1*802ab0f0SJoseph Reynolds# OpenBMC interfaces 2*802ab0f0SJoseph Reynolds 3*802ab0f0SJoseph ReynoldsPurpose: This introduces a simplified view of the BMC's primary interfaces. 4*802ab0f0SJoseph ReynoldsIt is intended to provide a reference suitable for a wide audience: 5*802ab0f0SJoseph Reynolds - Engineers provide domain expertise in specific areas and learn about use 6*802ab0f0SJoseph Reynolds cases and threats their interfaces poses. 7*802ab0f0SJoseph Reynolds - Give BMC administrators and system integrators a simplified view of the 8*802ab0f0SJoseph Reynolds BMC's system interfaces. For example, to understand which interfaces can 9*802ab0f0SJoseph Reynolds be disabled. 10*802ab0f0SJoseph Reynolds - Management and security folks need everything to work and play together 11*802ab0f0SJoseph Reynolds nicely. For example, to understand the BMC's attack surfaces. 12*802ab0f0SJoseph Reynolds 13*802ab0f0SJoseph Reynolds## Introduction to the interfaces and services 14*802ab0f0SJoseph Reynolds 15*802ab0f0SJoseph ReynoldsThis section shows the BMC's primary interfaces and how they are related. It 16*802ab0f0SJoseph Reynoldsbegins with the BMC's physical interfaces and moves toward abstractions such 17*802ab0f0SJoseph Reynoldsas network services. The intent is to show the interfaces essential to the 18*802ab0f0SJoseph ReynoldsOpenBMC project in a framework to reason about which interfaces are present, 19*802ab0f0SJoseph Reynoldshow they are related. This provides a foundation to reason about which can be 20*802ab0f0SJoseph Reynoldsdisabled, how they are secured, etc. The appendix provides details about each 21*802ab0f0SJoseph Reynoldsinterface and service shown. 22*802ab0f0SJoseph Reynolds 23*802ab0f0SJoseph ReynoldsOpenBMC's services and the interfaces they provide are controlled by 24*802ab0f0SJoseph Reynolds`systemd`. This document references OpenBMC `systemd` unit names to help link 25*802ab0f0SJoseph Reynoldsconcepts to the source code. The reader is assumed to be familiar with 26*802ab0f0SJoseph Reynolds[systemd concepts][]. The templated units ("unit@.service") may be omitted 27*802ab0f0SJoseph Reynoldsfor clarity. Relevant details from the unit file may be shown, such as the 28*802ab0f0SJoseph Reynoldsprogram which implements a service. 29*802ab0f0SJoseph Reynolds 30*802ab0f0SJoseph ReynoldsThe OpenBMC [Service Management][] interface can control `systemd` services. 31*802ab0f0SJoseph ReynoldsFor example, disabling a BMC service will disable the corresponding external 32*802ab0f0SJoseph Reynoldsinterface. 33*802ab0f0SJoseph Reynolds 34*802ab0f0SJoseph Reynolds[systemd concepts]: https://www.freedesktop.org/software/systemd/man/systemd.html#Concepts 35*802ab0f0SJoseph Reynolds[Service Management]: https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/Control/Service/README.md 36*802ab0f0SJoseph Reynolds 37*802ab0f0SJoseph ReynoldsDiagrams are included to help visualize relationships. The diagrams show 38*802ab0f0SJoseph Reynoldsmanagement agents on the left side, the BMC in the center, and host elements 39*802ab0f0SJoseph Reynoldson the right side. The diagrams are simplified and are not intended to be 40*802ab0f0SJoseph Reynoldscomplete. 41*802ab0f0SJoseph Reynolds 42*802ab0f0SJoseph Reynolds### Physical interfaces 43*802ab0f0SJoseph Reynolds 44*802ab0f0SJoseph ReynoldsThis shows the BMC's physical connections including network, USB, UART serial, 45*802ab0f0SJoseph Reynoldsand connections to its host platform. This uses a simplified view of the host 46*802ab0f0SJoseph Reynoldswhich shows only the host interfaces that connect directly to the BMC. A 47*802ab0f0SJoseph Reynoldstypical host would have additional connections for console, network, etc. 48*802ab0f0SJoseph Reynolds 49*802ab0f0SJoseph ReynoldsInterfaces between the BMC and its host platform vary considerably based on 50*802ab0f0SJoseph ReynoldsBMC and host platform implementation. The information presented in this 51*802ab0f0SJoseph Reynoldssection and its subsections is intended to illustrate common elements, not to 52*802ab0f0SJoseph Reynoldsrepresent any particular system. This section is intended to be referenced by 53*802ab0f0SJoseph Reynoldsadditional documentation which gives details for specific BMC and host 54*802ab0f0SJoseph Reynoldsimplementations. 55*802ab0f0SJoseph Reynolds 56*802ab0f0SJoseph Reynolds``` 57*802ab0f0SJoseph Reynolds +----------------+ +----------------+ 58*802ab0f0SJoseph Reynolds | BMC | | Host | 59*802ab0f0SJoseph Reynolds | | | | 60*802ab0f0SJoseph Reynolds | Network -+- LPC ---+- | 61*802ab0f0SJoseph Reynolds -+- eth0 -+--PCIe --+- | 62*802ab0f0SJoseph Reynolds -+- eth1 -+--UART --+- | 63*802ab0f0SJoseph Reynolds | lo -+- I2C ---+- | 64*802ab0f0SJoseph Reynolds | -+--I3C ---+- | 65*802ab0f0SJoseph Reynolds | USB -+- SPI ---+- | 66*802ab0f0SJoseph Reynolds -+- usb0 -+- PECI --+- | 67*802ab0f0SJoseph Reynolds | -+- GPIOs -+- | 68*802ab0f0SJoseph Reynolds | Serial -+- UTMI --+- | 69*802ab0f0SJoseph Reynolds -+- tty0 | | | 70*802ab0f0SJoseph Reynolds | | | | 71*802ab0f0SJoseph Reynolds +----------------+ +----------------+ 72*802ab0f0SJoseph Reynolds``` 73*802ab0f0SJoseph Reynolds 74*802ab0f0SJoseph Reynolds#### Host-BMC physical interface transport protocols 75*802ab0f0SJoseph Reynolds 76*802ab0f0SJoseph ReynoldsThis lists protocols that operate over the BMC-host physical interfaces: 77*802ab0f0SJoseph Reynolds - Host IPMI. 78*802ab0f0SJoseph Reynolds - [MCTP][]. OpenBMC offers MCTP over LPC, PCIe, UART. 79*802ab0f0SJoseph Reynolds - Custom OEM solution. 80*802ab0f0SJoseph Reynolds 81*802ab0f0SJoseph Reynolds[MCTP]: https://www.dmtf.org/sites/default/files/standards/documents/DSP0236_1.3.0.pdf 82*802ab0f0SJoseph Reynolds 83*802ab0f0SJoseph Reynolds#### Host-BMC data models 84*802ab0f0SJoseph Reynolds 85*802ab0f0SJoseph ReynoldsThis lists specifications for the data which flows over the BMC-host transport 86*802ab0f0SJoseph Reynoldsprotocols: 87*802ab0f0SJoseph Reynolds - Host IPMI. 88*802ab0f0SJoseph Reynolds - PLDM (DMTF document DSP0240). 89*802ab0f0SJoseph Reynolds - Custom OEM solution. 90*802ab0f0SJoseph Reynolds 91*802ab0f0SJoseph Reynolds### Network services provided 92*802ab0f0SJoseph Reynolds 93*802ab0f0SJoseph ReynoldsOpenBMC provides services via its management network. The default services 94*802ab0f0SJoseph Reynoldsare listed here by port number. More information about each service is given 95*802ab0f0SJoseph Reynoldsin sections below or in the appendix. 96*802ab0f0SJoseph Reynolds 97*802ab0f0SJoseph Reynolds``` 98*802ab0f0SJoseph Reynolds +----------------------------------+ 99*802ab0f0SJoseph Reynolds | BMC | 100*802ab0f0SJoseph Reynolds | | 101*802ab0f0SJoseph Reynolds -+-+ Network services | 102*802ab0f0SJoseph Reynolds | | | 103*802ab0f0SJoseph Reynolds | +-+ TCP ports | 104*802ab0f0SJoseph Reynolds | | +- 22 ssh - shell | 105*802ab0f0SJoseph Reynolds | | +- 80 HTTP (no connection) | 106*802ab0f0SJoseph Reynolds | | +- 443 HTTPS | 107*802ab0f0SJoseph Reynolds | | +- 2200 ssh - host console | 108*802ab0f0SJoseph Reynolds | | +- 5355 mDNS service discovery | 109*802ab0f0SJoseph Reynolds | | | 110*802ab0f0SJoseph Reynolds | +-+ UDP ports | 111*802ab0f0SJoseph Reynolds | +- 427 SLP | 112*802ab0f0SJoseph Reynolds | +- 623 RCMP+ IPMI | 113*802ab0f0SJoseph Reynolds | +- 5355 mDNS service discovery | 114*802ab0f0SJoseph Reynolds | | 115*802ab0f0SJoseph Reynolds +----------------------------------+ 116*802ab0f0SJoseph Reynolds``` 117*802ab0f0SJoseph Reynolds 118*802ab0f0SJoseph ReynoldsServices provided to connected clients may use ports for: 119*802ab0f0SJoseph Reynolds - Active SSH sessions. 120*802ab0f0SJoseph Reynolds - Active KVM-IP sessions. 121*802ab0f0SJoseph Reynolds - Active virtual media sessions. 122*802ab0f0SJoseph Reynolds 123*802ab0f0SJoseph Reynolds### Network services consumed 124*802ab0f0SJoseph Reynolds 125*802ab0f0SJoseph ReynoldsThis section lists network services used by OpenBMC systems. OpenBMC uses the 126*802ab0f0SJoseph Reynoldstypical services in the usual way, such as NTP, DNS, and DHCP. In addition, 127*802ab0f0SJoseph ReynoldsOpenBMC uses: 128*802ab0f0SJoseph Reynolds - TFTP (disabled by default, when invoked by BMC operator) - Trivial FTP 129*802ab0f0SJoseph Reynolds client to fetch firmware images for [code update][]. 130*802ab0f0SJoseph Reynolds - SNMP manager to catch [SNMP traps][] (when enabled). 131*802ab0f0SJoseph Reynolds 132*802ab0f0SJoseph Reynolds[code update]: https://github.com/openbmc/docs/blob/master/code-update/code-update.md 133*802ab0f0SJoseph Reynolds[SNMP traps]: https://github.com/openbmc/phosphor-snmp/blob/master/docs/snmp-configuration.md 134*802ab0f0SJoseph Reynolds 135*802ab0f0SJoseph Reynolds### Host console 136*802ab0f0SJoseph Reynolds 137*802ab0f0SJoseph ReynoldsOpenBMC provides access to its host's serial console in various ways: 138*802ab0f0SJoseph Reynolds - Client access via network IPMI. 139*802ab0f0SJoseph Reynolds - Client access via ssh port 2200. 140*802ab0f0SJoseph Reynolds - The hostlogger facility. 141*802ab0f0SJoseph Reynolds 142*802ab0f0SJoseph Reynolds``` 143*802ab0f0SJoseph Reynolds +---------------------------+ +-----------------+ 144*802ab0f0SJoseph Reynolds | BMC | | Host | 145*802ab0f0SJoseph Reynolds ipmitool sol | | | | 146*802ab0f0SJoseph Reynolds activate | | | | 147*802ab0f0SJoseph Reynolds UDP port 623 .... netipmid ------------} | | | 148*802ab0f0SJoseph Reynolds | } | | | 149*802ab0f0SJoseph Reynolds ssh -p 2200 ... obmc-console-client -}---+----+- serial UART | 150*802ab0f0SJoseph Reynolds TCP port 2200 | } | | console | 151*802ab0f0SJoseph Reynolds | hostlogger ----------} | | | 152*802ab0f0SJoseph Reynolds | | | | 153*802ab0f0SJoseph Reynolds +---------------------------+ +-----------------+ 154*802ab0f0SJoseph Reynolds``` 155*802ab0f0SJoseph Reynolds 156*802ab0f0SJoseph ReynoldsThe [obmc-console][] details how the host UART connection is abstracted within 157*802ab0f0SJoseph Reynoldsthe BMC as a Unix domain socket. 158*802ab0f0SJoseph Reynolds 159*802ab0f0SJoseph Reynolds[obmc-console]: https://github.com/openbmc/obmc-console/blob/master/README.md 160*802ab0f0SJoseph Reynolds 161*802ab0f0SJoseph Reynolds### Web services 162*802ab0f0SJoseph Reynolds 163*802ab0f0SJoseph ReynoldsOpenBMC provides a custom HTTP/Web server called BMCWeb. 164*802ab0f0SJoseph Reynolds 165*802ab0f0SJoseph Reynolds``` 166*802ab0f0SJoseph Reynolds +--------------------------------------------------+ 167*802ab0f0SJoseph Reynolds | BMC | 168*802ab0f0SJoseph Reynolds | | 169*802ab0f0SJoseph Reynolds -+-+ Network services | 170*802ab0f0SJoseph Reynolds | ++ TCP | 171*802ab0f0SJoseph Reynolds | +- 443 HTTPS - BMCWeb -> { static content | 172*802ab0f0SJoseph Reynolds | | { Web app (webui) | 173*802ab0f0SJoseph Reynolds | +- (other ports) <---+ { Redfish schema | 174*802ab0f0SJoseph Reynolds | | | { /login | 175*802ab0f0SJoseph Reynolds | V | { Redfish REST APIs | 176*802ab0f0SJoseph Reynolds -+- Websockets -+ | { Phosphor REST APIs | 177*802ab0f0SJoseph Reynolds | | +<--{-- can set up: | 178*802ab0f0SJoseph Reynolds | | { KVM-IP, USB-IP, | 179*802ab0f0SJoseph Reynolds | various { Virtual Media | 180*802ab0f0SJoseph Reynolds | | 181*802ab0f0SJoseph Reynolds +--------------------------------------------------+ 182*802ab0f0SJoseph Reynolds``` 183*802ab0f0SJoseph Reynolds 184*802ab0f0SJoseph ReynoldsIn the diagram, the arrowheads represent the flow of control from web agents to 185*802ab0f0SJoseph ReynoldsBMCWeb APIs, some of which set up Websockets which give the network agent 186*802ab0f0SJoseph Reynoldsdirect communication with the desired interface (not via BMCWeb). 187*802ab0f0SJoseph Reynolds 188*802ab0f0SJoseph ReynoldsNote that [BMCWeb is configurable][] at compile time. This section describes 189*802ab0f0SJoseph Reynoldsthe default configuration (which serves the HTTP application protocol over the 190*802ab0f0SJoseph ReynoldsHTTPS transport protocol on TCP port 443). 191*802ab0f0SJoseph Reynolds 192*802ab0f0SJoseph Reynolds[BMCWeb is configurable]: https://github.com/openbmc/bmcweb/blob/master/CMakeLists.txt 193*802ab0f0SJoseph Reynolds 194*802ab0f0SJoseph ReynoldsServices provided: 195*802ab0f0SJoseph Reynolds - Web application (phosphor-webui) and other static content 196*802ab0f0SJoseph Reynolds - REST APIs including custom phosphor-rest and Redfish APIs 197*802ab0f0SJoseph Reynolds - KVM-IP (Keyboard, Video, Mouse over IP) 198*802ab0f0SJoseph Reynolds - Virtual media via USB-IP (Universal Serial Bus over IP) 199*802ab0f0SJoseph Reynolds - others 200*802ab0f0SJoseph Reynolds 201*802ab0f0SJoseph Reynolds 202*802ab0f0SJoseph Reynolds### Host IPMI services 203*802ab0f0SJoseph Reynolds 204*802ab0f0SJoseph ReynoldsOpenBMC provides a host IPMI service. 205*802ab0f0SJoseph Reynolds 206*802ab0f0SJoseph Reynolds``` 207*802ab0f0SJoseph Reynolds +---------------+ +-----------------+ 208*802ab0f0SJoseph Reynolds | BMC | | Host | 209*802ab0f0SJoseph Reynolds | | | | 210*802ab0f0SJoseph Reynolds | ipmid -+----+- | 211*802ab0f0SJoseph Reynolds | | | | 212*802ab0f0SJoseph Reynolds +---------------+ +-----------------+ 213*802ab0f0SJoseph Reynolds``` 214*802ab0f0SJoseph Reynolds 215*802ab0f0SJoseph ReynoldsThe IPMI firmware firewall (which aims to control which host commands and 216*802ab0f0SJoseph Reynoldschannels can be used) is not implemented in OpenBMC. There is support for a 217*802ab0f0SJoseph Reynolds[Phosphor host IPMI whitelist][] scheme. 218*802ab0f0SJoseph Reynolds 219*802ab0f0SJoseph Reynolds[Phosphor host IPMI whitelist]: https://github.com/openbmc/openbmc/blob/master/meta-phosphor/classes/phosphor-ipmi-host-whitelist.bbclass 220*802ab0f0SJoseph Reynolds 221*802ab0f0SJoseph Reynolds### D-Bus interfaces 222*802ab0f0SJoseph Reynolds 223*802ab0f0SJoseph ReynoldsOpenBMC uses D-Bus interfaces as the primary way to communicate (inter-process 224*802ab0f0SJoseph Reynoldscommunication) between OpenBMC applications. Note that other methods are 225*802ab0f0SJoseph Reynoldsused, for example Unix domain sockets. 226*802ab0f0SJoseph Reynolds 227*802ab0f0SJoseph Reynolds``` 228*802ab0f0SJoseph Reynolds +--------------------------------------------------+ 229*802ab0f0SJoseph Reynolds | BMC | 230*802ab0f0SJoseph Reynolds | | 231*802ab0f0SJoseph Reynolds | +-------+ | 232*802ab0f0SJoseph Reynolds | | D-Bus | | 233*802ab0f0SJoseph Reynolds | | -+- bmcweb | 234*802ab0f0SJoseph Reynolds | | -+- ipmid | 235*802ab0f0SJoseph Reynolds | | -+- ... | 236*802ab0f0SJoseph Reynolds | | -+- many more (not shown here) | 237*802ab0f0SJoseph Reynolds | | -+- ... | 238*802ab0f0SJoseph Reynolds | | | | 239*802ab0f0SJoseph Reynolds | +-------+ | 240*802ab0f0SJoseph Reynolds | | 241*802ab0f0SJoseph Reynolds +--------------------------------------------------+ 242*802ab0f0SJoseph Reynolds``` 243*802ab0f0SJoseph Reynolds 244*802ab0f0SJoseph ReynoldsTo learn more, read the [Phosphor D-Bus interface docs][] and search for 245*802ab0f0SJoseph ReynoldsREADME files in various subdirectories under the xyz/openbmc_project path. 246*802ab0f0SJoseph Reynolds 247*802ab0f0SJoseph Reynolds[Phosphor D-Bus interface docs]: https://github.com/openbmc/phosphor-dbus-interfaces 248*802ab0f0SJoseph Reynolds 249*802ab0f0SJoseph Reynolds 250*802ab0f0SJoseph Reynolds## Interfaces and services 251*802ab0f0SJoseph Reynolds 252*802ab0f0SJoseph ReynoldsThis section lists each interface and service shown in this document. The 253*802ab0f0SJoseph Reynoldsintent is to give the relevance of each item and how to locate details in the 254*802ab0f0SJoseph Reynoldssource code. 255*802ab0f0SJoseph Reynolds 256*802ab0f0SJoseph Reynolds### BMC network 257*802ab0f0SJoseph Reynolds 258*802ab0f0SJoseph ReynoldsThis sections shows variations in the operational environment of the BMC's 259*802ab0f0SJoseph Reynoldsmanagement network. 260*802ab0f0SJoseph Reynolds 261*802ab0f0SJoseph ReynoldsThe BMC may be connected to a network used to manage the BMC. This is dubbed 262*802ab0f0SJoseph Reynoldsthe "management network" to distinguish it from the payload network the host 263*802ab0f0SJoseph Reynoldssystem is connected to. These are typically separate networks. 264*802ab0f0SJoseph Reynolds``` 265*802ab0f0SJoseph Reynolds +-----------+ +----------------+ 266*802ab0f0SJoseph Reynolds | BMC | | Host | 267*802ab0f0SJoseph Reynoldsmanagement | | | | 268*802ab0f0SJoseph Reynoldsnetwork ---+- Network | | Network -+- payload 269*802ab0f0SJoseph Reynolds | | | | network 270*802ab0f0SJoseph Reynolds +-----------+ +----------------+ 271*802ab0f0SJoseph Reynolds``` 272*802ab0f0SJoseph Reynolds 273*802ab0f0SJoseph ReynoldsThe BMC may be served by a Network Controller Sideband Interface (NC-SI) which 274*802ab0f0SJoseph Reynoldsmaintains a logically separate network from the host, as shown in this diagram: 275*802ab0f0SJoseph Reynolds``` 276*802ab0f0SJoseph Reynolds +-----------+ +----------------+ 277*802ab0f0SJoseph Reynolds | BMC | | Host | 278*802ab0f0SJoseph Reynoldsmanagement | | | | 279*802ab0f0SJoseph Reynoldsnetwork +-+- Network | | Network -+-+ 280*802ab0f0SJoseph Reynolds | | | | | | 281*802ab0f0SJoseph Reynolds | +-----------+ +----------------+ | 282*802ab0f0SJoseph Reynolds | | 283*802ab0f0SJoseph Reynolds | +------------------+ | 284*802ab0f0SJoseph Reynolds | | NIC | | 285*802ab0f0SJoseph Reynolds | |.........+ -+-------------+ 286*802ab0f0SJoseph Reynolds +------+- side- : | 287*802ab0f0SJoseph Reynoldsmanagement -------+- band : -+- payload 288*802ab0f0SJoseph Reynoldsnetwork |.........+ | network 289*802ab0f0SJoseph Reynolds +------------------+ 290*802ab0f0SJoseph Reynolds``` 291*802ab0f0SJoseph Reynolds 292*802ab0f0SJoseph ReynoldsThe BMC's management network may be provided by its host system and have no 293*802ab0f0SJoseph Reynoldsdirect connection external to the host, as shown in this diagram: 294*802ab0f0SJoseph Reynolds``` 295*802ab0f0SJoseph Reynolds +-----------+ +----------------+ 296*802ab0f0SJoseph Reynolds | BMC | | Host | 297*802ab0f0SJoseph Reynolds | | | | 298*802ab0f0SJoseph Reynolds +--+- Network | | Network -+- payload 299*802ab0f0SJoseph Reynolds | | | | | network 300*802ab0f0SJoseph Reynolds | | | +--+- management | 301*802ab0f0SJoseph Reynolds | | | | | network | 302*802ab0f0SJoseph Reynolds | +-----------+ | +----------------+ 303*802ab0f0SJoseph Reynolds | | 304*802ab0f0SJoseph Reynolds +------------------+ 305*802ab0f0SJoseph Reynolds``` 306*802ab0f0SJoseph Reynolds 307*802ab0f0SJoseph ReynoldsThe BMC's management network may be connected to USB (LAN over USB): 308*802ab0f0SJoseph Reynolds``` 309*802ab0f0SJoseph Reynolds +-----------+ +----------------+ 310*802ab0f0SJoseph Reynolds | BMC | | Host | 311*802ab0f0SJoseph Reynolds +-+ | | | | 312*802ab0f0SJoseph Reynolds USB --+---+- Network | | Network -+- payload 313*802ab0f0SJoseph Reynolds +-+ | | | | network 314*802ab0f0SJoseph Reynolds | | | | 315*802ab0f0SJoseph Reynolds +-----------+ +----------------+ 316*802ab0f0SJoseph Reynolds``` 317*802ab0f0SJoseph Reynolds 318*802ab0f0SJoseph Reynolds### BMC serial 319*802ab0f0SJoseph Reynolds 320*802ab0f0SJoseph ReynoldsThis gives access to the BMC's console which provides such function as 321*802ab0f0SJoseph Reynoldscontrolling the BMC's U-Boot and then providing access to the BMC's shell. 322*802ab0f0SJoseph ReynoldsContrast with the host serial console access. 323*802ab0f0SJoseph Reynolds 324*802ab0f0SJoseph Reynolds### Network interfaces 325*802ab0f0SJoseph Reynolds 326*802ab0f0SJoseph ReynoldsThis refers to the standard NIC and Linux network services on the BMC. 327*802ab0f0SJoseph Reynolds 328*802ab0f0SJoseph Reynolds### Secure Shell (SSH) 329*802ab0f0SJoseph Reynolds 330*802ab0f0SJoseph ReynoldsThis refers to the SSH protocol which provides both secure shell (ssh) and 331*802ab0f0SJoseph Reynoldssecure copy (scp) access to the BMC. OpenBMC uses the Dropbear SSH 332*802ab0f0SJoseph Reynoldsimplementation. Note that port 22 connects to the BMC's shell, while port 2200 333*802ab0f0SJoseph Reynoldsconnects to the host console. 334*802ab0f0SJoseph Reynolds 335*802ab0f0SJoseph Reynolds### HTTP and HTTPS 336*802ab0f0SJoseph Reynolds 337*802ab0f0SJoseph ReynoldsOpenBMC supports the HTTP application protocol over HTTPS, both handled by the 338*802ab0f0SJoseph ReynoldsBMCWeb server. The "http" URI scheme is disabled by default but can be 339*802ab0f0SJoseph Reynoldsenabled at compile time by BMCWeb configuration options. 340*802ab0f0SJoseph Reynolds 341*802ab0f0SJoseph Reynolds### Host serial console 342*802ab0f0SJoseph Reynolds 343*802ab0f0SJoseph ReynoldsRefers to the BMC's access to its host's serial connection which typically 344*802ab0f0SJoseph Reynoldsaccesses the host system's console. See also `obmc-console-server` which 345*802ab0f0SJoseph Reynoldsprovides host serial access to various internal BMC services. Contrast with 346*802ab0f0SJoseph Reynoldsaccess to the BMC's serial connection which provides access to the BMC's 347*802ab0f0SJoseph Reynoldsconsole. 