1.
Setting a “Public Keys” Section in a Binary Image File
To override the public keys section in a given binary image file, use set_public_key.
# mstflint -i /tmp/image.bin set_public_keys public_key.bin
Setting a "Forbidden Versions" Section in a Binary Image File
To override the forbidden versions section in a given binary image file, useset_forbidden_versions.
# mstflint -i /tmp/image.bin set_forbidden_versions forbidden_versions.bin
Secure Firmware Implications on Burning Tools
When Secure Firmware is enabled, the mstflint output slightly changes due to the differences in
theunderlying NIC accessing methods. Some functionalities may be restricted according to
thedevice security level.
mstflint query under secure mode:
# mstflint -d 41:00.0 q
Image type: FS3
FW Version: 12.19.2278
FW Release Date: 7.6.2017
Description: UID GuidsNumber
Base GUID: 7cfe90030029205e 4
Base MAC: 00007cfe9029205e 4
Image VSD:
Device VSD:
PSID: MT_2190110032
Security Attributes: secure-fw, dev
In secure firmware, a firmware update will be successful if an image is signed with a valid key that
is recognized by the running firmware on the chip. for more information, please refer toSigning
Binary Image Files.If the security type permits legacy flash access commands, the --no_fw_ctrl flag
can be used tocommand the mstflint to work in the non firmware controlled mode. This means that
all the non-securefunctionality will be supported using this flag, and the burn flow will work
withoutrequiring a signed image.Example:
# mstflint -d 41:00.0 --no_fw_ctrl q
Image type: FS3
FW Version: 12.19.2096
FW Release Date: 26.3.2017
Description: UID GuidsNumber
Base GUID: 248a07030094050c 4
Base MAC: 0000248a0794050c 4
Image VSD:
Device VSD:
PSID: MT_2170110021
Re-Signing a Binary Image File
The following procedure is intended to be implemented by customers who want to use their keys to
sign a secured firmware.
Set the public keys in a given firmware image:
Unavailable information is reported as N/A.
To Next Page
Loading...
Need help?
General