1IPMI-FRU(8)                     System Commands                    IPMI-FRU(8)
2
3
4

NAME

6       ipmi-fru - display FRU information
7

SYNOPSIS

9       ipmi-fru [OPTION...]
10

DESCRIPTION

12       Ipmi-fru displays Field Replaceable Unit (FRU) Information. The FRU may
13       hold a variety of information, such as device information, hardware in‐
14       formation, serial numbers, and part numbers.
15
16       Listed  below  are general IPMI options, tool specific options, trouble
17       shooting information, workaround information, examples, and  known  is‐
18       sues. For a general introduction to FreeIPMI please see freeipmi(7).
19

GENERAL OPTIONS

21       The following options are general options for configuring IPMI communi‐
22       cation and executing general tool commands.
23
24       -D IPMIDRIVER, --driver-type=IPMIDRIVER
25              Specify the driver type to use instead of doing an  auto  selec‐
26              tion.   The  currently  available  outofband drivers are LAN and
27              LAN_2_0, which perform IPMI 1.5 and IPMI 2.0  respectively.  The
28              currently  available  inband  drivers  are  KCS, SSIF, OPENIPMI,
29              SUNBMC, and INTELDCMI.
30
31       --disable-auto-probe
32              Do not probe in-band IPMI devices for default settings.
33
34       --driver-address=DRIVER-ADDRESS
35              Specify the in-band driver address to be  used  instead  of  the
36              probed  value. DRIVER-ADDRESS should be prefixed with "0x" for a
37              hex value and '0' for an octal value.
38
39       --driver-device=DEVICE
40              Specify the in-band driver device path to be used instead of the
41              probed path.
42
43       --register-spacing=REGISTER-SPACING
44              Specify  the  in-band  driver  register  spacing  instead of the
45              probed value. Argument is in bytes (i.e. 32bit register  spacing
46              = 4)
47
48       --target-channel-number=CHANNEL-NUMBER
49              Specify  the  in-band  driver target channel number to send IPMI
50              requests to.
51
52       --target-slave-address=SLAVE-ADDRESS
53              Specify the in-band driver target slave number to send IPMI  re‐
54              quests to.
55
56       -h      IPMIHOST1,IPMIHOST2,...,      --hostname=IPMIHOST1[:PORT],IPMI‐
57       HOST2[:PORT],...
58              Specify the remote host(s) to communicate with.  Multiple  host‐
59              names  may  be separated by comma or may be specified in a range
60              format; see HOSTRANGED SUPPORT below. An optional  port  can  be
61              specified with each host, which may be useful in port forwarding
62              or similar situations.  If specifying an IPv6 address and  port,
63              use the format [ADDRESS]:PORT.
64
65       -u USERNAME, --username=USERNAME
66              Specify  the username to use when authenticating with the remote
67              host.  If not specified, a null (i.e. anonymous) username is as‐
68              sumed.  The  user must have atleast USER privileges in order for
69              this tool to operate fully.
70
71       -p PASSWORD, --password=PASSWORD
72              Specify the password to use when authenticationg with the remote
73              host.   If  not  specified,  a null password is assumed. Maximum
74              password length is 16 for IPMI 1.5 and 20 for IPMI 2.0.
75
76       -P, --password-prompt
77              Prompt for password  to  avoid  possibility  of  listing  it  in
78              process lists.
79
80       -k K_G, --k-g=K_G
81              Specify  the K_g BMC key to use when authenticating with the re‐
82              mote host for IPMI 2.0. If not specified, a null key is assumed.
83              To  input  the  key  in hexadecimal form, prefix the string with
84              '0x'. E.g., the key 'abc' can be entered  with  the  either  the
85              string 'abc' or the string '0x616263'
86
87       -K, --k-g-prompt
88              Prompt  for  k-g  to  avoid possibility of listing it in process
89              lists.
90
91       --session-timeout=MILLISECONDS
92              Specify the session timeout in milliseconds. Defaults  to  20000
93              milliseconds (20 seconds) if not specified.
94
95       --retransmission-timeout=MILLISECONDS
96              Specify  the  packet retransmission timeout in milliseconds. De‐
97              faults to 1000 milliseconds (1 second) if not specified. The re‐
98              transmission timeout cannot be larger than the session timeout.
99
100       -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
101              Specify  the  IPMI 1.5 authentication type to use. The currently
102              available authentication types are NONE,  STRAIGHT_PASSWORD_KEY,
103              MD2, and MD5. Defaults to MD5 if not specified.
104
105       -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
106              Specify the IPMI 2.0 cipher suite ID to use. The Cipher Suite ID
107              identifies a set of authentication, integrity, and confidential‐
108              ity  algorithms to use for IPMI 2.0 communication. The authenti‐
109              cation algorithm identifies the algorithm  to  use  for  session
110              setup,  the  integrity algorithm identifies the algorithm to use
111              for session packet signatures, and the confidentiality algorithm
112              identifies the algorithm to use for payload encryption. Defaults
113              to cipher suite ID 3 if  not  specified.  The  following  cipher
114              suite ids are currently supported:
115
116              0 - Authentication Algorithm = None; Integrity Algorithm = None;
117              Confidentiality Algorithm = None
118
119              1 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm  =
120              None; Confidentiality Algorithm = None
121
122              2  - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
123              HMAC-SHA1-96; Confidentiality Algorithm = None
124
125              3 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm  =
126              HMAC-SHA1-96; Confidentiality Algorithm = AES-CBC-128
127
128              6  -  Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
129              None; Confidentiality Algorithm = None
130
131              7 - Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
132              HMAC-MD5-128; Confidentiality Algorithm = None
133
134              8  -  Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
135              HMAC-MD5-128; Confidentiality Algorithm = AES-CBC-128
136
137              11 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm  =
138              MD5-128; Confidentiality Algorithm = None
139
140              12  - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
141              MD5-128; Confidentiality Algorithm = AES-CBC-128
142
143              15 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
144              = None; Confidentiality Algorithm = None
145
146              16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
147              = HMAC_SHA256_128; Confidentiality Algorithm = None
148
149              17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
150              = HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128
151
152       -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
153              Specify  the privilege level to be used. The currently available
154              privilege levels are USER, OPERATOR, and ADMIN. Defaults to USER
155              if not specified.
156
157       --config-file=FILE
158              Specify an alternate configuration file.
159
160       -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
161              Specify  workarounds to vendor compliance issues. Multiple work‐
162              arounds can be specified separated by commas. A special  command
163              line flag of "none", will indicate no workarounds (may be useful
164              for overriding configured defaults). See WORKAROUNDS below for a
165              list of available workarounds.
166
167       --debug
168              Turn on debugging.
169
170       -?, --help
171              Output a help list and exit.
172
173       --usage
174              Output a usage message and exit.
175
176       -V, --version
177              Output the program version and exit.
178

