image image image image image

On This Page

This is an internal USB connection which provides RShim connectivity between the BMC and NVIDIA® BlueField®.

Provides Network Connection from BMC to BlueField DPU

By default, the BMC and BlueField interfaces are configured as follows:


BMCBlueField
Interface Name"tmfifo_net0""tmfifo_net0"
MAC Address00:1A:CA:FF:FF:0200:1A:CA:FF:FF:01
IP Address192.168.100.1192.168.100.2

Pushing BFB from BMC to BlueField Arm

To update the software on the BlueField Arm cores, the DPU must be booted up without mounting the eMMC flash device. This requires an external boot flow where a BFB (which includes ATF, UEFI, Linux kernel, and initramfs) is pushed from an external host via USB or PCIe. On BlueField DPUs with an integrated BMC, the USB interface is internally connected to the BMC and is enabled by default. Therefore, you must verify that the RShim driver is running on the BMC. This provides the ability to push a bootstream over the USB interface to perform an external boot.

Changing Default Credentials Using bf.cfg

Ubuntu users are prompted to change the default password (ubuntu) for the default user (ubuntu) upon first login. Logging in will not be possible even if the login prompt appears until all services are up ("DPU is ready" message appears in /dev/rshim0/misc).

Attempting to log in before all services are up prints the following message: "Permission denied, please try again."

Alternatively, Ubuntu users can provide a unique password that will be applied at the end of the BFB installation. This password would need to be defined in a bf.cfg configuration file. To set the password for the ubuntu user:

  1. Create password hash. Run:

    # openssl passwd -1
Password:
Verifying - Password:
$1$3B0RIrfX$TlHry93NFUJzg3Nya00rE1

  2. Add the password hash in quotes to the bf.cfg file:

    # vim bf.cfg
ubuntu_PASSWORD='$1$3B0RIrfX$TlHry93NFUJzg3Nya00rE1'

    The bf.cfg file will be used with the bfb-install script in the following step. 

    Password policy:

    • Minimum password length – 8
    • At least one upper-case letter
    • At least one lower-case letter
    • At least one numerical character

Installing BFB

  1. Disable RShim on the host. Run on the host:

    systemctl stop rshim
systemctl disable rshim

  2. Enable RShim on the BMC. Run on the BMC shell:

    ipmitool raw 0x32 0x6a 1

  3. Verify that the RShim service is running and that the /dev/rshim0 device is present:

    ipmitool raw 0x32 0x69

    The expected output for this command is 0x01.

  4. If bf.cfg is needed as part of the boot process, run:

    cat <path-to-bfb> bf.cfg > new.bfb
  5. Since the BFB is too large to store on the BMC flash or tmpfs, the image can be written to the RShim device. This can be done by either running SCP directly or using Redfish interface.

    • SCP 

      1. Run: 

        scp <path_to_bfb> root@<bmc_ip>:/dev/rshim0/boot
    • Redfish:

      1. Establish Redfish connection session. Run the following on the host:

        export token=`curl -k -H "Content-Type: application/json" -X POST https://<bmc_ip>/login -d '{"username":"root", "password":"<password>"}' | grep token | awk '{print $2;}' | tr -d '"'`

        Where:

        • bmc_ip – BMC IP address

        • password – password of root account

      2. Confirm host identity.

        Required only during first-time setup or after BMC factory reset.

        1. Run the following on the host:

          ssh-keyscan -t ed25519 <remote_server_ip>

          Where remote_server_ip is the IP address of the server which stores the BFB file.

        2. Retrieve the remote server's public key from the second line of the response then run the following on the host:

          curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/json" -X POST -d '{"Server":"<remote_server_ip>", "KeyType":"ssh-ed25519", "Key":"<remote_server_public_key>"}' https://<bmc_ip>/redfish/v1/UpdateService/Actions/Oem/NvidiaUpdateService.AddRemoteServerPublicKey

          Where:  

          • token – session token received when establishing connection

          • remote_server_ip – remote server's IP address

          • remote_server_public_key – remote server's public key from ssh-keyscan response

          • bmc_ip – BMC IP address

      3. Run the following on the host: 

        curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/json" -X POST -d '{"TransferProtocol":"SCP", "ImageURI":"<image_uri>", "Username":"<username>", "Password":"<password>"}'  https://<bmc_ip>/redfish/v1/UpdateService/Actions/UpdateService.SimpleUpdate

        This command uses SCP for the image transfer, initiates a soft reset on the BlueField and then pushes the boot stream. For Ubuntu BFBs, the eMMC is flashed automatically once the bootstream is pushed. On success, a "running" message is received with the current task ID.

