Most modern workstation and server mainboards contain an integrated, network-enabled auxiliary controller called the "Baseboard Management Controller", or BMC. This controller typically allows "lights-out" remote management of the server platform (i.e. power control via IPMI independent of the host operating system or hardware status), as well as handling basic management functions required for proper mainboard operation. The ASUS KGPE-D16 is no exception; it ships with a proprietary BMC that is riddled with security holes and as a result of both this and missing support in coreboot, the BMC, and all associated functionality of the mainboard, must be physically disabled when coreboot / librecore / libreboot is installed. This in turn disables a number of useful features of these workstation / server class mainboards, including all remote management and the integrated OS-independent fan control systems.
Why is it needed?
Anyone handling more than a couple of servers in a datacenter type environment, or in cases where even a single server is colocated in a remote facility, will require the remote management features provided by a typical BMC. Not having these features available will severely limit the use of server class coreboot systems outside of those few corporations that still retain expensive, antiquated rack-level hardware power management and console redirect systems -- not being able to remotely power cycle your server or drop to a secure recovery console is a deal breaker for all but the smallest, non-production setups.
Furthermore, a common complaint on server-grade hardware with coreboot is that the integrated power management does not function, requiring Linux to take over control of e.g. fans via a userspace process. Fan control is normally handled via the BMC on server-grade systems, and we have set a stretch goal to enable this functionality on the KGPE-D16. Finally, there is no security benefit to using coreboot with the proprietary BMC firmware; an attacker with access to the BMC can remotely power cycle your server, drop to a recovery shell, and/or hack in to the running system via "local" user attacks. This port of OpenBMC is critical to providing a secure, fully blob-free, powerful x86 server system that can be deployed with no loss of functionality compared to the equivalent insecure proprietary offerings.
Why crowdfunding?
Simply put, developing a new version of the entire OpenBMC stack for an unsupported chip and with no hardware documentation available is expensive! While Raptor Engineering, along with many other users of coreboot on the KGPE-D16, would benefit from this work, we do retain a custom, internal, hardware-based remote management system, and as such, we cannot justify fully funding this port with internal resources. That being said, we can justify sponsoring a large portion (over 50%) of the work; if the community can chip in to cover the remaining amount, the KGPE-D16 would be the only modern x86 mainboard to reach feature parity with proprietary systems while still remaining completely blob-free!
Why Raptor Engineering?
Raptor Engineering has extensive experience with both coreboot and the various AMD-based ASUS mainboards in the coreboot tree. We wrote and merged the native AMD Family 15h CPU and chipset support, as well as the mainboard support for the KGPE-D16 including the neccessary hardware reverse engineering. We have a long track record of quality work and support of libre, owner-controllable systems, as well as experience with the build and runtime environments typically seen in low-power embedded systems such as the BMC. We are confident that we can execute this port on time, on target, and in budget, and we hope that the community will look at our extensive track record with libre systems for confirmation of these facts.
What will the community receive?
Nothing less than a complete port of Facebook's OpenBMC stack to the BMC on the ASUS KGPE-D16! This includes the entire bootloader / kernel stack, drivers for the built-in IPMI interface, modifications to coreboot to support the BMC, and of course remote power and ID LED control, along with serial console access via SSH to the BMC.
Funding Goal
It is estimated that a full port of the base OpenBMC system would cost around $50,000 USD. Raptor Engineering will provide $30,000 USD of free development work toward this project because it meshes well with our overall goals and will reduce maintainance burden for our KGPE-D16 based clusters. That left $20,000 USD in missing funding, which the community has pledged to provide via this crowdfunding drive. Thank you all for your support!
Overall Goal: | $50,000 USD | |
Raptor's Contribution: | $30,000 USD | |
Community Goal: | $20,000 USD | |
Current Pledges: | $20,000 USD | |
Remaining Deficit: | $0 USD | |
Overall Funding Status: | 100.0% | |
Community Funding Status: | 100.0% | |
Stretch Goal Status | ||
Serial Console Current Pledges: | $3,000 USD | 100.0% |
Thermal Management Current Pledges: | $4,500 USD | 100.0% |
Flashrom Current Pledges: | $2,000 USD | 100.0% |
Overall Status | Collecting Pledges | |
Collected: | $29,542.71 USD | 100.0% |
Last update: 05/02/2017 |
Stretch Goals
We offered four stretch goals; three of these goals reached full funding pledge levels. The fourth goal did not attract any dedicated pledges and was removed before campaign completion to reduce confusion.
How to Pledge
This crowdfunding effort is community driven; Martin Roth of the coreboot project is collecting pledges on behalf of the community. To fulfull your pledge, please contact him at gaumless@gmail.com to work out a payment method that works for both parties. His GPG key is available from the MIT keyserver here (4096R/574C E6F6 855C FDEB 7D36 8E9D 1979 6C2B 3E4F 7DF7)
Timetable
Funding ended on 03/10/2017, and was received in full 04/19/2017. We expect to have something ready for initial release approximately two months after flashrom support has been implemented. The remaining stretch goals will be implemented after the base system has been released and completely stabilized. Flashrom support has already been completed; watch this page for further updates!
Public Contributors
Certain individuals and organizations have given permission to be listed publicly as contributors to this crowdfunding project. In order of contribution, they are: