1.
a.
i.
1.
2.
3.
4.
5.
6.
7.
In secure firmware, a firmware update will be successful if an image is signed with a valid key that is
recognized by the running firmware on the chip. for more information, please refer toSigning Binary
Image Files.If the security type permits legacy flash access commands, the --no_fw_ctrl flag can be
used tocommand the mstflint to work in the non firmware controlled mode. This means that all the
non-securefunctionality will be supported using this flag, and the burn flow will work withoutrequiring
a signed image.Example:
# mstflint -d 41:00.0 --no_fw_ctrl q
Image type: FS3
FW Version: 12.19.2096
FW Release Date: 26.3.2017
Description: UID GuidsNumber
Base GUID: 248a07030094050c 4
Base MAC: 0000248a0794050c 4
Image VSD:
Device VSD:
PSID: MT_2170110021
Re-Signing a Binary Image File
The following procedure is intended to be implemented by customers who want to use their keys to
sign a secured firmware.
Set the public keys in a given firmware image:
Generate a binary file that contains 8 public keys.
You can use mstconfig command xml2bin to generate the file:
To generate 2048 bits public keys:
Run: mstconfig gen_tlvs_file output.txt.
Open the output.txt.
Go to the line starting with "file_public_key" and change the 0 to 1.
Save the file and exit.
Run: mstconfig gen_xml_template output.txt output.xml
Open the output.xml.
Duplicate the xml node "file_public_key" so the file has 8 copies, for
each node fill it as follows:
• cs_token_en = 0
• fw_en = 1
• mlnx_nvconf_en = 1
• vendor_nvconf_en = 1
• auth_type: 0x3 for 2048 bits keys and 0x4 for 4096 bits keys.
Example for public_key_exp, keypair_uuid, key:
Unavailable information is reported as N/A.
To Next Page
Loading...
Need help?
General