This document outlines the steps required to configure DASH systems for HTTPS communication using self-signed certificates.

Requirements

1. Download and install the latest available OpenSSL package (http://www.openssl.org/).

a. Ensure openssl.exe is in %PATH%

b. Ensure that the environment variables has the variable “OPENSSL_CONF”

OPENSSL_CONF

C:\Program Files\OpenSSL-Win64\bin\cnf\openssl.cnf

2. Sample ini is specified in Appendix A. Save the contents as openssl.ini and modify the file based on your organization requirement.

a. Organization wide certificate: A common certificate can be generated and installed on all DASH systems in the organization (by giving Common Name as *.myorg.com). For an organization wide option, under “alt_names” section, add the key “DNS.1” Eg,

DNS.1   = *.myorg.com

b. Per device certificate: A per device certificate can be generated and installed on that particular device (Eg: dash-system.myorg.com). Per device certificate can be generated on alternate names of the systems and also on IP address. For per per device option, under “alt_names” section, add value for key “DNS.1”, “DNS.2 and “IP.1”. Eg,

DNS.1   = dash-system.myorg.com

DNS.2   = dash-system

IP.1    = 10.10.10.100

3. NIC Management Constroller specific requirements are mentioned in Section D

Note: The steps below are tested with OpenSSL 1.1.1d version.

Section A: Generate Root certificate

A Root certificate is common to the whole organization. It is generated only once and installed in the certificate store.

1)    Create folders & copy openssl.ini

mkdir DASHCert 

cd DASHCert 

copy ..\openssl.ini DASHCert 

mkdir newcerts private

2)    Create requisite files

echo 01 > serial 

copy /y nul index.txt

3)    Create root certificate

Note: For ‘Common Name’, specify the name of the root authority. For instance like 'DASH Root Authority'.

openssl genrsa -out private/cakey.pem 1024

openssl req -new -x509 -extensions v3_ca -key private/cakey.pem -out cacert.pem -days 3650 -sha256 -config ./openssl.ini

openssl x509 -in cacert.pem -out DASHCA.crt

Section B: Add root certificate to certificate store on the system with DASH Console

Root certicate must be installed in the certificate store on all console systems where DASH applications like DASH CLI, AMD Management Console and AMPS are installed.

1. Windows OS system with DASH Console

1. Copy DASHCA.crt to DASH Console.

2. Import to certificate store:

a. Right click on DASHCA.crt and select 'Install Certificate'

b. Select “Local Machine” as Store Location

c. Click Next and select 'Place all certificates in the following store'

d. Click Browse and select 'Trusted Root Certification Authorities'

e. Click Next & Finish

2. Ubuntu OS system with DASH Console

1. Copy DASHCA.crt to DASH Console

sudo mkdir /usr/share/ca-certificates/extra

sudo cp DASHCA.crt /usr/share/ca-certificates/extra

sudo dpkg-reconfigure ca-certificates

2. A new UI window will be open -> Select YES

3. Give space to select the DASHCA.crt in Trusted certificates

sudo update-ca-certificates

3. Fedora OS system with DASH Console

1. Copy DASHCA.crt to DASH Console

sudo cp DASHCA.crt /etc/pki/ca-trust/source/anchors

sudo update-ca-trust

Section C: Generate organization-wise or per-device certificate

Continuation of the steps from Section A.

1)    Create certificate signing request

Note: For ‘Common Name’, specify the generic (Eg: *.myorg.com).

openssl req -new -nodes -out req.pem -sha256 -extensions v3_req -config ./openssl.ini

2)    Sign certificate

openssl ca -out cert.pem -extensions v3_req -config ./openssl.ini -infiles req.pem

3)    Strip readable text

move cert.pem tmp.pem

openssl x509 -in tmp.pem -out cert.pem

4)    Convert to DER format

openssl rsa -in key.pem -inform PEM -out DASHKey.der -outform DER

openssl x509 -in cert.pem -inform PEM -out DASHCert.der -outform DER

Section D: Import certificate on the DASH System

Executing the commands below will over-write the existing certificate details. Procedure to install certificate on a DASH System varies based on Management Controller:

1)    Realtek Management Controller

Note: Sample config.xml is specified in Appendix B

1. Ensure DASHConfigRT folder is present in your DASH Application folder

2. Copy DASHConfigRT folder to the DASH System

3. Copy the files ‘DASHKey.der’ & ‘DASHCert.der’ to DASH System

4. Copy the file config.xml to the same folder as DASHConfigRT.exe and update config.xml as required.

5. Using DASHConfigRT, install the certifiate files with one of the commands:

a. Configure username, password and install certificate

DASHConfigRT.exe -xf:config.xml -cert:DASHCert.der -priv:DASHKey.der

b. Only to update the certificates

DASHConfigRT.exe -cert:DASHCert.der -priv:DASHKey.der

2)    Broadcom Management Controller

Note: Sample config.xml is specified in Appendix C

1. Ensure DASHConfig folder is present in your DASH Application folder

2. Copy DASHConfig folder to the DASH System

3. Copy the files ‘DASHKey.der’ & ‘DASHCert.der’ to DASH System

4. Copy the file config.xml to the same folder as DASHConfig.exe and update config.xml as required.

5. Using DASHConfig, install the certificate files with the commands:

DASHConfig.exe -xf:config.xml

Section E: Verification

To verify the certificate installed correctly and DASH HTTPS is working.

