Sipeed NanoKVM: A RISC-V stick-on

Sipeed NanoKVM

This is the Sipeed NanoKVM. You stick it on your computer, plug in HDMI, USB, and the power button, and you get full remote control over the network—even if your computer locks up.

How did Sipeed make it so small, and so cheap? The 'full' kit above is about $50, while the cheapest competitors running PiKVM are closer to $200 and up!

This blog post is a lightly-edited transcript of the following video on my YouTube channel:

IP-KVM

The Sipeed NanoKVM is the smallest IP KVM I've ever seen. The hardware is based around the tiny postage-stamp-sized LicheeRV Nano, with a tiny RISC-V SG2002 SoC.

The extra boards added on top turn it into a KVM (Keyboard, Video and Mouse), and running over IP means you have total control over any computer or server you plug it into, over your network.

We'll get to how well it works later. But one question I get a lot is why use an IP KVM like this, at all? There's already software KVMs like Microsoft Remote Desktop, Apple's Screen Sharing, and even Raspberry Pi Connect.

Those are free and they work great.

Well, none of those work at all when your computer's locked up. Or off. Or a thousand miles away and the power just tripped and there's an error message stopping it from booting back up.

Sipeed NanoKVM on PC

An IP KVM is a separate tiny computer that runs completely independent of the computer it's controlling. High end servers typically have this built in, and it's called something like IPMI, iDRAC, or lights-out or out-of-band management. For example, the Ampere server in my rack runs OpenBMC, and I can login to it and get remote access. For sysadmins and homelabbers, it's useful to not have to walk around to all their servers to manage em.

But not every server has this built-in. Even if they do, some servers require expensive subscriptions or the vendor stops giving out security updates.

And old, unsupported remote access with full control of your servers? That's a security nightmare! Even with something newer, if you care about security, alarm bells are probably going off in your head.

If this tiny KVM can reboot your computer, go into the BIOS, and even install an OS, it's pretty dangerous to just let one of these live online, right?

Well, yeah. And that's one reason security of IP KVMs, and the NanoKVM in particular, is under a lot of scrutiny.

Security

So before we test it, let's get to the elephant in the room.

Unlike the other IP KVMs I've used before, like PiKVM, BliKVM, or TinyPilot, the NanoKVM runs its own proprietary OS.

And right now, at least, the source code isn't all open source. There's a long issue about it on GitHub, but the tl;dr? Sipeed said they won't open source the code until they either sell 10,000 units or get 2,000 stars on the repository.

Why is this important? For other KVMs, even if they ship with a proprietary OS, you can usually get PiKVM running. PiKVM is the gold standard of open source IP KVM software.

But PiKVM doesn't run on here—at least not yet.

And that's because the NanoKVM uses RISC-V. The CPU architecture is different, and some features aren't implemented the same as on the Arm CPUs used in the other KVMs.

Sipeed's working to get PiKVM built for RISC-V, but that's not ready yet, so right now, if you buy the NanoKVM, you'll likely run it with Sipeed's proprietary OS.

Why should you care? Well, some people don't, and that's fine. But since this product is made by a company in China, using a RISC-V chip and software built in China, some people get nervous about potential backdoors or security risks.

My iPhone was also made in China and runs a proprietary OS, but that OS was made by Apple, in the US. So it's a matter of trust.

But for anyone involved in open source, we trust software a lot more if we can build it ourselves.

So a wait and see approach might be best. I was concerned when one user reported security holes in an earlier build, but the community's already been reverse-engineering the build, and Sipeed's fixed many of the issues in later versions of the OS. Also, GitHub user scpcom pointed out Dell doesn't release all the code behind their iDRAC solution either!

But none of this matters at all if this hardware is a dud. Debate security in the comments, but let me show you how it works.

Testing with an SBC

Sipeed NanoKVM plugged into Lichee Pi 3A

To test the NanoKVM, I plugged it into a Lichee Pi 3A, a new SBC from Sipeed.

In the NanoKVM box (see photo at the top of this post), you get the NanoKVM itself, a little breakout board that plugs into your computer's front panel header, a USB cable to plug from that into the NanoKVM, and some jumper cables in case you need them. You have to supply your own USB-C power adapter, at least for now.

Someday they might have a PoE option too, and technically you could run it straight off your computer's USB power, but that could lead to some issues, so I'd rather power it from my own adapter.

You plug in Ethernet, HDMI, and USB, and then plug in power to the USB-C aux port on the NanoKVM. It'll boot up, grab an IP address, and display everything on the built-in OLED.