IPMI-FRU OPTIONS

180       The following options are specific to ipmi-fru.
181
182       -e, --device-id=IDNUM
183              Specify a specific FRU device ID.
184
185       -v, --verbose
186              Increase verbosity in output to include additional output.
187
188       --bridge-fru
189              By  default, FRU entries on other satellite controllers will not
190              be read by  default.  Bridging  may  not  work  on  some  inter‐
191              faces/driver types.
192
193       --interpret-oem-data
194              Attempt  to interpret OEM data, such as event data, sensor read‐
195              ings, or general extra info, etc. If an  OEM  interpretation  is
196              not available, the default output will be generated. Correctness
197              of OEM interpretations cannot be  guaranteed  due  to  potential
198              changes OEM vendors may make in products, firmware, etc. See OEM
199              INTERPRETATION below for confirmed supported motherboard  inter‐
200              pretations.
201
202       --fru-file=FILENAME
203              Output  data from the specified FRU binary file instead of read‐
204              ing FRU data off of a board.
205

SDR CACHE OPTIONS

207       This tool requires access to the sensor data repository (SDR) cache for
208       general  operation.  By default, SDR data will be downloaded and cached
209       on the local machine. The following options apply to the SDR cache.
210
211       --flush-cache
212              Flush a cached version  of  the  sensor  data  repository  (SDR)
213              cache. The SDR is typically cached for faster subsequent access.
214              However, it may need to be flushed and re-generated if  the  SDR
215              has been updated on a system.
216
217       --quiet-cache
218              Do  not output information about cache creation/deletion. May be
219              useful in scripting.
220
221       --sdr-cache-recreate
222              If the SDR cache is out of date or invalid, automatically recre‐
223              ate  the  sensor data repository (SDR) cache. This option may be
224              useful for scripting purposes.
225
226       --sdr-cache-file=FILE
227              Specify a specific sensor data repository (SDR) cache file to be
228              stored  or read from. If this option is used when multiple hosts
229              are specified, the same SDR cache file  will  be  used  for  all
230              hosts.
231
232       --sdr-cache-directory=DIRECTORY
233              Specify  an alternate directory for sensor data repository (SDR)
234              caches to be stored or read from. Defaults to the home directory
235              if not specified.
236
237       --ignore-sdr-cache
238              Ignore  SDR  cache related processing. May lead to incomplete or
239              less useful information being  output,  however  it  will  allow
240              functionality  for  systems without SDRs or when the correct SDR
241              cannot be loaded.
242