1)    Via browser

Open the link https://dash-system.myorg.com:664/ in either Chrome or Internet Explorer. The browser must report the site as secure and the TLS certificate must match with that generated in Section A.

2)    Via DASH CLI

Run a DASH CLI https command without -C option. DASH CLI must provide the output without any error.

dashcli -h dash-system.myorg.com -p 664 -S https -a digest -u admin -P adminpass -t computersystem[0] power status

Appendix A - Sample openssl.ini

# OpenSSL configuration file.

#----Begin----

# Establish working directory.

dir = .

[ ca ]

default_ca = CA_default

[ CA_default ]

serial = $dir/serial

database = $dir/index.txt

new_certs_dir = $dir/newcerts

certificate = $dir/cacert.pem

private_key = $dir/private/cakey.pem

default_days = 3650

default_md = sha256

preserve = no

email_in_dn = no

nameopt = default_ca

certopt = default_ca

policy = policy_match

[ policy_match ]

countryName = match

stateOrProvinceName = match

organizationName = match

organizationalUnitName = optional

commonName = supplied

emailAddress = optional

[ req ]

default_bits = 1024

default_keyfile = key.pem

default_md = sha256

string_mask = nombstr

distinguished_name = req_distinguished_name

[ req_distinguished_name ]

# Variable name Prompt string

#---------------------- ----------------------------------

0.organizationName = Organization Name (company)

organizationalUnitName = Organizational Unit Name (department, division)

emailAddress = Email Address

emailAddress_max = 40

localityName = Locality Name (city, district)

stateOrProvinceName = State or Province Name (full name)

countryName = Country Name (2 letter code)

countryName_min = 2

countryName_max = 2

commonName = Common Name (hostname, IP, or your name)

commonName_max = 64

# Default values for the above, for consistency and less typing.

# Variable name Value

#------------------------------ ------------------------------

0.organizationName_default       = MyOrg Inc

organizationalUnitName           = IT

countryName_default              = IN

stateOrProvinceName_default      = KA

localityName_default             = Bangalore

emailAddress_default             = it@myorg.com

organizationalUnitName_default   = IT Department

commonName_default               = *.myorg.com

[ alt_names ]

# Hostname of target with FQDN can also be entered in the form *.domain.com

DNS.1      = *.myorg.com

#DNS.2     = dash-system.myorg.com

#DNS.3     = dash-system

# IP address can be allowed with the IP Key

#IP.1      = 10.10.10.100

[ v3_ca ]

basicConstraints = CA:TRUE

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid:always,issuer:always

keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign

subjectAltName = @alt_names

[ v3_req ]

basicConstraints = CA:FALSE

keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign

subjectAltName = @alt_names

#----End----

Appendix B - Sample config.xml for Realtek Management Controller

<?xml version="1.0" encoding="utf-8" ?>

<DASHPROVISIONSETTINGS>

      <MANAGEMENTTARGET>

           <GLOBAL>

                 <HTTPS>

                       <ENABLESUPPORT>true</ENABLESUPPORT>

                      <TCPIPPORT>664</TCPIPPORT>

                 </HTTPS>

                 <HTTP>

                       <ENABLESUPPORT>true</ENABLESUPPORT>

                      <TCPIPPORT>623</TCPIPPORT>

                 </HTTP>

           </GLOBAL>

           <USERS>

                 <USER>

                      <USERID>admin</USERID>

                       <PASSWORD>adminPass</PASSWORD>

                      <ENABLE>true</ENABLE>

                      <ROLES>

                            <ROLE>Administrator Role</ROLE>

                      </ROLES>

                 </USER>

           </USERS>

      </MANAGEMENTTARGET>

</DASHPROVISIONSETTINGS>

Appendix C - Sample config.xml for Broadcom Management Controller

<?xml version="1.0" encoding="utf-8" ?>

<DASHPROVISIONSETTINGS>

      <MANAGEMENTTARGET>

           <GLOBAL>

                 <HTTPS>

                       <ENABLESUPPORT>true</ENABLESUPPORT>

                      <TCPIPPORT>664</TCPIPPORT>

                      <HTTPREALM>Broadcom Management Service</HTTPREALM>

                      <HTTPSTARGETTOCONSOLE>

                          <CERTIFICATEPATH>DASHCert.der</CERTIFICATEPATH>

                      </HTTPSTARGETTOCONSOLE>

                 </HTTPS>

                 <HTTP>

                       <ENABLESUPPORT>true</ENABLESUPPORT>

                      <TCPIPPORT>623</TCPIPPORT>

                 </HTTP>

           </GLOBAL>

           <USERS>

                 <USER>

                      <USERID>admin</USERID>

                       <PASSWORD>adminPass</PASSWORD>

                      <ENABLE>true</ENABLE>

                      <ROLES>

                            <ROLE>Administrator Role</ROLE>

                      </ROLES>

                 </USER>

           </USERS>

      </MANAGEMENTTARGET>

</DASHPROVISIONSETTINGS>

For any further query, drop a note below or contact via mail dashsupport@amd.com

   1. Download Bios Configuration Utility from the link below:

https://ftp.hp.com/pub/caps-softpaq/cmit/HP_BCU.html

   2. Once installed the exe file can be found in “C:\Program Files (x86) \HP\BIOS Configuration Utility.

   3. Open the path in command prompt 

   4. To Fetch the current bios configuration, use the below command

         BiosConfigUtility64.exe/get:<filename.txt>”

   5. Once the .txt file is generated, one can see the bios settings in the file.

   6. Grep for” AMD DASH” and to make changes update the field with *Enable (enable DASH) or *Disable (Disable          DASH).

         Example: AMD DASH
                           Disable
                           *Enable

   7. Once the settings are modified, execute below command for changes to get reflected:

         BiosConfigUtility64.exe/set:<filename.txt>”

   8. Reboot the system for changes to get reflected.

1. The functionality has been implemented using WMI interface and are embedded as scripts which can be downloaded       using below link:

      https://support.lenovo.com/us/en/solutions/ht100612 

2. Cscript is required for execution which can be found in below path in windows installed systems

      C:\windows\system32\cscript.exe

3. Below command is used to list current bios settings:

      cscript.exe ListAll.vbs

4. To Enable/Disable DASH in bios, Use the below command accordingly:

      cscript.exe SetConfig.vbs DashEnabled Enable (To Enable DASH)

      cscript.exe SetConfig.vbs DashEnabled Disable (To Disable DASH)

5. Restart the system for changes to get reflected.

This Blog emphasizes on procedure of enabling DASH in bios and Lenovo T495 has been used for reference.



Quick Steps:

Download latest BIOS for Lenovo-T495 system
Upgrade the Bios n the Lenovo-T495 system
Enable DASH option in Bios
Verify the DASH FW in windows in Realtek Dash Client tool
Verification using DASHCLI tool



Step 1: Download the latest BIOS:

The latest BIOS version available in web is R12ET49W (1.19):

Navigate to the URL: https://support.lenovo.com/us/en/downloads/ds539877
Download the exe file





Step 2: Install the BIOS Image on Target

Copy the exe to Target machine. Right click on executable and run it as administrator



This launches the Install Shield Wizard select language as English



Click Next




Accept the License Agreement and click Next



Click on Install



Once Finished exit the wizard by clicking Finish



Further the ThinkPad Bios Flash Update Utility asks for option Select” Update ThinkPad BIOS”



Further the Bios update is initiated and once completed Restart the system

Step 3: Enable DASH option in the Bios
Once the system is restarted after the Bios gets upgraded, Press F1 to move to Setup Utility
Switch to security Tab and go to Dash Configuration setting
 
Enter DASH Configuration setting and Enable the DASH Support option
Press F10 to Save and Exit
 
Step 4: Verify the DASH FW in windows in Realtek Dash Client tool

Once system is rebooted to windows, the required Drivers and Realtek Dash Client is installed.
The DASH FW version can be seen in right end corner of tray icon



Step 5: Verification Using DASHCLI Tool
After DASH is enabled in system, DASHCLI can be used to verify some of DASH related features
DASHCLI Commands:
1.To verify DASH System is DASH Capable:
dashcli.exe -h <ipaddress> -u <username> -P <password> discover
2. To verify power options available in target system:
dashcli.exe -h <ipaddress> -u <username> -P <password> -t computersystem[0] power availablestates

Useful Links:
1. Downloading DASHCLI tool
https://developer.amd.com/tools-for-dmtf-dash/ 
2.Discovering DASH Systems using DASHCLI
Discovering DASH systems using DASH CLI 

DASH CLI supports new options to enable developers to send request query in JSON format to DASH systems and get the output in JSON format. The output can be interpreted by any programming language supporting JSON format. The output JSON is modeled like Redfish Schema published by DMTF.

In typical usage, DASH CLI is launched with request JSON, DASH CLI processes the request and forms the response in JSON format. This response is sent back to the launching application.

JSON is supported by almost all modern programming languages. Hence it will be easier to add DASH capability into any application or tool with few simple steps. Since the application will be launching DASH CLI, the integration with the application is therefore ‘loosely coupled’. DASH communication, DASH standards compliance, DASH security & stability are encapsulated within DASH CLI. The calling application does not require to know anything about DASH standard.

There are two new options in DASH CLI:

• jdo option: With this flag, DASH request input is taken from command-line and output DASH response is written to console.
• ji/jo option: With this flag, DASH request input is taken from file and output DASH response is written to a file.

jdo option is faster since it does not involve in any file operation.

Before starting

• Download and install DASH CLI 3.0 version. In this blog, DASH CLI is installed in default path, “C:\Program Files (x86)\DASH CLI 3.0\”
• Examples are illustrated with Visual Studio 2017. But any other IDE or editor can be used.
• Refer DASH CLI Developer Guide, which is available in DASH CLI installation folder: “C:\Program Files (x86)\DASH CLI 3.0\docs\”, for JSON request & response formats for supported DASH profiles.
• This blog provides the steps for C++ language sample code for using -jdo, -ji & -jo options.

JDO Flag usage

Using via direct command line

     dashcli -jdo

When this command is run, DASH CLI waits for input in JSON format. Once the input is provided, it will be executed by DASH CLI and output of which is written back in JSON format, as shown in the screenshot below.

Using JDO programmatically

Create a sample C++ Console application by following the steps below:

Step 1: Create a new project in Visual Studio by selecting from the Menu “File” > “New” > “Project”

Step 2: Select “Visual C++” -> “Console App”. Name the application “JDOApp” and click “OK” button.

Step 3: Add the two constant variables in main function which contains path to DASHCLI and arguments to it

      const char szArgs[] = (" -jdo ");

      const char szAppPath[] = ("C:\\Program Files (x86)\\DASH CLI 3.0\\bin\\dashcli.exe");

Step 4: Include windows, fstream and iostream header files as these will be referenced in the upcoming code.

#include <windows.h>

#include <fstream>

#include <iostream>

Step 5: Define the below functions

• RunDashCLIWithJDO – This function takes 3 arguments Path to DASHCLI application, arguments and commands for DASHCLI. This function creates pipes, process to execute the DASHCLI with provided arguments and commands.
• ReadFromDashCLIProcess – This function reads the output of DASHCLI process and prints to parent stdout.

int RunDashCLIWithJDO(const char szAppPath[], const char szArgs[], const char szCommands[])

{

      int iRetVal = 0;

      // Create PIPE for sending commands and reading output from DASHCLI process.

      SECURITY_ATTRIBUTES seAttr;

      // Set the bInheritHandle flag true so pipe handles are inherited.

      seAttr.nLength = sizeof(SECURITY_ATTRIBUTES);

      seAttr.bInheritHandle = true;

      seAttr.lpSecurityDescriptor = NULL;

      // Create a pipe for the DASHCli process's STDOUT.

      if (!CreatePipe(&ghDashCmdOUTRd, &ghDashCmdOUTWr, &seAttr, 0))

      {

            cout << "Stdout CreatePipe failed." << endl;

            iRetVal = -1;

      }

      // Ensure the read handle to the pipe for STDOUT is not inherited.

      if (!SetHandleInformation(ghDashCmdOUTRd, HANDLE_FLAG_INHERIT, 0))

      {

            cout << "Stdout SetHandleInformation failed." << endl;

            iRetVal = -1;

      }

      // Create a pipe for the DASHCli process's STDIN.

      if (!CreatePipe(&ghDashCmdINRd, &ghDashCmdINWr, &seAttr, 0))

      {

            cout << "Stdin CreatePipe failed." << endl;

            iRetVal = -1;

      }

      // Ensure the write handle to the pipe for STDIN is not inherited.

      if (!SetHandleInformation(ghDashCmdINWr, HANDLE_FLAG_INHERIT, 0))

      {

            cout << "Stdin SetHandleInformation failed." << endl;

            iRetVal = -1;

      }

      PROCESS_INFORMATION piProcInfo;

      STARTUPINFOA siStartInfo;

      // Set up members of the PROCESS_INFORMATION structure.

      ZeroMemory(&piProcInfo, sizeof(PROCESS_INFORMATION));

      // Set up members of the STARTUPINFO structure.

      // This structure specifies the STDIN and STDOUT handles for redirection.

      ZeroMemory(&siStartInfo, sizeof(STARTUPINFO));

      siStartInfo.cb = sizeof(STARTUPINFO);

      siStartInfo.hStdError = ghDashCmdOUTWr;

      siStartInfo.hStdOutput = ghDashCmdOUTWr;

      siStartInfo.hStdInput = ghDashCmdINRd;

      siStartInfo.dwFlags |= STARTF_USESTDHANDLES;

      // Create process with application path of DASHCLI and required arguments list.

