Improving Security and Readability at the Same Time


IPMI (Intelligent Platform Management Interface) is an old standard that was originally created during the time of 8051s and minimal processor capabilities. Security was not really one of the major concerns at the time. Now that BMCs (Baseboard Management Controllers), nearly all of which implement IPMI, are modern 32-bit processors capable of running firmware of substance, security is also becoming a bigger concern.

How do we take an ancient protocol like the command specification in IPMI and implement it in a way that provides some automatic security measures while maintaining code easy to read and debug?

Most BMC hardware is an SoC (system on a chip) that are based on some 32-bit ARM architecture, running at several hundred megahertz. With sufficient RAM and CPU cycles, we can move from assembly to C to C++. Modern C++ provides some powerful tools that can be used to write functions that do much of the tedious (and error-prone) deserialization and serialization of request and response parameters. But just because it is automatic does not mean that it is hard to write or read and debug. Say goodbye to manually parsed parameters and bounds checking on untrusted data. Embrace templates and compiler-generated code.