Autonomous BMC Firmware Solution (Feiteng)

Solution Name: Autonomous BMC Firmware Solution (Feiteng)

Applicant Unit: Kunlun Taike (Beijing) Technology Co., Ltd.

Application Industry: Government and Security

Autonomous BMC Firmware Solution (Feiteng)

Solution Introduction

Market Background

The BMC system has extremely high management authority over server systems. The reliability, controllability, and security of the BMC system are crucial for ensuring the safety and controllability of China’s information infrastructure, especially in the fields of cybersecurity, key industries, and high-security areas.

The Kunlun BMC firmware, launched by Kunlun Taike (Beijing) Technology Co., Ltd. (hereinafter referred to as “Kunlun Taike”), features a cross-platform, modular, and highly secure architecture, supporting autonomous and controllable BMC firmware across multiple platforms. The Kunlun BMC firmware not only supports the AST series BMC chips from Taiwan-based company Xin Hua, which are widely used in the commercial market, but also supports Feiteng BMC chips, constructing an autonomous, secure, and reliable BMC system solution. The launch of the Autonomous Kunlun BMC Firmware Solution (Feiteng) signifies a significant breakthrough in China’s efforts to innovate and ensure the safety and reliability of server system information infrastructure, eliminating the risk of being “choked” by external dependencies.

The Kunlun BMC firmware supports key BMC features such as iKVM, media mounting, NCSI, SOL, sensor monitoring, fan control, PSU management, I2C control, GPIO control, and further supports software functionalities including web pages, event logs, SNMP alarms, email alerts, host information management, peripheral management, thermal control, user management, time management, security management, session management, and certificate management. It also supports communication interfaces such as network, LPC, IPMB, and protocols including IPMI, RedFish, SNMP, SMTP, LDAP, NTP, SSH, completely matching and replacing the BMC firmware products from the American company AMI.

Technical Application Status

The BMC (Baseboard Management Controller) system of servers is a control unit with independent power supply and I/O interfaces deployed on servers, enabling monitoring of server operational status and executing functions such as obtaining server operational information, controlling hardware and software resources, network configuration, detailed operational information, software deployment, user management, and security management. The core components of the BMC system mainly include hardware (BMC chips) and software (BMC firmware). The BMC hardware is the “skeleton”, while the BMC firmware is the “soul”. The BMC system has extremely high management authority over server systems. Once the BMC system is compromised, an attacker can exploit the permissions obtained to perform illegal operations, including gaining disk access, introducing backdoor programs, stealing data, etc., leading to serious security consequences. Therefore, China must achieve an autonomous, controllable, reliable, and secure BMC system.

The Kunlun BMC firmware produced by Kunlun Taike uses the Kunlun SMC architecture and has three major advantages: high security, modularity, and cross-platform compatibility, enabling an autonomous and high-security server BMC system solution.

Autonomous BMC Firmware Solution (Feiteng)

The Kunlun Meta Engine (KME) includes a unified platform engine, modular management engine, and security support engine.

The unified platform engine abstracts and packages BMC chips, motherboards, peripherals, and other hardware from different architectures/models to provide a standard interface for accessing the functional modules of the Kunlun BMC firmware, enabling support for Feiteng domestic BMC chips, while also supporting the AST series commercial BMC chips from Taiwan’s Xin Hua, achieving a single core code architecture for Kunlun BMC firmware that adapts to various types of BMC hardware and server hardware devices.

The modular management engine manages the granular code component structure of Kunlun BMC functional points, establishing a component description system and building a functional module management library, achieving fine-grained modularization and structuring of Kunlun BMC firmware functional modules, and enabling flexible assembly.

The security support engine provides the basic driving engine for implementing security functions of Kunlun BMC firmware, allowing Kunlun BMC firmware security functional modules to utilize underlying security hardware, including trusted hardware modules, security cores, encryption chips, etc., to achieve comprehensive security functionalities.

On top of the Kunlun Meta Engine layer, Kunlun BMC has built a rich set of general modules, custom modules, security modules, and the Kunlun BMC toolset, achieving fine-grained modularization and decoupling of code, and enabling flexible assembly. Coupled with Kunlun Taike’s technical strength and a well-experienced R&D team, it can quickly, efficiently, and qualitatively meet the customized development needs of industry users based on various application scenarios and modes; the Kunlun BMC security module covers multiple security aspects and functional areas, including operational security, user security, data security, certificate security, session security, secure updates, trusted computing V3.0, policy management, etc., ensuring the BMC system is secure and reliable; the Kunlun BMC toolset includes essential tools for BMC system development, production, and testing, such as automated testing tools, production line tools, update tools, and configuration tools, ensuring the efficiency, safety, and reliability of BMC systems based on Kunlun BMC firmware.