      // If an error occurs, return -1

      if (iRetVal != 0 || !CreateProcessA(szAppPath, const_cast<LPSTR>(szArgs), NULL, NULL, true, 0, NULL, NULL, &siStartInfo, &piProcInfo))

      {

            std::cout << "Process/Pipe creation failed to execute DashCLI" << std::endl;

            iRetVal = -1;

      }

      else

      {

            // Sending commands to DashCLI

            std::cout << szCommands;

            unsigned long  dwRead = strlen(szCommands), dwWritten;

            WriteFile(ghDashCmdINWr, szCommands, dwRead, &dwWritten, NULL);

            // Wait for the process to complete execution.

            WaitForSingleObject(piProcInfo.hProcess, INFINITE);

            CloseHandle(piProcInfo.hProcess);

            CloseHandle(piProcInfo.hThread);

      }

      return iRetVal;

} 

void ReadFromDashCLIProcess(void)

{

      unsigned long  dwRead, dwWritten;

      char chBuf[BUFSIZE];

      bool bSuccess = false;

      void * hParentStdOut = GetStdHandle(STD_OUTPUT_HANDLE);

      bSuccess = ReadFile(ghDashCmdOUTRd, chBuf, BUFSIZE, &dwRead, NULL);

      if (bSuccess && dwRead > 0)

      {

            WriteFile(hParentStdOut, chBuf, dwRead, &dwWritten, NULL);

      }

}

Step 6: Call “RunDashCLIWithJDO” and “ReadFromDashCLIProcess” function in “main” function by reading input from input_json.txt file.

char szCommands[BUFSIZE];

      // Read input commands to DashCLI from json file

      std::ifstream infile;

      infile.open("input_json.txt");

      infile >> szCommands;

      strcat_s(szCommands, "\r\n");      // Append carriage return and new line characters to input.

      cout << "Running DashCLI with JDO" << endl;

      if (0 == RunDashCLIWithJDO(szAppPath, szArgs, szCommands))

      {

            ReadFromDashCLIProcess();

      } 

The entire code at this stage should look like as below:

#include <windows.h>

#include <fstream>

#include <iostream>

using namespace std;

#define BUFSIZE 4096

void * ghDashCmdINRd = NULL;

void * ghDashCmdINWr = NULL;

void * ghDashCmdOUTRd = NULL;

void * ghDashCmdOUTWr = NULL;

// Create a child process to run DashCLI and redirect STDIN/STDOUT through pipes.

// Returns: -1 if process creation is failed.

//       0 if process creation is successful.

int RunDashCLIWithJDO(const char szAppPath[], const char szArgs[], const char szCommands[])

{

      int iRetVal = 0;

      // Create PIPE for sending commands and reading output from DASHCLI process.

      SECURITY_ATTRIBUTES seAttr;

      // Set the bInheritHandle flag true so pipe handles are inherited.

      seAttr.nLength = sizeof(SECURITY_ATTRIBUTES);

      seAttr.bInheritHandle = true;

      seAttr.lpSecurityDescriptor = NULL;

      // Create a pipe for the DASHCli process's STDOUT.

      if (!CreatePipe(&ghDashCmdOUTRd, &ghDashCmdOUTWr, &seAttr, 0))

      {

            cout << "Stdout CreatePipe failed." << endl;

            iRetVal = -1;

      }

      // Ensure the read handle to the pipe for STDOUT is not inherited.

      if (!SetHandleInformation(ghDashCmdOUTRd, HANDLE_FLAG_INHERIT, 0))

      {

            cout << "Stdout SetHandleInformation failed." << endl;

            iRetVal = -1;

      }

      // Create a pipe for the DASHCli process's STDIN.

      if (!CreatePipe(&ghDashCmdINRd, &ghDashCmdINWr, &seAttr, 0))

      {

            cout << "Stdin CreatePipe failed." << endl;

            iRetVal = -1;

      }

      // Ensure the write handle to the pipe for STDIN is not inherited.

      if (!SetHandleInformation(ghDashCmdINWr, HANDLE_FLAG_INHERIT, 0))

      {

            cout << "Stdin SetHandleInformation failed." << endl;

            iRetVal = -1;

      }

      PROCESS_INFORMATION piProcInfo;

      STARTUPINFOA siStartInfo;

      // Set up members of the PROCESS_INFORMATION structure.

      ZeroMemory(&piProcInfo, sizeof(PROCESS_INFORMATION));

      // Set up members of the STARTUPINFO structure.

      // This structure specifies the STDIN and STDOUT handles for redirection.