TIME OPTIONS

244       By IPMI definition, all IPMI times and timestamps are stored in  local‐
245       time. However, in many situations, the timestamps will not be stored in
246       localtime. Whether or not a system truly stored the timestamps  in  lo‐
247       caltime varies on many factors, such as the vendor, BIOS, and operating
248       system.  The following options will allow the user to adjust the inter‐
249       pretation of the stored timestamps and how they should be output.
250
251       --utc-to-localtime
252              Assume  all  times are reported in UTC time and convert the time
253              to localtime before being output.
254
255       --localtime-to-utc
256              Convert all localtime timestamps to UTC before being output.
257
258       --utc-offset=SECONDS
259              Specify a specific UTC offset in seconds to be  added  to  time‐
260              stamps.   Value can range from -86400 to 86400 seconds. Defaults
261              to 0.
262

HOSTRANGED OPTIONS

264       The following options manipulate hostranged output. See HOSTRANGED SUP‐
265       PORT below for additional information on hostranges.
266
267       -B, --buffer-output
268              Buffer  hostranged output. For each node, buffer standard output
269              until the node has completed its IPMI operation. When specifying
270              this  option, data may appear to output slower to the user since
271              the the entire IPMI operation must complete before any data  can
272              be output.  See HOSTRANGED SUPPORT below for additional informa‐
273              tion.
274
275       -C, --consolidate-output
276              Consolidate hostranged output. The complete standard output from
277              every  node  specified  will  be consolidated so that nodes with
278              identical output are not output twice. A header will list  those
279              nodes  with  the consolidated output. When this option is speci‐
280              fied, no output can be seen until the  IPMI  operations  to  all
281              nodes  has  completed.  If  the  user  breaks out of the program
282              early, all currently consolidated output  will  be  dumped.  See
283              HOSTRANGED SUPPORT below for additional information.
284
285       -F NUM, --fanout=NUM
286              Specify multiple host fanout. A "sliding window" (or fanout) al‐
287              gorithm is used for parallel IPMI communication so  that  slower
288              nodes or timed out nodes will not impede parallel communication.
289              The maximum number of threads available at the same time is lim‐
290              ited by the fanout. The default is 64.
291
292       -E, --eliminate
293              Eliminate  hosts  determined  as undetected by ipmidetect.  This
294              attempts to remove the common issue of hostranged execution tim‐
295              ing  out  due  to  several nodes being removed from service in a
296              large cluster. The ipmidetectd daemon must  be  running  on  the
297              node executing the command.
298
299       --always-prefix
300              Always prefix output, even if only one host is specified or com‐
301              municating in-band. This option is primarily useful for  script‐
302              ing  purposes.  Option  will be ignored if specified with the -C
303              option.
304

HOSTRANGED SUPPORT

306       Multiple hosts can be input either as an explicit comma separated lists
307       of  hosts  or  a  range of hostnames in the general form: prefix[n-m,l-
308       k,...], where n < m and l < k, etc. The later form should not  be  con‐
309       fused  with  regular expression character classes (also denoted by []).
310       For example, foo[19] does not represent foo1 or foo9, but rather repre‐
311       sents a degenerate range: foo19.
312
313       This  range  syntax  is  meant only as a convenience on clusters with a
314       prefixNN naming convention and specification of ranges  should  not  be
315       considered  necessary -- the list foo1,foo9 could be specified as such,
316       or by the range foo[1,9].
317
318       Some examples of range usage follow:
319           foo[01-05] instead of foo01,foo02,foo03,foo04,foo05
320           foo[7,9-10] instead of foo7,foo9,foo10
321           foo[0-3] instead of foo0,foo1,foo2,foo3
322
323       As a reminder to the reader, some shells will interpret brackets ([ and
324       ])  for  pattern matching. Depending on your shell, it may be necessary
325       to enclose ranged lists within quotes.
326
327       When multiple hosts are specified by the user, a thread  will  be  exe‐
328       cuted  for each host in parallel up to the configured fanout (which can
329       be adjusted via the -F option). This will allow communication to  large
330       numbers of nodes far more quickly than if done in serial.
331
332       By  default,  standard  output  from each node specified will be output
333       with the hostname prepended to each line. Although this output is read‐
334       able  in  many  situations, it may be difficult to read in other situa‐
335       tions. For example, output from multiple nodes may be  mixed  together.
336       The -B and -C options can be used to change this default.
337
338       In-band  IPMI  Communication  will be used when the host "localhost" is
339       specified. This allows the user to add  the  localhost  into  the  hos‐
340       tranged output.
341