348*802ab0f0SJoseph Reynolds 349*802ab0f0SJoseph Reynolds### Service discovery 350*802ab0f0SJoseph Reynolds 351*802ab0f0SJoseph ReynoldsRefers to the multicast discovery service (mDNS). For example, you can find 352*802ab0f0SJoseph Reynoldsthe BMC via the `avahi-browse -rt _obmc_rest._tcp` command. 353*802ab0f0SJoseph Reynolds 354*802ab0f0SJoseph Reynolds### Service Location Protocol (SLP) 355*802ab0f0SJoseph Reynolds 356*802ab0f0SJoseph ReynoldsRefers to the unicast service discovery protocol provided by `slpd`. For 357*802ab0f0SJoseph Reynoldsexample, you can find the BMC via the `slptool -u ${ip} findsrvtypes or 358*802ab0f0SJoseph Reynoldsfindsrvs` command. 359*802ab0f0SJoseph Reynolds 360*802ab0f0SJoseph Reynolds### RCMP+, IPMI, and ipmitool 361*802ab0f0SJoseph Reynolds 362*802ab0f0SJoseph ReynoldsRefers to the RCMP+ protocol and IPMI implementation provided by `netipmid` 363*802ab0f0SJoseph Reynoldswith source here: `https://github.com/openbmc/phosphor-net-ipmid` and some 364*802ab0f0SJoseph Reynoldsdetails provided by [IPMI Session management][]. Network IPMI provides access 365*802ab0f0SJoseph Reynoldsto many resources including host IPMI access, SOL (access to the host 366*802ab0f0SJoseph Reynoldsconsole), and more. Also known as out of band IPMI. Contrast with host-IPMI 367*802ab0f0SJoseph Reynoldswhich interacts with the host and with Redfish which provides alternate 368*802ab0f0SJoseph Reynoldsfunction. 369*802ab0f0SJoseph Reynolds 370*802ab0f0SJoseph ReynoldsThe BMC's RCMP+ IPMI interface is designed to be operated by the 371*802ab0f0SJoseph Reynolds`[ipmitool][]` external command. 372*802ab0f0SJoseph Reynolds 373*802ab0f0SJoseph Reynolds[IPMI Session management]: https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/Ipmi/SESSION_README.md 374*802ab0f0SJoseph Reynolds[ipmitool]: https://github.com/ipmitool/ipmitool 375*802ab0f0SJoseph Reynolds 376*802ab0f0SJoseph Reynolds### Host IPMI 377*802ab0f0SJoseph Reynolds 378*802ab0f0SJoseph ReynoldsRefers to the host-facing IPMI service provided by the `ipmid` program with 379*802ab0f0SJoseph Reynoldssource here: `https://github.com/openbmc/phosphor-host-ipmid`. The systemd 380*802ab0f0SJoseph Reynoldsservice is `phosphor-ipmi-host` implemented by the `ipmid` program. Also 381*802ab0f0SJoseph Reynoldsknown as in-band IPMI. Contrast with RCMP+ which faces the network and with 382*802ab0f0SJoseph ReynoldsPLDM which provides alternate function. 383*802ab0f0SJoseph Reynolds 384*802ab0f0SJoseph Reynolds### BMC shell 385*802ab0f0SJoseph Reynolds 386*802ab0f0SJoseph ReynoldsThis refers to the BMC's command line interface which defaults to the `bash` 387*802ab0f0SJoseph Reynoldsprogram provided via the `/bin/sh` path on the BMC's file system. Note that 388*802ab0f0SJoseph Reynoldsthe shell (together with its utility programs) provides access to many of the 389*802ab0f0SJoseph ReynoldsBMC's internal and external interfaces. 390*802ab0f0SJoseph Reynolds 391*802ab0f0SJoseph Reynolds### obmc-console 392*802ab0f0SJoseph Reynolds 393*802ab0f0SJoseph ReynoldsThis refers to support for multiple independent consoles in 394*802ab0f0SJoseph Reynoldshttps://github.com/openbmc/obmc-console and two applications: 395*802ab0f0SJoseph Reynolds - The `obmc-console-server` abstracts the host console (UART) connection as a 396*802ab0f0SJoseph Reynolds Unix domain socket. 