      ZeroMemory(&siStartInfo, sizeof(STARTUPINFO));

      siStartInfo.cb = sizeof(STARTUPINFO);

      siStartInfo.hStdError = ghDashCmdOUTWr;

      siStartInfo.hStdOutput = ghDashCmdOUTWr;

      siStartInfo.hStdInput = ghDashCmdINRd;

      siStartInfo.dwFlags |= STARTF_USESTDHANDLES;

      // Create process with application path of DASHCLI and required arguments list.

      // If an error occurs, return -1

      if (iRetVal != 0 || !CreateProcessA(szAppPath, const_cast<LPSTR>(szArgs), NULL, NULL, true, 0, NULL, NULL, &siStartInfo, &piProcInfo))

      {

            std::cout << "Process/Pipe creation failed to execute DashCLI" << std::endl;

            iRetVal = -1;

      }

      else

      {

            // Sending commands to DashCLI

            std::cout << szCommands;

            unsigned long  dwRead = strlen(szCommands), dwWritten;

            WriteFile(ghDashCmdINWr, szCommands, dwRead, &dwWritten, NULL);

            // Wait for the process to complete execution.

            WaitForSingleObject(piProcInfo.hProcess, INFINITE);

            CloseHandle(piProcInfo.hProcess);

            CloseHandle(piProcInfo.hThread);

      }

      return iRetVal;

}

// Read output from the DashCLI process

// and write to the parent STDOUT.

void ReadFromDashCLIProcess(void)

{

      unsigned long  dwRead, dwWritten;

      char chBuf[BUFSIZE];

      bool bSuccess = false;

      void * hParentStdOut = GetStdHandle(STD_OUTPUT_HANDLE);

      bSuccess = ReadFile(ghDashCmdOUTRd, chBuf, BUFSIZE, &dwRead, NULL);

      if (bSuccess && dwRead > 0)

      {

            WriteFile(hParentStdOut, chBuf, dwRead, &dwWritten, NULL);

      }

}

int main(int argc, char* argv[])

{

      const char szArgs[] = (" -jdo ");

      // Path to DashCLI application.

      const char szAppPath[] = ("C:\\Program Files (x86)\\DASH CLI 3.0\\bin\\dashcli.exe");

      char szCommands[BUFSIZE];

      // Read input commands to DashCLI from json file

      std::ifstream infile;

      infile.open("input_json.txt");

      infile >> szCommands;

      strcat_s(szCommands, "\r\n");      // Append carriage return and new line characters to input.

      cout << "Running DashCLI with JDO" << endl;

      if (0 == RunDashCLIWithJDO(szAppPath, szArgs, szCommands))

      {

            ReadFromDashCLIProcess();

      }

      cout << "DashCLI execution with JDO is complete." << endl;

      return 0;

} 

Step 7: In step 6, main function reads input for JDO from a JSON File (input_json.txt). It assumes that input_json.txt is present in the working directory of the project if the application is running through Visual Studio or it should be present in the exe application path.

Step 8: Contents of JSON text file can be any of the input from Developer guide like a discover command as shown below.

     {"h":"HP705G1","u":"adminUserName","P":"adminPassword","Commands":["discover"]}

Step 9: Run the JDOApp.exe application from the console.

Other Commands:

Discover Info through DashCLI JDO

This is to discover the given host and get the list of security profiles supported by the dash target system.

Update the input_json.txt with discover and info commands as below

   {"h":"HP705G1","u":"adminUserName","P":"adminPassword","Commands":["discover","info"]}

Repeat Step 9. Output will contain the discovery information under info tag and security profiles under SecurityProfile tag.

Power Status through DashCLI JDO

This is to get the current power status of a dash target system.

Update the input_json.txt with power status commands as below

{"h":"HP705G1","u":"adminUserName","t":"computersystem[0]","P":"adminPassword","Commands":["power","status"]}

Output will contain the current power status of the dash system. Power status will be in shown in the PowerState tag.

Change Power Status through DashCLI JDO

This is to change the power status of a dash target system.

Update the input_json.txt with power and available state commands as below

   {"h":"HP705G1","u":"adminUserName","P":"adminPassword","Commands":["power","sleep"]}

Output will contain the power change status of the dash system. ErrorCode tag will contain the status of the power operation 0 if power operation is successful. ErrorMessage will contain more information on the status of the operation as shown below

Ji JO Flag usage

Using via direct command line

     dashcli -ji input_json.txt -jo output_json.txt

Here, the file ‘input_json.txt’ has the DASH command in JSON format. DASH CLI executes this command and writes the output in JSON format to file specified by -jo option, which is output_json.txt. Usage is shown in the screenshot below.

Using JI/JO programmatically

Create a sample C++ console application by following the steps below:

Step 1: Create a new project in Visual Studio by selecting from the Menu “File” > “New” > “Project”

Step 2: Select “Visual C++” -> “Console App”. Name the application “JiJoApp” and click “OK” button.