GENERAL TROUBLESHOOTING

343       Most often, IPMI problems are due to configuration problems.
344
345       IPMI  over  LAN  problems  involve a misconfiguration of the remote ma‐
346       chine's BMC.  Double check to make sure the  following  are  configured
347       properly  in  the remote machine's BMC: IP address, MAC address, subnet
348       mask, username, user enablement, user privilege, password,  LAN  privi‐
349       lege,  LAN enablement, and allowed authentication type(s). For IPMI 2.0
350       connections, double check to make sure the  cipher  suite  privilege(s)
351       and  K_g  key  are  configured properly. The ipmi-config(8) tool can be
352       used to check and/or change these configuration settings.
353
354       Inband IPMI problems are  typically  caused  by  improperly  configured
355       drivers or non-standard BMCs.
356
357       In  addition  to the troubleshooting tips below, please see WORKAROUNDS
358       below to also if there are any vendor specific bugs that have been dis‐
359       covered and worked around.
360
361       Listed below are many of the common issues for error messages.  For ad‐
362       ditional support, please e-mail  the  <freeipmi-users@gnu.org>  mailing
363       list.
364
365       "username  invalid"  - The username entered (or a NULL username if none
366       was entered) is not available on the remote machine.  It  may  also  be
367       possible the remote BMC's username configuration is incorrect.
368
369       "password  invalid"  - The password entered (or a NULL password if none
370       was entered) is not correct. It may also be possible the  password  for
371       the user is not correctly configured on the remote BMC.
372
373       "password  verification timeout" - Password verification has timed out.
374       A "password invalid" error (described  above)  or  a  generic  "session
375       timeout" (described below) occurred.  During this point in the protocol
376       it cannot be differentiated which occurred.
377
378       "k_g invalid" - The K_g key entered (or a NULL K_g key if none was  en‐
379       tered)  is not correct. It may also be possible the K_g key is not cor‐
380       rectly configured on the remote BMC.
381
382       "privilege level insufficient" - An IPMI command requires a higher user
383       privilege  than  the one authenticated with. Please try to authenticate
384       with a higher privilege. This may require authenticating to a different
385       user which has a higher maximum privilege.
386
387       "privilege  level  cannot  be  obtained  for this user" - The privilege
388       level you are attempting to authenticate with is higher than the  maxi‐
389       mum  allowed for this user. Please try again with a lower privilege. It
390       may also be possible the maximum privilege level allowed for a user  is
391       not configured properly on the remote BMC.
392
393       "authentication  type  unavailable for attempted privilege level" - The
394       authentication type you wish to authenticate with is not available  for
395       this privilege level. Please try again with an alternate authentication
396       type or alternate privilege level. It may also be possible  the  avail‐
397       able  authentication  types you can authenticate with are not correctly
398       configured on the remote BMC.
399
400       "cipher suite id unavailable" - The cipher suite id you wish to authen‐
401       ticate  with  is not available on the remote BMC. Please try again with
402       an alternate cipher suite id. It may also be possible the available ci‐
403       pher suite ids are not correctly configured on the remote BMC.
404
405       "ipmi  2.0 unavailable" - IPMI 2.0 was not discovered on the remote ma‐
406       chine. Please try to use IPMI 1.5 instead.
407
408       "connection timeout" - Initial IPMI communication failed. A  number  of
409       potential errors are possible, including an invalid hostname specified,
410       an IPMI IP address cannot be resolved, IPMI is not enabled on  the  re‐
411       mote server, the network connection is bad, etc. Please verify configu‐
412       ration and connectivity.
413
414       "session timeout" - The IPMI session has timed out.  Please  reconnect.
415       If this error occurs often, you may wish to increase the retransmission
416       timeout. Some remote BMCs are considerably slower than others.
417
418       "device not found" - The specified device could not  be  found.  Please
419       check configuration or inputs and try again.
420
421       "driver  timeout"  -  Communication with the driver or device has timed
422       out. Please try again.
423
424       "message timeout" - Communication with the driver or device  has  timed
425       out. Please try again.
426
427       "BMC  busy"  - The BMC is currently busy. It may be processing informa‐
428       tion or have too many simultaneous sessions to manage. Please wait  and
429       try again.
430
431       "could  not  find inband device" - An inband device could not be found.
432       Please check configuration or specify specific device or driver on  the
433       command line.
434
435       "driver timeout" - The inband driver has timed out communicating to the
436       local BMC or service processor. The BMC or  service  processor  may  be
437       busy or (worst case) possibly non-functioning.
438
439       "internal  IPMI  error" - An IPMI error has occurred that FreeIPMI does
440       not know how to handle. Please e-mail <freeipmi-users@gnu.org>  to  re‐
441       port the issue.
442

