search

kendallgoto / ilo4_unlock

A toolkit for patching HPE's iLO 4 Firmware with access to previously inaccessible utilities
GNU General Public License v3.0
316 stars 42 forks source link

Bringing patches to v2.78 and above #12

Open kendallgoto opened 5 months ago

kendallgoto commented 5 months ago

(Carrying over discussion from #11)

In v2.78, the fan tool was substantially altered, with most of its feature code removed. In v2.79, it was fully removed (https://github.com/kendallgoto/ilo4_unlock/blob/main/research/2022-02-18-building-279.md).

As such, this repo currently maintains versions up to v2.77. This presents a choice for users - either risk potential security vulnerabilities, etc., patched upstream by using an out of date iLO version, or lose the ability to control the fan system of their blade.

Work is proposed to begin patching later versions, either by carrying the <=v2.77 versions' fan CLI system, create builds that directly modify baked curves, or create a system to dynamically modify these curves with a new interface. Based on user input, a few different areas are proposed that can be modified in future FW:

Although the fan CLI was fully removed, it is unlikely that these underlying systems outright do not exist in iLO 4 v2.78+ (although, I was skeptical that some of the iLO 4 fan control components were replaced by iLO 5 components in v2.79, I am not sure if that is the case).

draknyte1 commented 5 months ago

Going to get some thoughts out here.

I’ve got G8DL360Ps, G8DL380Ps, G8DL380E, G8DL560 and G9DL380s.

Sensor IDs reporting in the ILO web UI are all offset by one, right? UI reports HD Controller in G8DL380P as 25, fan info reports as 24.

One thing I’ve always struggled with is understanding how people best use the fan tool. Some opt to disable sensors, some offsets, some lo curve.. I personally just set the p max to an audibly tolerable level and that’s it. I’d say it’s worth first figuring out this in some way, so that we know what’s best when creating bake tooling.

I’d like to try take a poke at this, at least trying to bake firmware that just sets fan p max to 80 for every fan. (It’s a small start, I guess?)

razvanphp commented 3 months ago

Thank you for all the work on this project, really appreciated!

Can we add to the list the investigation for web UI patch as you mentioned here? It would be nice to have the latest iLo version and settings natively in the web interface. Not sure how this would survive reboots, but still, maybe the native API has persistence too.

PS: can ChatGPT help now with the reverse engineering?

kendallgoto commented 3 months ago

good callout, thanks for the reminder.

understanding the disassembly isn't particularly hard, most of the energy is figuring out how the components work together, which I imagine is too wide of a context piece for an LLM that isn't custom trained for it. it's an interesting application use case regardless though. there's a lot of subtlety in reading the disassembly around knowing both what the original programmer was thinking & what the compiler was thinking. it would be cool to capture that subtlety in a model, even if the overall puzzle is too wide to compute as a whole.