Step 3: Add the two constant members which stores DashCLI application path  and DashCLI arguments in main function.

      const char szArgs[] = (" -ji input_json.txt -jo output_json.txt");

      const char szAppPath[] = ("C:\\Program Files (x86)\\DASH CLI 3.0\\bin\\dashcli.exe"); 

Step 4: Include required header files like windows.h and iostream

#include <windows.h>

#include <iostream>

Step 5: Define a function “RunDashCLIWithJiJO” which creates a process and executes DASHCLI application with JIJO parameters as shown below:

void RunDashCLIWithJiJO(const char szAppPath[], const char szArgs[])

{

      PROCESS_INFORMATION piProcInfo;

      STARTUPINFOA siStartInfo;

      // Set up members of the PROCESS_INFORMATION structure.

      ZeroMemory(&piProcInfo, sizeof(PROCESS_INFORMATION));

      // Set up members of the STARTUPINFO structure.

      ZeroMemory(&siStartInfo, sizeof(STARTUPINFO));

      siStartInfo.cb = sizeof(STARTUPINFO);

      // Create process with application path of DASHCLI and required arguments list.

      if (!CreateProcessA(szAppPath, (LPSTR)szArgs, NULL, NULL, true, 0, NULL, NULL, &siStartInfo, &piProcInfo))

      {

            cout << "Process creation failed to execute DashCLI" << std::endl;

      }

      else

      {

            // Wait for the process to complete execution.

            WaitForSingleObject(piProcInfo.hProcess, INFINITE);

            CloseHandle(piProcInfo.hProcess);

            CloseHandle(piProcInfo.hThread);

            cout << "DashCLI execution complete." << endl;

      }

}

Step 6: Call “RunDashCLIWithJiJO” function in the “main” function

            RunDashCLIWithJiJO(szAppPath, szArgs);

The entire code at this stage should look like so:

#include <windows.h>

#include <iostream>

using namespace std;

// Create a child process to run DashCLI and redirect STDIN/STDOUT through pipes.

void RunDashCLIWithJiJO(const char szAppPath[], const char szArgs[])

{

      PROCESS_INFORMATION piProcInfo;

      STARTUPINFOA siStartInfo;

      // Set up members of the PROCESS_INFORMATION structure.

      ZeroMemory(&piProcInfo, sizeof(PROCESS_INFORMATION));

      // Set up members of the STARTUPINFO structure.

      ZeroMemory(&siStartInfo, sizeof(STARTUPINFO));

      siStartInfo.cb = sizeof(STARTUPINFO);

      // Create process with application path of DASHCLI and required arguments list.

      if (!CreateProcessA(szAppPath, (LPSTR)szArgs, NULL, NULL, true, 0, NULL, NULL, &siStartInfo, &piProcInfo))

      {

            cout << "Process creation failed to execute DashCLI" << std::endl;

      }

      else

      {

            // Wait for the process to complete execution.

            WaitForSingleObject(piProcInfo.hProcess, INFINITE);

            CloseHandle(piProcInfo.hProcess);

            CloseHandle(piProcInfo.hThread);

            cout << "DashCLI execution complete." << endl;

      }

}

int main(int argc, char* argv[])

{

      const char szArgs[] = (" -ji input_json.txt -jo output_json.txt");

      // Path to DashCLI application.

      const char szAppPath[] = ("C:\\Program Files (x86)\\DASH CLI 3.0\\bin\\dashcli.exe");

      cout << "Running DashCLI with JIJO" << endl;

      RunDashCLIWithJiJO(szAppPath, szArgs);

      return 0;

} 

Step 7: In step 6, to call function “RunDashCLIWithJiJO”, DASHCLI argument expects the input JSON file which is input_json.txt to be present in the working directory if the sample application is running from Visual Studio or to be present in the exe path if the application is running from the command line.

Step 8: Put the following JSON test in input_json.txt file:

{"h":"HP705G1","u":"AdminUserName","P":"AdminPassword","Commands":["discover"]}

Step 9: Run the “JiJoApp.exe” application from the console.

Step 10: Check the content of the “output_json.txt” file using “type” command on the console as shown in the above command. Output_json.txt file will contain the output of DASHCLI for the commands in input_json.txt.

Other Commands:

Discover Info through DashCLI JiJO

This is to discover the given host and get the list of security profiles supported by the dash target system.

Update the input_json.txt with discover and info commands as below

{"h":"HP705G1","u":"adminUserName","P":"adminPassword","Commands":["discover","info"]}

Repeat Step 9 & 10. Output will be stored in json format in output_json.txt. This contains the discovery information under info tag and security profiles under SecurityProfile tag as show in the below snapshot.

Power Status through DashCLI JiJO

This is to get the current power status of a dash target system.

