers), nearly all of which implement IPMI, are modern 32-bit processors capable of running firmware of substance, security is also becoming a bigger concern.

How do we take an ancient protocol like the command specification in IPMI and implement it in a way that provides some automatic security measures while maintaining code easy to read and debug?

Most BMC hardware is an SoC (system on a chip) that are based on some 32-bit ARM architecture, running at several hundred megahertz. With sufficient RAM and CPU cycles, we can move from assembly to C to C++. Modern C++ provides some powerful tools that can be used to write functions that do much of the tedious (and error-prone) deserialization and serialization of request and response parameters. But just because it is automatic does not mean that it is hard to write or read and debug. Say goodbye to manually parsed parameters and bounds checking on untrusted data. Embrace templates and compiler-generated code.