WORKAROUNDS

444       With  so  many different vendors implementing their own IPMI solutions,
445       different vendors may implement their IPMI protocols  incorrectly.  The
446       following describes a number of workarounds currently available to han‐
447       dle discovered compliance issues. When possible, workarounds have  been
448       implemented so they will be transparent to the user. However, some will
449       require the user to specify a workaround be used via the -W option.
450
451       The hardware listed below may only indicate the hardware that a problem
452       was  discovered on. Newer versions of hardware may fix the problems in‐
453       dicated below. Similar machines from vendors may or may not exhibit the
454       same  problems.  Different  vendors may license their firmware from the
455       same IPMI firmware developer, so it may  be  worthwhile  to  try  work‐
456       arounds listed below even if your motherboard is not listed.
457
458       If  you  believe  your hardware has an additional compliance issue that
459       needs a workaround to be implemented, please contact the FreeIPMI main‐
460       tainers on <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
461
462       assumeio  - This workaround flag will assume inband interfaces communi‐
463       cate with system I/O rather than being memory-mapped.  This  will  work
464       around  systems  that report invalid base addresses. Those hitting this
465       issue may see "device not supported" or "could not find inband  device"
466       errors.  Issue observed on HP ProLiant DL145 G1.
467
468       spinpoll  -  This workaround flag will inform some inband drivers (most
469       notably the KCS driver) to spin while polling rather than  putting  the
470       process to sleep. This may significantly improve the wall clock running
471       time of tools because an operating system scheduler's  granularity  may
472       be  much larger than the time it takes to perform a single IPMI message
473       transaction. However, by spinning, your system may be  performing  less
474       useful work by not contexting out the tool for a more useful task.
475
476       authcap  - This workaround flag will skip early checks for username ca‐
477       pabilities, authentication capabilities, and K_g support and allow IPMI
478       authentication to succeed. It works around multiple issues in which the
479       remote system does not properly report username capabilities, authenti‐
480       cation  capabilities,  or  K_g status. Those hitting this issue may see
481       "username invalid",  "authentication  type  unavailable  for  attempted
482       privilege  level",  or  "k_g  invalid"  errors.  Issue observed on Asus
483       P5M2/P5MT-R/RS162-E4/RX4,   Intel   SR1520ML/X38ML,   and   Sun    Fire
484       2200/4150/4450 with ELOM.
485
486       nochecksumcheck  - This workaround flag will tell FreeIPMI to not check
487       the checksums returned from IPMI command  responses.  It  works  around
488       systems that return invalid checksums due to implementation errors, but
489       the packet is otherwise valid. Users are cautioned on the use  of  this
490       option,  as  it  removes  validation of packet integrity in a number of
491       circumstances. However, it is unlikely to be an issue  in  most  situa‐
492       tions.  Those hitting this issue may see "connection timeout", "session
493       timeout", or "password verification timeout" errors. On IPMI  1.5  con‐
494       nections,  the  "noauthcodecheck" workaround may also needed too. Issue
495       observed on Supermicro X9SCM-iiF, Supermicro  X9DRi-F,  and  Supermicro
496       X9DRFR.
497
498       idzero  -  This  workaround flag will allow empty session IDs to be ac‐
499       cepted by the client. It works around IPMI sessions that  report  empty
500       session  IDs  to  the client. Those hitting this issue may see "session
501       timeout" errors. Issue observed on Tyan S2882 with M3289 BMC.
502
503       unexpectedauth - This workaround flag will  allow  unexpected  non-null
504       authcodes  to  be checked as though they were expected. It works around
505       an issue when packets contain non-null authentication  data  when  they
506       should  be  null due to disabled per-message authentication. Those hit‐
507       ting this issue may see "session timeout"  errors.  Issue  observed  on
508       Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.
509
510       forcepermsg  -  This workaround flag will force per-message authentica‐
511       tion to be used no matter what is advertised by the remote  system.  It
512       works  around an issue when per-message authentication is advertised as
513       disabled on the remote system, but it is actually required for the pro‐
514       tocol.  Those hitting this issue may see "session timeout" errors.  Is‐
515       sue observed on IBM eServer 325.
516
517       endianseq - This workaround flag will flip the endian  of  the  session
518       sequence  numbers  to  allow the session to continue properly. It works