Solution Implementation Status

BMC system business requirements include:

1. In terms of compatibility, it supports both Xin Hua’s AST series BMC chips and Feiteng BMC chips.

2. In terms of management and monitoring, it has server health status monitoring, real-time monitoring and handling of server faults/exceptions, server system event log recording and configuration, power status monitoring and control, etc.

3. In terms of out-of-band management, it has a web management interface that supports displaying server management information through a browser, including login interface, firmware information display interface, power control interface, sensor information display interface, system event log display interface, network and serial port configuration interface, user management interface, firmware update interface, KVM interface, etc.; it has iKVM functionality, supporting the transmission of server-side video data and mouse/keyboard data to remote management hosts over the network, with a resolution of no less than 1280*1024 and a frame rate of no less than 16FPS.

4. In terms of security features, it has secure login, secure communication, identity verification, and measurement verification functionalities.

Main Application Scenarios of the BMC System:

The BMC system solution based on Kunlun BMC firmware has application scenario versions in various fields including party politics, national defense and industry, finance, telecommunications, and the internet. The Kunlun BMC products using this solution have already been adopted by dozens of manufacturers, including Inspur, Lenovo, Tongfang, Sugon, Great Wall, Baode, Dahua, Baolongda, Lianda, and China Aerospace Science and Industry Corporation 706 Institute, meeting the functional application needs of server devices BMC in large data centers and core information service systems, and satisfying security application needs such as preventing malicious tampering, user account security management, scene login restrictions, certificate management, log management, and secure data transmission.

Demonstration and Promotion Value

The Kunlun BMC firmware and the autonomous BMC system solution based on it are used for remote management and control of massive server devices, supporting users to achieve centralized monitoring and management of massive server devices, such as monitoring the system’s temperature, voltage, fans, power, etc., and making corresponding adjustments to ensure the system is in a healthy state. Since BMC has the highest authority for remote management of servers, using non-domestic autonomous products for the core infrastructure of operational information systems poses significant security risks. Therefore, adopting the autonomous, controllable, secure, and reliable Kunlun BMC firmware can effectively enhance the autonomous control, security, and reliability of information server systems in China’s party politics, national defense and industry, and key core industry sectors.

The Kunlun BMC firmware and the autonomous BMC system solution based on it can not only be applied in fields such as party affairs and government affairs, national defense and industry, and high-security demand areas, but also radiate applications in key industry sectors such as finance, telecommunications, energy, transportation, electricity, healthcare, education, and public utilities, effectively replacing the foreign BMC systems currently used in Chinese server devices, achieving autonomous, secure, reliable, and controllable core equipment for information systems, meeting application and security needs for information systems in related fields, and providing strong and effective guarantees for the healthy and rapid development of China’s information systems, generating good social and economic benefits.

Applicant Unit Introduction

Autonomous BMC Firmware Solution (Feiteng)

Kunlun Taike (Beijing) Technology Co., Ltd. (abbreviated as “Kunlun Taike”, formerly known as China Electronics Technology (Beijing) Co., Ltd.) was established in April 2005. It is a national-level specialized and innovative “Little Giant” enterprise, a high-tech enterprise in Beijing, a specialized and innovative small and medium-sized enterprise, and a specialized and innovative “Little Giant” enterprise. Kunlun Taike mainly provides autonomous Kunlun firmware series products and information system quality assurance services led by third-party evaluations of application software for core fields related to national strategic security and important industries related to the national economic lifeline.

About the Green Computing Industry Alliance

Since its establishment in 2016, the Green Computing Industry Alliance has aimed to collaboratively build a green, open, autonomous, and shared ecosystem, dedicated to promoting the development of the green computing industry, establishing a platform for industrial exchange and cooperation, and enhancing enterprises in areas such as PCs, servers, storage, operating systems, and databases. It has become a global alliance with the most complete Arm infrastructure server chip partners, including Kunpeng, Feiteng, Ampere, and Marvell.

Autonomous BMC Firmware Solution (Feiteng)

Leave a Comment