Sipeed NanoKVM OLED display

Now this is the full $40 version, there's a light version without an OLED if you don't need it. But another nice feature of the full version is this enclosure, with a handy mapping of what all the ports do, and it even has a QR code that links straight to the wiki.

But if I go to IP address in my browser, I get the NanoKVM UI.

Sipeed NanoKVM Linux UI

Right away, I can remote control the Lichee Pi, just like I was plugged straight into it, and the latency is pretty good (estimated between 80-200ms). You won't be doing remote gaming on here, but it's fine for remote controlling a server or monitoring things.

The UI for NanoKVM is all tucked inside a bar overlaying the top of the screen. There are options for things like the resolution and quality of the stream. There are features like a virtual keyboard if you're on a tablet, and that works fine. Then there are options for different cursors, and options to mount ISOs or run user scripts.

There's also direct terminal access, so you can login as root to the KVM itself and run commands on it. (You can also login via SSH, which will come in handy later.)

There are power controls, an option to send a wake on lan packet to wake up a computer on the network, and there's even a built in serial terminal.

You can connect the NanoKVM to a serial port on any device, not just the computer it's hooked up to, and control it remotely. A handy feature, but I didn't have time to test it out yet.

If you don't need to access any of these settings, you can collapse the tray, but it stays on top of your display, which could be annoying if you need to click underneath it.

There's built-in integration with Tailscale, with a guide for setting it up on the Wiki. If you use Tailscale, you can access the NanoKVM from anywhere in the world. Wireguard is also supported now. Remote access off your private network opens up its own security risks, but it's nice to have it supported up front.

Fixing bugs

I mentioned earlier, SSH would come in handy. While I was testing, a firmware update came out with improved streaming quality and a few bug fixes, so I went to install it.

I used the 'Check for Update' option, but I ran into this bug in the auto update feature. Sipeed wrote a little Python script to force-update the firmware, and it could be downloaded and run through SSH.

That worked, but that's one issue I ran into testing this thing. I also discovered my Mikrotik switches (more specifically, the SFP adapters I use) only support 1, 2.5, 5, or 10 Gbps (not 10 or 100 Mbps). The NanoKVM only supports 100 Megabits, and some newer switches don't support that.

Then, I ran into some slowdowns running through some Nvidia graphics cards, which made it unusable. And one of my PC's motherboards just wouldn't boot because of a hardware bug I ran into, which Sipeed says will be fixed in the next hardware revision.

If your computer or SBC doesn't have USB port backfeed protection, a device like this can feed in 5 volts of power, leading to strange behavior.

And the version of the NanoKVM I'm testing does backfeed 5 volts, so the Lichee Pi 3A I was testing had some weird boot issues until I unplugged USB.

Sipeed NanoKVM 5V resistor placement

There's a newer revision with a diode instead of a 0 ohm resistor, and I'll probably bodge mine with a diode there just to be safe, but that's one theme I see with this thing:

Sipeed is shipping NanoKVMs out already, but they need a little more time in the oven.

Conclusion

The idea of the NanoKVM is great. I'm used to paying at least $150 for an IP KVM, usually more. At fifty bucks, I know a lotta people will just buy one without thinking. The price is right. But it needs a little more time before it can really deliver on its promise.

I really want to recommend it. But I can't, at least not yet. If you wanna try it out in an isolated environment, go for it. You can even get a Lite version for $20 if you don't need power control!

But for anything mission-critical, I'd still recommend something like the PiKVM v4 or the BliKVM. There are a bunch of options out there now, and it's cool to see the wild ideas people come up with. Like the BliKVM PCIe runs in a PCIe slot inside your computer. Or this Pi-Cast plugs straight into a tablet or laptop, no network required.

But most of those solutions are expensive, and they're way larger. There's plenty of room in the market for the NanoKVM, so I hope it succeeds.

Comments

Since your video the price went up :) on Ali. I would like to know when I order what version of the hardware I get.

I got this also but what prevents me to move from my PiKVM is the lack of ability to copy and paste text. PiKVM has that feature and i use it alot for work and managing servers. Right this little device is just sitting in my drawer until that copy-paste feature is added.

Yeah thanks Jeff, sold out on Aliexpress now, and price went up, was about to order last week before your video but I waited too long clearly.

Until it's a fully community run FOSS project, it doesn't make sense for such a critical task, but hopefully that'll happen soon...