Modular Software-Defined BMCs

Powered by NXP i.MX SoCs

SolidRun’s Modular Software-Defined BMCs Powered by NXP i.MX SoCs

1. Taking a fresh, secure, and far more flexible approach to BMCs

Baseboard Management Controllers, or BMCs for short, are small computing systems within a server designed to monitor and control it in ways that would have historically required an administrator to be on-site. For example, BMCs monitor the physical state of a network server, such as temperature, humidity, power supply voltage, fan speeds, communications parameters, operating system functions, BIOS and more. If any of the monitored items stray beyond their specified parameters, administrators are automatically notified to take corrective action. With a BMC, basic corrective action can be executed remotely, while more involved fixes will require on-site support.

2. What is the problem?

Historically, BMCs were delivered as onboard solutions, comprised of an SoC, dedicated graphics, memory, flash storage and various I/Os, all built into a server’s motherboard. While effective at providing remote monitoring and remote KVM control of servers, these hardware BMCs are not immune to threats when not properly secured. Security researchers have found and confirmed vulnerabilities in hardware BMCs from several server manufacturers – which attackers can exploit. In fact, third-party researchers have found that hundreds of thousands of onboard BMC interfaces from most server manufacturers are vulnerable to internet attacks. Development and product lifecycles for onboard BMCs are long and thus, when vulnerabilities are discovered, attackers have a lengthy window of time to take advantage of them before a next-generation motherboard or server with an updated/fixed BMC is brought to market. Though countless onboard BMCs sold today are vulnerable to attack, their value to system admins is far too great to forego. 

3. The Solution

As they say, necessity is the mother of invention, and thus the Open Compute Project developed OpenBMC, an open-source implementation of the BMC firmware stack. Learn more at opencompute.org. A more flexible approach to BMC technology, OpenBMC combines open-hardware form factors (e.g., RunBMC or DC-SCM) and open-source software, to remove the BMC from the motherboard and make it a modular solution. As a module, OpenBMC solutions can be easily added to any server, swapped out or upgraded as necessary, and doesn’t require motherboard replacement if compromised. This is incredibly valuable to system administrators because now, instead of having to replace a compromised server, the server can be taken off-line for a short period of time to replace the BMC module and reimage the system. 

SolidRun, a leading provider of data center and edge solutions, has taken this modular approach to BMCs a step further with a software-defined architecture. SolidRun has reengineered modular BMCs with powerful off-the-shelf i.MX 8 and i.MX 9 Series SoCs from NXP that targets the IoT industry. These SoCs are secure by design and offer higher performance and more advanced features. Additionally, i.MX 8 and i.MX 9 Series SoCs are offered in many SKUs and integration levels, and each offers extensive I/O options and unique features that make them extremely flexible in terms of capabilities. By not being locked into specific component specs, SolidRun has enhanced BMC technology to support a variety of use cases and implementations. 

BMC Sideways

In Q4 of 2022, SolidRun revealed two OpenBMC offerings powered by multi-core i.MX 8 and i.MX 9 Series SoCs from NXP – one based on the RunBMC form factor and another based on the DC-SCMv2 form factor.  SolidRun’s modular BMC solutions  allow network administrators to further secure their servers, provide unparalleled remote monitoring and control capabilities, and make it easy to gain back control of compromised systems using open-source software. The software-defined approach also bolsters security by streamlining regular BMC updates, while allowing for a rapid response to threats, and quick deployment of patches and fixes to any found vulnerabilities. 

DC SCM concept rendering.464
4. SolidRun’s RunBMC and DC-SCM

SolidRun’s i.MX 8 and i.MX 9 Series-powered OpenBMC solutions feature multiple high-performance CPU cores for services and security, as well as an integrated GPU for local access and control of the BMC. Utilizing NXP Semiconductor’s SoCs allows SolidRun’s BMC solutions to support Secure Boot (a feature of NXP’s applications processors) and makes it possible for admins to implement a Root of Trust (RoT) image authentication. This means that integrated Flash memory is accessible only to the RoT function, and the host can access a software-defined (emulated) Flash memory under full supervision of the RoT – this protects the Flash from malicious attacks. The software-defined Flash also makes the system stateless after a reboot, which deletes all attacks’ unwanted footprints with a simple reboot and reduces the risk of malicious firmware being programmed on the boot devices and system settings being tampered with.

SolidRun Software-Defined BMC solutions feature a variety of I/O interfaces, including PCIe EP, Display, SPI, UARTS, GPIO and more, providing the necessary communication channels to monitor and control a vast variety of server functions. Integrated graphics allow these BMCs to function fully- independent of the host server, making it possible for admins to view and control their server status on-site and remotely. NoVNC, an open-source HTML VNC client, provides a browser-based user interface, while KVM emulation makes it possible to securely control, setup and adjust settings of SolidRun’s OpenBMC solutions from anywhere.

NXP’s i.MX 8 and i.MX 9 Series SoCs bring together high performance applications cores, an independent microcontroller-like real-time domain, video interfaces and accelerators, and a wide range of interfaces typically found on microcontrollers (such as large numbers of GPIO, UARTs, I2C, PWMs). Additionally, they enable state-of-the-art security with device-wide security intelligence, run-time attestation, silicon root of trust, key management, extensive cryptographic services, and trust provisioning collectively referred to as “EdgeLock® Secure Enclave.”

4.1 Table of Specifications
i.MX8M Plusi.MX93
Linux cores

2 or 4x A532x A55
Real-time cores1x M71x M33
DisplayHDMI, MIPI, LVDSMIPI, LVDS, Parallel RGB
Video

1080p60, H.264, H.265NA
PCIex1 Gen3NA
Gig Ethernet22
USB2x USB 2.0 or 3.02x USB2.0
UART48
I2C / I3C5x I2C8x I2C, 2x I3C
Timers6x timers, 3x WDT6x timers, 4x WDT
PWM

44
Temp sensorYesYes
ADC

NA4-channel, 12-bit
Flash

SDIO, MMC, QuadSPI, Octal SPI, raw NANDSDIO, MMC, Octal SPI
Conclusion

Administrators should consider modular OpenBMC solutions from SolidRun because:

  • Enhanced server and data center security
  • Instant updates, allowing admins to respond to threats and issues faster
  • Admins benefit from streamlined image updates, allowing them to proactively defend their servers and data centers with a growing repository of open-source BMC software 
  • Provide a cost-effective way to monitor the health of their servers

Taking a software-defined approach to the BMC and making it an open standard is revolutionizing server and data center security. SolidRun’s modular BMC solutions utilizing high-performance i.MX 8 and i.MX 9 series SoCs offer the same system monitoring and control benefits of traditional BMCs, while being extremely flexible, fully customizable, easy to upgrade and far more robust to security threats. 

To Learn More: 

Other Articles

BMC
RZ G2UL 2
Thank you for your message. It has been sent.


        Business Inquiries Form