Here some more details on how the USB virtual NIC works:

Sources

https://events.static.linuxfound.org= /sites/events/files/slides/USB%20Gadget%20Configfs%20API_0.pdf

https://developer.toradex.com/knowledge-base/usb-device-= mode-(linux)

Build Configuration

linux/arch/arm/boot/dts/aspeed-= bmc-[machine].dts

+&vhub {

+ =C2=A0 =C2=A0 =C2=A0 status =3D "= okay";

+};

gbmc/[...]/recipes-kernel/linux/linux-aspeed/[machine].cfg=

+# E= nable virtual USB NIC

+CONFIG_USB_CONFIGFS_ECM=3Dy

+CONFIG_USB_CONFIGF= S_ECM_SUBSET=3Dy

BMC Runtime Configuration

See attached=C2=A0us= b_network.sh. This needs to be executed at startup. Obviously, you'll n= eed to replace the vendor and product ID as well as the strings with someth= ing different.

Network configuration needs to go into /etc/systemd/network. See attached= =C2=A000-bmc-usb0.network.

Host Runtime Configuration

As soon as the BMC is booted, the host should see th= e BMC as an additional USB hub.

The last command on the BMC will cause an actual USB device to be visib= le to the host. If it does not get auto-loaded, load the cdc_ether driver m= anually. Once loaded, this adds a "usb0" network interface on the= host that can be configured like any other Ethernet device:

ifconfig usb= 0 169.254.254.1 netmask 255.255.255.0 up

From here on you can then ex= ecute SSH / SCP from the host to the local BMC. However, for=C2=A0phosphor-= ipmi-flash, it might be better to implement a new TCP-based method right in= phosphor-ipmi-flash both on the BMC and the host side. The important bit i= s that whatever method you use, it must only stage the image to /tmp where= =C2=A0phosphor-ipmi-flash-bios-verify.target can then pick it up for verifi= cation. You certainly don't want to have root-level access from the hos= t to the BMC as that would allow the host to take ownership of the BMC.

Oskar.

On Wed, Sep 11, 2019 at = 11:23 AM Oskar Senft <osk@google.com> wrote:

Hi Harry

I've done some experimen= ts with the USB virtual NIC on the AST2500 and found that to work rather ni= cely.

We're currently investigating in my team= to use that interface as the primary method for transferring data between = the host and the BMC. From what I can tell, this seems to be the=C2=A0faste= st, most secure method. The advantage also is that it doesn't need any = low-level HW / memory access on the host. However, the host still needs to = have the USB NIC on its side supported (driver) and configured (IP address)= . For our environment (Linux), this is easy to achieve.

It should be possible to update the phosphor-ipmi-flash BMC and host = side implementation to use a USB NIC for data transfer. However, we haven&#= 39;t investigated those details yet.

Other methods= for data transfer (LPC, PCIe, eSPI, SuperI/O) all seem to open up a large = security hole in the AST2500.

Oskar.

On Wed, Sep 11, 2019 at 10:45 AM Patrick Venture <venture@google.com> wrote:
<= /div>
On Wed, Sep 11, 2019= at 1:59 AM Harry Sung1 <hsung1@lenovo.com> wrote:
>
>
> > On Mon, Sep 9, 2019 at 7:01 AM Oskar Senft <osk@google.com> wrote:
> > >
> > > Hi Harry
> > >
> > > What's the behavior on eSPI? I assume you still have the= aspeed-lpc-ctrl
> > enabled, right?
> > >
> > > Thanks
> > > Oskar.
>
> Hi Oskar,
> Yes, I still enabled the aspeed-lpc-ctrl in my build. Because phosphor= -ipmi-flash has some mandatory actions on /dev/aspeed-lpc-ctrl before flash= (settings for HICR5, HICR7 and HICR8) even though these settings are meani= ngless for eSPI.
>
> Currently, I set ESPI084 (source address) and ESPI088 (target address)= registers manually because linux seems not have a driver can help us to se= t ESPI084 and ESPI088.
>
> Due to the limitation of AST2500, we can only write 256 bytes in one w= rite operation (write shared memory).
> Based on the test result, it takes about 30 mins to transfer a 32MB im= age over eSPI.

:( wow, that's unfortunately rather slow.

>
> Thanks,
> Harry
> > >
> > > On Mon, Sep 9, 2019 at 4:41 AM Harry Sung1 <hsung1@lenovo.com> wrote:<= br> > > >>
> > >> Hi Patrick,
> > >>
> > >>
> > >>
> > >> I found =E2=80=9Cphosphor-ipmi-flash=E2=80=9D have not s= upport flash over eSPI yet.
> > >>
> > >> May I ask if you have any plans to support flash over eS= PI?
> > >>
> > >>
> > >>
> > >> I have done a simple test about shared memory between ho= st and BMC :
> > >>
> > >> The shared memory is work after I set ESPI084 (source ad= dress) and ESPI088
> > (target address) registers.
> > >>
> > >> But it has an limitation that only 256 bytes are availab= le on each page (4KB).
> > >>
> > >>
> > >> For example, if host address starts to write from 0xFE0B= 0000 (BMC
> > >> reserved enough memory already)
> > >>
> > >> Writable area are:
> > >>
> > >> 0xFE0B0000 ~ 0xFE0B00FF
> > >>
> > >> 0xFE0B1000 ~ 0xFE0B10FF
> > >>
> > >> 0xFE0B2000 ~ 0xFE0B20FF
> > >>
> > >> 0xFE0B3000 ~ 0xFE0B30FF
> > >>
> > >> =E2=80=A6
> > >>
> > >> =E2=80=A6
> > >>
> > >> =E2=80=A6
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> Thanks,
> > >> Harry
> >
> > Harry, currently there's no plan to implement it as I have no= method of testing
> > it,=C2=A0 However, it should prove fairly straightforward to add = another option to
> > the transport mechanism list.=C2=A0 Please let me know if you run= into any
> > blockers.
>
> Hi Patrick,
> Got it. The better way to set eSPI register is setting them by the dri= ver, right?
> For quick validation, I am going to use the " ipmilpc" inter= face and set necessary eSPI registers manually.

I don't know as much about the eSPI variation of this.=C2=A0 ipmilpc us= es
whatever LPC memory shared option is available (in coordination with
the host+bmc).=C2=A0 If eSPI doesn't use the aspeed-lpc-ctrl driver for=
what it needs, then perhaps a new option should be added ipmiespi?

>
> Thanks,
> Harry