[Info-vax] RX2800 i4 iLO 3 firmware

Sat Jun 26 13:01:27 EDT 2021

On 2021-06-26 14:31:56 +0000, chris said:

> On 06/23/21 18:47, Eberhard Heuser wrote:
>> Do you know if there is a special CPU for the ILO Programm? And if 
>> true, could you tell which one?
> 
> On most modern servers, the ilo is driven by a separate management 
> processor on the motherboard, usually an embedded microprocessor with 
> it's own internal firmware. It talks to, but is completely separate 
> from the main system cpu. It usually has control over bios settings and 
> can boot, power up and power down the whole system. Either serial rs232 
> or network external interface for communication, again, separate form 
> the main system processor and peripherals...

Sharing the host processor—similar to the console usage of the host 
processor on many VAX, Alpha, or Itanium systems—is rare for management 
processors. Harder to power the whole server (almost) all down, and 
harder to manage or unwedge or update the host processor if its shared 
with management.

iLO 2 follows the pattern described by chris, and the older iLO 2 was 
optionally-present¹ and separately orderable.

Other management interfaces are integrated on the mainboard as was 
mentioned, connected to both the processor and the network interface, 
and this pattern is becoming increasingly common as remote management 
becomes standard. Apple tapped its Xserve LOM off the NIC.

Other management systems can use an embedded CPU within the main 
processor², such as that provided with Intel vPro and with AMD PRO 
management. This is where we're headed with most systems. I'd still not 
expect to see the management processor share the main processor, 
though. It'll likely be some outboard RISC-V or other processor for 
management, and not reusing the main. But who can be sure?

++

It's not just processors within processors. There are processors all 
over modern computer designs, not the least of which are lurking within 
graphics controllers, and even USB "memory" sticks:
https://metabytezero.blogspot.com/2018/12/greetings-have-you-ever-dreamt-of.html 

And where there are processors, there can be—or are—vulnerabilities found:
https://github.com/embedi/amt_auth_bypass_poc
https://www.bleepingcomputer.com/news/security/malware-uses-obscure-intel-cpu-feature-to-steal-data-and-avoid-firewalls/ 

It would not be a great surprise to learn of malware targeting iLO, nor 
of yet more malware targeting OpenVMS.

++

¹I've swapped iLO 2 modules in older Integrity boxes, and I'd expect 
that adding an iLO module is possible in others shipped without. Though 
do check the iLO connection first. Sometimes sockets can get "left out" 
of board builds, depending on the hardware vendor. DEC did that 
sometimes, and sometimes filled sockets with epoxy to block usage. I 
don't know if HP did this for iLO, though. Check before ordering.

²What we used to think of as a single processor or more recently as a 
multi-core is increasingly now a heterogeneous collection of cores 
(including big.LITTLE designs for performance and efficiency common on 
Arm, ML-related support processors, and hybrid cores soon arriving on 
Intel x86-64 with Alder Lake), for embedded management processors 
(Intel vPro / AMT, AMD PRO, etc), and processors for communications and 
I/O reminiscent of IBM channel controllers.

-- 
Pure Personal Opinion | HoffmanLabs LLC 