Virtual network interface enx of Supermicro Motherboards
On Supermicro motherboards from the X12/H12 series with RoT (Root of Trust) function, an additional, virtual network interface appears in the operating system. Under Linux, its device name is enx+MAC (e.g. enxb03af2b6059f). This article shows what this network interface is for and how it can be deactivated if necessary, using a Supermicro H12SSL motherboard.
Network interface name basics
Network interfaces that begin with enx contain the MAC address as another part of the name. For more information, see the article Predictable Network Interface Names.
Purpose of the enx network interface on Supermicro motherboards
The virtual network interface is provided via RNDIS[1] Ethernet over USB and enables certain functions for communication between the operating system and BMC.[2] If you disable this Ethernet over USB interface, you cannot perform a server firmware update over in-band using Linux or Windows utilities (Supermicro Update Manager).
RNDIS Support in Linux
RNDIS support on Linux is expected to be discontinued in the future (as of October 2023).[3] The first Linux kernel version to be affected could be kernel 6.9.[4] We will update this section as soon as we have new relevant information on future support for communication between the Linux operating system and BMC on these Supermicro systems.
Network interfaces
In this example, the interface name of the virtual network interface is enxb03af2b6059f:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 3c:ec:ef:6f:1f:3c brd ff:ff:ff:ff:ff:ff inet 10.2.2.160/24 brd 10.2.2.255 scope global dynamic noprefixroute eno1 valid_lft 25261sec preferred_lft 25261sec inet6 fe80::6880:fba7:7407:f7f7/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: eno2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000 link/ether 3c:ec:ef:6f:1f:3d brd ff:ff:ff:ff:ff:ff 7: enxb03af2b6059f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000 link/ether b0:3a:f2:b6:05:9f brd ff:ff:ff:ff:ff:ff inet 169.254.3.1/24 brd 169.254.3.255 scope link dynamic noprefixroute enxb03af2b6059f valid_lft 863543sec preferred_lft 863543sec inet6 fe80::3346:74a7:85b3:a684/64 scope link noprefixroute valid_lft forever preferred_lft forever
Disable virtual network interface
The virtual network interface can be disabled either in the BMC web interface or via the operating system.
Note: DO NOT make the following changes while in-band operations are in progress, as this will cause the operations to abort:[2]
- DO NOT change the IP address of the virtual network interface.
- Do NOT disable the virtual network interface.
Configuration BMC web interface
In the default configuration, the virtual network interface is enabled for communication between the operating system and BMC:
If you want to disable the virtual network interface, you can do so in the BMC web interface via Configuration ‣ BMC Settings ‣ Host Interface ‣ Off:
Disable via modprobe blacklist
When using Linux as the operating system, the virtual network interface can also be easily disabled by preventing the loading of the kernel module rndis_host.
To do this, simply create a file in /etc/modprobe.d/:
# echo "blacklist rndis_host" > /etc/modprobe.d/blacklist-rndis_host.conf # cat /etc/modprobe.d/blacklist-rndis_host.conf blacklist rndis_host # reboot
After the reboot, the virtual network interface is no longer active.
Command line outputs
The following outputs show the entries of the virtual network section which is provided by the rndis_host driver.
lsmod
# lsmod | grep -i rndis rndis_host 20480 0 cdc_ether 20480 1 rndis_host usbnet 45056 2 rndis_host,cdc_ether
lsusb -t
# lsusb -t /: Bus 08.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 10000M /: Bus 07.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 480M |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/5p, 480M |__ Port 1: Dev 3, If 1, Class=Human Interface Device, Driver=usbhid, 12M |__ Port 1: Dev 3, If 0, Class=Human Interface Device, Driver=usbhid, 12M |__ Port 2: Dev 7, If 0, Class=Wireless, Driver=rndis_host, 480M |__ Port 2: Dev 7, If 1, Class=CDC Data, Driver=rndis_host, 480M /: Bus 06.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 5000M /: Bus 05.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 480M /: Bus 04.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 5000M /: Bus 03.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 480M /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 10000M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 480M
lsusb -s 007:007 -v
# lsusb -s 7:7 -v Bus 007 Device 007: ID 0b1f:03ee Insyde Software Corp. Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 239 Miscellaneous Device bDeviceSubClass 2 ? bDeviceProtocol 1 Interface Association bMaxPacketSize0 64 idVendor 0x0b1f Insyde Software Corp. idProduct 0x03ee bcdDevice 3.18 iManufacturer 1 Linux 3.18.0 with ast_vhub iProduct 2 RNDIS/Ethernet Gadget iSerial 0 bNumConfigurations 2 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 75 bNumInterfaces 2 bConfigurationValue 2 iConfiguration 0 bmAttributes 0xc0 Self Powered MaxPower 2mA Interface Association: bLength 8 bDescriptorType 11 bFirstInterface 0 bInterfaceCount 2 bFunctionClass 224 Wireless bFunctionSubClass 1 Radio Frequency bFunctionProtocol 3 RNDIS iFunction 6 RNDIS Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 224 Wireless bInterfaceSubClass 1 Radio Frequency bInterfaceProtocol 3 RNDIS iInterface 4 RNDIS Communications Control ** UNRECOGNIZED: 05 24 00 10 01 ** UNRECOGNIZED: 05 24 01 00 01 ** UNRECOGNIZED: 04 24 02 00 ** UNRECOGNIZED: 05 24 06 00 01 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 9 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 10 CDC Data bInterfaceSubClass 0 Unused bInterfaceProtocol 0 iInterface 5 RNDIS Ethernet Data Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 88 bNumInterfaces 2 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xc0 Self Powered MaxPower 2mA Interface Association: bLength 8 bDescriptorType 11 bFirstInterface 0 bInterfaceCount 2 bFunctionClass 2 Communications bFunctionSubClass 6 Ethernet Networking bFunctionProtocol 0 iFunction 11 CDC ECM Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 2 Communications bInterfaceSubClass 6 Ethernet Networking bInterfaceProtocol 0 iInterface 8 CDC Ethernet Control Model (ECM) CDC Header: bcdCDC 1.10 CDC Union: bMasterInterface 0 bSlaveInterface 1 CDC Ethernet: iMacAddress 9 b03af2b6059f bmEthernetStatistics 0x00000000 wMaxSegmentSize 1514 wNumberMCFilters 0x0000 bNumberPowerFilters 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0010 1x 16 bytes bInterval 9 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 0 bInterfaceClass 10 CDC Data bInterfaceSubClass 0 Unused bInterfaceProtocol 0 iInterface 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 1 bNumEndpoints 2 bInterfaceClass 10 CDC Data bInterfaceSubClass 0 Unused bInterfaceProtocol 0 iInterface 10 CDC Ethernet Data Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Device Qualifier (for other device speed): bLength 10 bDescriptorType 6 bcdUSB 2.00 bDeviceClass 239 Miscellaneous Device bDeviceSubClass 2 ? bDeviceProtocol 1 Interface Association bMaxPacketSize0 64 bNumConfigurations 2 Device Status: 0x0001 Self Powered
References
- ↑ RNDIS (en.wikipedia.org)
- ↑ 2.0 2.1 Extra virtual LAN (RNDIS ethernet over USB) (Supermicro FAQ 32374)
- ↑ Linux To Try Again To Disable All RNDIS Protocol Drivers (www.phoronix.com, 01.10.2023)
- ↑ Linux Still Working To Disable RNDIS Drivers In 2024 (www.phoronix.com, 19.02.2024)
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|