519       around IPMI 1.5 session sequence numbers that  are  the  wrong  endian.
520       Those  hitting  this  issue may see "session timeout" errors. Issue ob‐
521       served on some Sun ILOM 1.0/2.0 (depends on service processor endian).
522
523       noauthcodecheck - This workaround flag will tell FreeIPMI to not  check
524       the  authentication  codes returned from IPMI 1.5 command responses. It
525       works around systems that return invalid authentication  codes  due  to
526       hashing  or  implementation  errors.  Users are cautioned on the use of
527       this option, as it removes an authentication check verifying the valid‐
528       ity of a packet. However, in most organizations, this is unlikely to be
529       a security issue. Those hitting this issue may  see  "connection  time‐
530       out",  "session  timeout",  or  "password verification timeout" errors.
531       Issue observed on Xyratex FB-H8-SRAY, Intel  Windmill,  Quanta  Winter‐
532       fell, and Wiwynn Windmill.
533
534       intel20  - This workaround flag will work around several Intel IPMI 2.0
535       authentication issues. The issues covered include padding of usernames,
536       and  password  truncation  if  the  authentication  algorithm  is HMAC-
537       MD5-128. Those hitting this issue may see "username invalid", "password
538       invalid",  or  "k_g  invalid" errors. Issue observed on Intel SE7520AF2
539       with Intel Server Management Module (Professional Edition).
540
541       supermicro20 - This workaround flag will work around several Supermicro
542       IPMI  2.0  authentication  issues  on  motherboards  w/  Peppercon IPMI
543       firmware. The issues covered include handling invalid length  authenti‐
544       cation  codes.  Those hitting this issue may see "password invalid" er‐
545       rors.  Issue observed on Supermicro H8QME  with  SIMSO  daughter  card.
546       Confirmed fixed on newerver firmware.
547
548       sun20 - This workaround flag will work work around several Sun IPMI 2.0
549       authentication issues. The issues covered include invalid lengthed hash
550       keys,  improperly  hashed keys, and invalid cipher suite records. Those
551       hitting this issue may see "password invalid" or  "bmc  error"  errors.
552       Issue  observed  on Sun Fire 4100/4200/4500 with ILOM.  This workaround
553       automatically includes the "opensesspriv" workaround.
554
555       opensesspriv - This workaround flag will slightly alter FreeIPMI's IPMI
556       2.0 connection protocol to workaround an invalid hashing algorithm used
557       by the remote system. The privilege level sent during the Open  Session
558       stage of an IPMI 2.0 connection is used for hashing keys instead of the
559       privilege level sent during the RAKP1 connection stage.  Those  hitting
560       this  issue may see "password invalid", "k_g invalid", or "bad rmcpplus
561       status code" errors.  Issue observed on Sun  Fire  4100/4200/4500  with
562       ILOM, Inventec 5441/Dell Xanadu II, Supermicro X8DTH, Supermicro X8DTG,
563       Intel S5500WBV/Penguin Relion 700,  Intel  S2600JF/Appro  512X,  Quanta
564       QSSC-S4R/Appro  GB812X-CN, and Dell C5220. This workaround is automati‐
565       cally triggered with the "sun20" workaround.
566
567       integritycheckvalue - This workaround flag will work around an  invalid
568       integrity check value during an IPMI 2.0 session establishment when us‐
569       ing Cipher Suite ID 0. The integrity check value should  be  0  length,
570       however  the  remote motherboard responds with a non-empty field. Those
571       hitting this issue may see "k_g invalid" errors. Issue observed on  Su‐
572       permicro  X8DTG,  Supermicro  X8DTU,  and Intel S5500WBV/Penguin Relion
573       700, and Intel S2600JF/Appro 512X.
574
575       assumemaxsdrrecordcount - This workaround will inform  SDR  reading  to
576       stop  reading  after  a  known  maximum number of SDR records have been
577       read. This will work around systems that have mis-implemented SDR read‐
578       ing  functions.  Those hitting this issue may see "SDR record count in‐
579       valid" errors. Issue observed on unspecified Inspur motherboard.
580
581       skipchecks - This workaround option will skip FRU checksum checks. Some
582       FRUs  have incorrect checksums, but the FRU data is correct. Those hit‐
583       ting this issue may see "checksum invalid" errors in their FRU  output.
584       Output  may  be unknown, pray for the best. This option is confirmed to
585       work around compliances issues on Inventec 5441/Dell  Xanadu  II,  Dell
586       Poweredge R610, and Dell Poweredge R710 motherboards.
587
588       No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been
589       found to not support IPMI 1.5. Those hitting this issue may  see  "ipmi
590       2.0  unavailable"  or  "connection  timeout"  errors. This issue can be
591       worked around by using IPMI 2.0  instead  of  IPMI  1.5  by  specifying
592       --driver-type=LAN_2_0.  Issue observed on a number of HP and Supermicro
593       motherboards.
594