397*802ab0f0SJoseph Reynolds - The `obmc-console-client` can connect a console to an SSH session. 398*802ab0f0SJoseph Reynolds 399*802ab0f0SJoseph ReynoldsOther applications use the console server. 400*802ab0f0SJoseph Reynolds 401*802ab0f0SJoseph Reynolds### hostlogger 402*802ab0f0SJoseph Reynolds 403*802ab0f0SJoseph ReynoldsRefers to the BMC service provided by the `hostlogger` program here: 404*802ab0f0SJoseph Reynoldshttps://github.com/openbmc/phosphor-hostlogger which listens to the 405*802ab0f0SJoseph Reynolds`obmc-console-server` and logs host console messages into the BMC's file 406*802ab0f0SJoseph Reynoldssystem. 407*802ab0f0SJoseph Reynolds 408*802ab0f0SJoseph Reynolds### BMCWeb web server 409*802ab0f0SJoseph Reynolds 410*802ab0f0SJoseph ReynoldsRefers to the custom HTTP/Web server with source here: 411*802ab0f0SJoseph Reynoldshttps://github.com/openbmc/bmcweb Note that BMCWeb is configurable per 412*802ab0f0SJoseph Reynoldshttps://github.com/openbmc/bmcweb/blob/master/CMakeLists.txt with build-time 413*802ab0f0SJoseph Reynoldsoptions to control which interfaces it provides. For example, there are 414*802ab0f0SJoseph Reynoldsconfigurations options to: 415*802ab0f0SJoseph Reynolds - enable downloading firmware images from a TFTP server 416*802ab0f0SJoseph Reynolds - enable the "http" URI scheme 417*802ab0f0SJoseph Reynolds - others 418*802ab0f0SJoseph Reynolds 419*802ab0f0SJoseph ReynoldsThe webserver also sets up Secure Websockets for services such as KVM-IP, 420*802ab0f0SJoseph ReynoldsVirtual-USB, and more. 421*802ab0f0SJoseph Reynolds 422*802ab0f0SJoseph Reynolds### Redfish 423*802ab0f0SJoseph Reynolds 424*802ab0f0SJoseph ReynoldsRefers to the set of Redfish REST APIs served by the BMCWeb web server. See 425*802ab0f0SJoseph Reynoldsdetails here: https://github.com/openbmc/bmcweb/blob/master/Redfish.md with 426*802ab0f0SJoseph Reynoldsdocs here: https://github.com/openbmc/docs/blob/master/REDFISH-cheatsheet.md 427*802ab0f0SJoseph Reynolds 428*802ab0f0SJoseph Reynolds### phosphor-dbus-rest 429*802ab0f0SJoseph Reynolds 430*802ab0f0SJoseph ReynoldsRefers to the legacy REST APIs optionally served by the BMCWeb server. 431*802ab0f0SJoseph ReynoldsDocs: https://github.com/openbmc/docs/blob/master/REST-cheatsheet.md 432*802ab0f0SJoseph Reynolds 433*802ab0f0SJoseph Reynolds### KVM-IP 434*802ab0f0SJoseph Reynolds 435*802ab0f0SJoseph ReynoldsRefers to the OpenBMC implementation of the Remote Frame Buffer (RFB, aka VNC) 436*802ab0f0SJoseph Reynoldsprotocol which lets you operate the host system's keyboard, video, and mouse 437*802ab0f0SJoseph Reynolds(KVM) remotely. See https://github.com/openbmc/obmc-ikvm/blob/master/README.md 438*802ab0f0SJoseph ReynoldsAlso known as IPKvm. Do not confuse with Kernel Virtual Machine (the other 439*802ab0f0SJoseph ReynoldsKVM). 440*802ab0f0SJoseph Reynolds 441*802ab0f0SJoseph Reynolds### Virtual media 442*802ab0f0SJoseph Reynolds 443*802ab0f0SJoseph ReynoldsAlso known as: remote media and USB-over-IP. Design: 444*802ab0f0SJoseph Reynoldshttps://github.com/openbmc/docs/blob/master/designs/VirtualMedia.md 445*802ab0f0SJoseph ReynoldsContrast with LAN-over-USB. 446*802ab0f0SJoseph Reynolds 447*802ab0f0SJoseph Reynolds### Virtual USB 448*802ab0f0SJoseph Reynolds 449*802ab0f0SJoseph ReynoldsAlso known as USB-over-IP, and helps implement virtual media. Contrast with 450*802ab0f0SJoseph Reynoldsthe BMC and host physical USB ports. 451