        Where:

        • token – session token received when establishing connection

        • image_uri – the image URI format should be <remote_server_ip>/<path_to_bfb>

        • username – username on the remote server

        • password – user password on the remote server

        • bmc_ip – BMC IP addressFor example:

          • If RShim is disabled: 

            {
  "error": {
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_1_1.Message",
        "Message": "The requested resource of type Target named '/dev/rshim0/boot' was not found.",
        "MessageArgs": [
          "Target",
          "/dev/rshim0/boot"
        ],
        "MessageId": "Base.1.15.0.ResourceNotFound",
        "MessageSeverity": "Critical",
        "Resolution": "Provide a valid resource identifier and resubmit the request."
      }
    ],
    "code": "Base.1.15.0.ResourceNotFound",
    "message": "The requested resource of type Target named '/dev/rshim0/boot' was not found."
}

          • If a username or a password is missing:

            {
  "error": {
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_1_1.Message",
        "Message": "The value '' for the parameter username/password in the action UpdateService.SimpleUpdate is of a different type than the parameter can accept.",
        "MessageArgs": [
          "",
          "username",
          "UpdateService.SimpleUpdate"
        ],
        "MessageId": "Base.1.15.0.ActionParameterValueTypeError",
        "MessageSeverity": "Warning",
        "Resolution": "Correct the value for the parameter in the request body and resubmit the request if the operation failed."
      }
    ],
    "code": "Base.1.15.0.ActionParameterValueTypeError",
    "message": "The value '' for the parameter username in the action UpdateService.SimpleUpdate is of a different type than the parameter can accept."
  }

          • If the request is valid and a task is created: 

            {
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_1_1.Message",
      "Message": "The request completed successfully.",
      "MessageArgs": [],
      "MessageId": "Base.1.15.0.Success",
      "MessageSeverity": "OK",
      "Resolution": "None"
    }
  ],
  "@odata.id": "/redfish/v1/TaskService/Tasks/<task_id>",
  "@odata.type": "#Task.v1_4_3.Task",
  "Id": "<task_id>",
  "TaskState": "Running",
  "TaskStatus": "OK"
}

      4. Track secure image transfer progress. Run the following on the host:

        curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/TaskService/Tasks/<task_id>

        During the transfer, the PercentComplete value remains at 0. If no errors occur, the TaskState is set to Running, and a keep-alive message is generated every 5 minutes with the content "Transfer is still in progress (X minutes elapsed). Please wait". Once the transfer is completed, the PercentComplete is set to 100, and the TaskState is updated to Completed.

        Upon failure, a message is generated with the relevant resolution.

        Where:

        • token – session token received when establishing connection

        • bmc_ip – BMC IP address

        • task_id – task IDFor example:

          • If host identity is not confirmed: 

            {
      "@odata.type": "#MessageRegistry.v1_4_1.MessageRegistry",
      "Message": "Transfer of image '<file_name>' to '/dev/rshim0/boot' failed.",
      "MessageArgs": [
        "<file_name>,
        "/dev/rshim0/boot"
      ],
      "MessageId": "Update.1.0.TransferFailed",
      "Resolution": "Host is unknown: Please add host public key using AddRemoteServerPublicKey",
      "Severity": "Critical"
    }
…
"PercentComplete": 0,
  "StartTime": "<start_time>",
  "TaskMonitor": "/redfish/v1/TaskService/Tasks/<task_id>/Monitor",
  "TaskState": "Exception",
  "TaskStatus": "Critical"

          • If SCP fails: 

            {
        "@odata.type": "#MessageRegistry.v1_4_1.MessageRegistry",
        "Message": "Transfer of image '<file_name>' to '/dev/rshim0/boot' failed.",
        "MessageArgs": [
          "<file_name>",
          "/dev/rshim0/boot"
        ],
        "MessageId": "Update.1.0.TransferFailed",
        "Resolution": "Failed to launch SCP",
        "Severity": "Critical"
      }
….
"PercentComplete": 0,
  "StartTime": "<start_time>",
  "TaskMonitor": "/redfish/v1/TaskService/Tasks/<task_id>/Monitor",
  "TaskState": "Exception",
  "TaskStatus": "Critical"

          • The keep-alive message: 

            {
      "@odata.type": "#MessageRegistry.v1_4_1.MessageRegistry",
      "Message": " <file_name>' is being transferred to '/dev/rshim0/boot'.",
      "MessageArgs": [
        " <file_name>",
        "/dev/rshim0/boot"
      ],
      "MessageId": "Update.1.0.TransferringToComponent",
      "Resolution": "Transfer is still in progress (5 minutes passed): Please wait",
      "Severity": "OK"
    }
…
"PercentComplete": 0,
  "StartTime": "<start_time>",
  "TaskMonitor": "/redfish/v1/TaskService/Tasks/<task_id>/Monitor",
  "TaskState": "Running",
  "TaskStatus": "OK"

          • Upon success: 

            {
      "@odata.type": "#MessageRegistry.v1_4_1.MessageRegistry",
      "Message": "Device 'DPU' successfully updated with image '<file_name>'.",
      "MessageArgs": [
        "DPU",
        "<file_name>"
      ],
      "MessageId": "Update.1.0.UpdateSuccessful",
      "Resolution": "None",
      "Severity": "OK"
    },
…
"PercentComplete": 100,
  "StartTime": "<start_time>",
  "TaskMonitor": "/redfish/v1/TaskService/Tasks/<task_id>/Monitor",
  "TaskState": "Completed",
  "TaskStatus": "OK"