OEM INTERPRETATION

596       The following motherboards are confirmed to have atleast  some  support
597       by  the --interpret-oem-data option. While highly probable the OEM data
598       interpretations would work across other motherboards by the same  manu‐
599       facturer,  there  are no guarantees. Some of the motherboards below may
600       be rebranded by vendors/distributors.
601
602       Wistron/Dell Poweredge C6220
603

EXAMPLES

605       # ipmi-fru
606
607       Get FRU information of the local machine.
608
609       # ipmi-fru --verbose
610
611       Get verbose FRU information of the local machine.
612
613       # ipmi-fru -h ahost -u myusername -p mypassword
614
615       Get FRU information of a remote machine using IPMI over LAN.
616
617       # ipmi-fru -h mycluster[0-127] -u myusername -p mypassword
618
619       Get FRU information across a cluster using IPMI over LAN.
620

IPMI-FRU KNOWN ISSUES

622       Not all language codes are supported in ipmi-fru.  If  additional  lan‐
623       guage code support is required please contact the FreeIPMI maintainers.
624

DIAGNOSTICS

626       Upon  successful  execution, exit status is 0. On error, exit status is
627       1.
628
629       If multiple hosts are specified for communication, the exit status is 0
630       if  and  only  if  all targets successfully execute. Otherwise the exit
631       status is 1.
632

KNOWN ISSUES

634       On older operating systems, if you input your username,  password,  and
635       other  potentially  security  relevant information on the command line,
636       this information may be discovered by other users when using tools like
637       the  ps(1) command or looking in the /proc file system. It is generally
638       more secure to input password information with options like the  -P  or
639       -K  options.  Configuring security relevant information in the FreeIPMI
640       configuration file would also be an appropriate way to hide this infor‐
641       mation.
642
643       In  order  to  prevent  brute force attacks, some BMCs will temporarily
644       "lock up" after a number of remote authentication errors. You may  need
645       to  wait awhile in order to this temporary "lock up" to pass before you
646       may authenticate again.
647

REPORTING BUGS

649       Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
650
652       Copyright (C) 2007-2015 Lawrence Livermore National Security, LLC.
653       Copyright (C) 2007 The Regents of the University of California.
654
655       This program is free software; you can redistribute it and/or modify it
656       under  the  terms of the GNU General Public License as published by the
657       Free Software Foundation; either version 3 of the License, or (at  your
658       option) any later version.
659

SEE ALSO

661       freeipmi(7), ipmi-config(8)
662
663       http://www.gnu.org/software/freeipmi/
664
665
666
667ipmi-fru 1.6.8                    2021-05-20                       IPMI-FRU(8)
Impressum