You are viewing the 2025 edition of FOSDEM. Click here to view the 2026 edition
Building flashless servers with Open Source Firmware for higher security and better flexibility
UB4.136 | Day 1 | 11:50 - 12:10 | Speakers: Jean-Marie Verdun
Building flashless servers with Open Source Firmware for higher security and better flexibility
Abstract
We will cover into that talk a new proposal to design and distribute open source firmware in the datacenter world by relying on secure boot from a single component (the BMC) and extensive attestation from the remaining part of a server. The BMC will starts from a network boot and load all required firmware (from PCIe end points, to microcontroller) from a trusted source before starting target. This approach is currently implemented on HPE Gen11 servers which supports Open Source Firmware. Our goal is to enhance security by decoupling the firmware and hardware supply chain, and allowing easier update process.
Attachments
Speakers
Jean-Marie Verdun
Links
- CoreDHCP Discover plugin support for Automatic OpenBMC network distribution on BananaPI machines
- Automatic testing of systems running Open Source Firmware configuration through OpenBMC network boot device
- BananaPI R4 reference firmware with integrated coredhcp startup for automatic firmware distribution management
- Video recording (AV1/WebM) - 75.8 MB
- Video recording (MP4) - 426.0 MB
- Video recording subtitle file (VTT)
- Chat room(web)
- Chat room(app)
- Submit Feedback
External Links
Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.