Baseboard Management Key (B_Key)

Detailed Description of BaseBoard Manager and Related Topics

For a detailed description of the Baseboard Manager (BM) and related topics (e.g., BMA, MME, CME, and IB-ML), refer to “Baseboard Management” on page 987.

SA/BM Division of Labor

The SA—see “Subnet Administrator's Role” on page 176—provides basic discovery information that is common to all CAs. The SA does not provide information beyond this, such as:

• VPD (Vital Product Data).

• Chassis management data.

• Any other information under BM control.

This information is accessed and controlled by the Baseboard Manager (BM).

What Is the BM?

The BM is the software entity that manages hardware via BM messages (GMPs specifying the BM class). Refer to Figure 16-4 on page 341. Upon receipt by a port's GSI, BM-initiated messages are sent to a device's Baseboard Management Agent (BMA) for processing and the BMA forwards the BM MAD to the Module Management Entity (MME). In some cases, receipt of a BM MAD causes the MME to generate transactions on the IB Management Link (IB-ML. For more information, refer to “Baseboard Management” on page 987. IB-ML messages may, in turn, interface with the Chassis Management Entity (CME).

Some Information Accessed by the BM

Some attributes that are accessed by the BM include:

• Indication of IB-ML existence.

• Indication of whether the B_Key is stored in NV memory.

• The BKeyInfo elements:

  - B_Key.

  - B_KeyProtectBit.

  - B_KeyLeasePeriod.

  - B_KeyViolations.

• VPD (Vital Product Data). VPD, also referred to as Field Replaceable Unit information or FRU data, includes information for identifying the type and version information of a replaceable unit or an entire system. This often includes elements such as serial numbers and part numbers.

• Module, IOC, and IOU power management information.

• The current state of a module's LED indicators.

For a detailed description of the BM attributes, refer to “Baseboard Management” on page 987.

The Problem: Rogue BM Attempts Attribute Access

The BM for a subnet is the only BM permitted to manage the BM-oriented aspects (i.e., attributes) of the devices in that subnet. IBA includes a mechanism that enables a device to detect an attribute access attempt by a BM other than the one that originally configured it (i.e., the BM for that subnet).

Solution: Access Key Required

Each Device Has a B_Key Attribute

Each device has its own dedicated 64-bit BKeyInfo.B_Key attribute element.

Key Must Match to Access a Device's Attributes

In order to successfully access a device's BM-oriented attributes, the BM must supply the correct key (B_Key) in its GMP. The receiving port compares the B_Key in the GMP to the receiving device's B_Key attribute.

How Does a BM Access Attributes before B_Key Assignment?

Unless a device's B_Key is stored in NV memory, its initial state is zero. Any BM can access (and update) a device's BM-oriented attributes while the device's B_Key is zero.

B_Key Use Is Optional

Whether or not the BM chooses to assign B_Keys to the devices in the subnet is optional. If it doesn't assign B_Keys, all keys remain set to zero (assuming that the B_Keys assigned in a previous power-on session are not stored in NV memory) and no B_Key comparison is performed upon receipt of a BM GMP. The access is permitted.

Initial B_Key Assignment

A device's B_Key is initially assigned by the BM, then the BM includes that B_Key in any BM GMP issued to access any of the device's BM-oriented attributes.

Port's Treatment of BM GMP with Key Mismatch

Once a non-zero B_Key has been assigned to a device by the BM, a port silently drops BM GMPs containing a B_Key that doesn't match the one assigned to the device in its BKeyInfo.B_Key attribute element.

The Key Comparison

The B_Key comparison process uses the following elements:

• The B_Key contained in the BM GMP.

• The device's BKeyInfo.B_Key attribute element.

• The device's 1-bit BKeyInfo.B_KeyProtectBit attribute element.

Figure 16-5 on page 344 illustrates the B_Key comparison process performed by the destination device's BMA upon receipt of a BM GMP. The state of the B_KeyProtectBit affords different levels of access protection. Table 16-5 on page 345 and Table 16-6 on page 345 provide a description of the B_KeyProtectBit attribute settings. When initially powered up or reset, a device's B_Key, B_KeyProtectBit, and B_KeyLeasePeriod (covered in “Device Logic Detects Death of BM” on page 346) are either:

• cleared to zero if NV memory is not used or

• set to a value stored in NV memory.

Table 16-5. B_Key Protection Levels

B_Key	B_Key Protect Bit	Lease Period	Description
0	any	any	No protection provided. Any BM can issue Sets and Sends.
≠ 0	0	N/A	Protection provided, but allows BMs to read the B_Key in the device.
≠ 0	1	≠ 0	Protection provided. Doesn't allow anyone to read the device's B_Key until the lease period has expired. B_Key lease period is a mechanism that protects the B_Key for a given amount of time.
≠ 0	1	0	Protection provided. Doesn't allow the device's B_Key to be read by other BMs. If the lease period was set to 0 (infinite) and the BM that set it dies, other BMs cannot read the device's B_Key. If the B_Key cannot be provided to the other BMs using some method other than over IBA, the BMA of this device will never be accessible again.

Table 16-6. B_Key Check

B_Key	B_Key Protect Bit	Method Specified in BM MAD	Success?
0	any	any	Yes.
≠ 0	any	BMSet(), BMSend()	Yes if the MAD B_Key = BMA B_Key, otherwise the MAD is silently dropped.
≠ 0	0	BMGet()	Yes.
≠ 0	1	BMGet()	The read succeeds, but the B_Key value returned = 0.

Device Logic Detects Death of BM

General

Refer to Figure 16-6 on page 347. There is a timer implemented in each device (the BKeyInfo.B_KeyLeasePeriod attribute) to detect the death of a device's managing BM. It detects the cessation of BM-initiated GMP accesses to the device's attributes. This implies (and it is true) that the BM is expected to perform one or more accesses to each device's BM attributes on a regularly scheduled basis. Upon detecting this timeout, the device then permits any BM to access its attributes, thereby permitting another BM to take over the management of the device.

Starting the Countdown and Handling a Timeout

If a BM with the wrong B_Key attempts to access any of the device's attributes, the following actions are taken by the device:

• The device increments its BKeyInfo.B_KeyViolations counter by one.

• If the device supports traps and its ability to generate B_KeyViolation traps had previously been enabled by the BM, then the device sends a trap packet to inform the BM of the unauthorized access attempt. If the BM is still operational, it can then refresh the lease period timer in response to the receipt of the trap.

• If the lease period countdown has not expired, the device takes one the following actions:

  - If the lease period timeout had not previously been triggered to start its countdown, then it is triggered.

  - If the lease period countdown had previously been triggered, let it continue to count down.

• If the lease period has expired, the device clears its B_KeyProtectBit attribute to zero, thereby permitting another BM to access its attributes (including the B_Key value assigned to it by the previous BM).

Other B_Key-Related Matters

• The BM must set (i.e., write to) the attribute elements B_Key, B_KeyProtectBit, and B_KeyLeasePeriod using a single BMSet(BKeyInfo) MAD. Successful completion of the Set operation indicates that it has taken ownership of the device's BM-related resources.

• If it is not implemented, the B_KeyViolations counter value is FFFFh.

• At power up or reset, there are two possible cases:

  - If the B_Key, B_KeyProtectBit and B_KeyLeasePeriod are not saved in NV memory, they are cleared to zero.

  - Otherwise, they are set to the values stored in NV memory.

• When a device starts with the B_Key and B_KeyProtectBit values supplied from NV memory, but the TrapLID attribute = 0 (i.e., it was not yet set by the BM), then the CA has no BM to send a trap to if the lease period should expire.