EasyManuals Logo

Nvidia MSTFLINT Documentation

Nvidia MSTFLINT
123 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #56 background imageLoading...
Page #56 background image
56
2.
3.
4.
5.
6.
Reboot the machine.
Re-burn firmware
Remove the flash-not-present jumper.
Reboot the machine
Re-set the hardware access key
mstflint: Secure Firmware Update
A “Secure firmware update” is the ability of a device to verify digital signatures of new firmware
binaries, in order to assure that only officially approved versions can be installed from the host,the
network[1] or a Board Management Controller (BMC).
The firmware of devices with “secure firmware up date” functionality (secure FW), restrictsaccess
to specific commands and registers that can be used to modify the firmware binary imageon the
flash, as well as commands that can jeopardize security in general. Most notably, thecommands and
registers for random flash access are disabled.
Secure FW verifies new binaries before activating them, compared to legacy devices where thistask
is done by the update tool using direct flash access commands. In addition to signatureverification,
secure FW also checks that the binary is designated to the same device model, thatthe new
firmware is also secured, and that the new FW version is not included in a forbiddenversions
blacklist. The firmware rejects binaries that do not match the verification criteria.
Secure FW utilizes the same ‘fail safe’ upgrade procedures, so events like power failure
duringupdate should not leave the device in an unstable state.The table below lists the impact of
secure FW update on mstflint tools.
Tool Flow Secure FW With CS Token Blocked
Commands
mstfli
nt
Burn FW Working with controlled fw
update
Working with controlled fw
update
Query Working with MCC commands Working with MCC commands
Set GUIDs Working with controlled fw
update
Working with controlled fw
update
Verify Working partially (BOOT
image)
Working partially (BOOT
image)
Set DV INFO: SET MFG,
SET VSD, VPD
Not supported in Secure FW Not supported in Secure FW MFBA
ROM OPS: BROM,
DROM
Not supported, BOOT image
modification is not supported
(MFBA)
Not supported, BOOT image
modification is not supported
(MFBA)
MFBA
"-ocr" override cache
replacement (Direct
flash GW access)
Not supported in Secure FW Not supported in Secure FW Flash GW is
blocked
Secure Firmware Update is supported only on ConnectX-4 onwards adapter cards and as of
mstflint v4.10.0-3.

Table of Contents

Other manuals for Nvidia MSTFLINT

Preview: Manual
Manual129 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Nvidia MSTFLINT and is the answer not in the manual?

Nvidia MSTFLINT Specifications

General IconGeneral
BrandNvidia
ModelMSTFLINT
CategoryTools
LanguageEnglish