Update the input_json.txt with power status commands as below

{"h":"HP705G1","u":"adminUserName","P":"adminPassword","t":"computersystem[0]","Commands":["power","status"]}

Repeat above steps 9 & 10, output will be stored in the output_json.txt which contains the current power status of the dash system. Power status will be in shown in the PowerState tag.

Change Power Status through DashCLI JDO

This is to change the power status of a dash target system.

Update the input_json.txt with power and available state commands as below

{"h":"HP705G1","u":"adminUserName","P":"adminPassword","Commands":["power","sleep"]}

Output will contain the power change status of the dash system. ErrorCode tag will contain the status of the power operation 0 if power operation is successful. ErrorMessage will contain more information on the status of the operation as shown below

In this blog, DASH Discovery is illustrated. Similarly, other DASH profiles can be accessed by the application by framing the required JSON request. See the ‘DASH CLI Developer Guide’ for JSON format for other supported DASH profiles.

Attachments:

• JDOApp solution
• JiJoApp solution

For any further query, drop a note below or contact via mail dashsupport@amd.com

Reference:

• DASH CLI Developer Guide (Available in DASH CLI installation folder: “C:\Program Files (x86)\DASH CLI 3.0\docs\”)

Useful links:

• DASH CLI download: amd.com/DASH
• DMTF DASH: https://www.dmtf.org/standards/dash
• DMTF Redfish: https://www.dmtf.org/standards/redfish
• JSON: https://www.json.org/

Related Blogs:

• Blog on Adding DASH to any C#(.Net) Application. - Illustration of Discovery
• Blog on Adding DASH to any Python Application. - Illustration of Enumerate ComputerSystem
• Blog on Adding DASH to any Windows PowerShell Application. - Illustration of KVM Redirection

A new release of DASH CLI 3.0 is now available.

The DASH CLI is a command line application used to perform out of band management tasks (power management, asset inventory, alerts, etc.) using DMTF DASH specifications.

New features in 3.0 release are:

• Improved security and application performance
• Support for enumeration for the following DASH profiles:
  • Indicator LED
  • IP Configuration
  • Media Redirection
  • PCI Device
  • Physical Computer System View
  • Platform Watchdog
  • Service Processor
• Support for ‘Next Single Use Boot’ configuration in Boot Control Profile

The release note is attached, which provide more information on this release and the history of releases. 

Visit www.amd.com/DASH to download the latest software. 

For any queries, write a mail to dashsupport@amd.com

A new release of AMD Management Console, AMC 6.0 is now available.

AMC is a GUI based DASH manageability application for small business environments, capable of monitoring and managing DMTF’s DASH-compliant client computer systems.

New features in 6.0 release are:

• Added additional inventory DASH Profile to the following profiles - PCI Device, Physical Computer System View, Indicator LED, IP Configuration, Platform Watchdog & Media Redirection
• Upgraded the following libraries - CPP Rest SDK, OpenSSL, JSON CPP, SSH.net
• Fix for multiple bugs and performance improvement.
• Support for ‘Next Single Use Boot’ configuration in Boot Control Profile

The release note is attached, which provide more information on this release and the history of releases.

Visit www.amd.com/DASH to download the latest software.

For any queries, write a mail to dashsupport@amd.com

A new release of AMD Management Plugin for SCCM, AMPS 5.0 is now available.

AMPS is a GUI plugin for Microsoft Endpoint Configuration Manager based to enable monitoring and managing of DMTF’s DASH-compliant client computer systems.

New features in 5.0 release are:

• Added support for Realtek F Series KVM
• Fix for multiple bugs and performance improvement.
• Support for ‘Next Single Use Boot’ configuration in Boot Control Profile

The release note is attached, which provide more information on this release and the history of releases.

Visit www.amd.com/DASH to download the latest software.

For any queries, write a mail to dashsupport@amd.com

Hi,

I have a very hard time with AMD Dash on our fleet of HP Elitedesk 705 G4 MT. When testing them in isolation DASH was always listening on port 623 after defined static IP address using Realtek RealManage Agent. However, doing exactly the same steps on our production subnet only one out of ten machines is listening on port 623. Some of them would listen to only briefly after initial setup and stop after shutdown, others won't listen at all. I've checked options like Wake On Lan, power saving, even updated BIOS to version 2.13, but nothing. Another very annoying option is that password can't be longer than 14 characters but Realtek RealManage Agent won't stop you from doing it and I've managed to break DASH on few machines where they do listen but I can't log in as credentials are wrong. The password is long but super easy so there is no way I've typed it wrong on three different machines, twice. So two questions really:

1. Does anyone know why on HP EliteDesk AMD Dash might not start listening on a port when enabled? It's 100% enable as otherwise, you won't be able to access Realtek RealManage Agent to even set it up.

2. Does anyone know a way to factory reset username/password?

Thanks