Security Hardening Enhancements: This release contains important reliability improvements and security hardening enhancements. NVIDIA recommends upgrading your devices firmware to this release to improve the devices’ firmware security and reliability.
When upgrading or changing the configuration on multi-host adapter cards, for the changes to take effect, PCIe restart must be simultaneously sent from both hosts (servers).
To do so, perform the following:
1. Shut down the server with the auxiliary card.
2. Shut down the server with the primary card.
3. Bring back the server with the primary card.
4. Bring back the server with the auxiliary card.
SR-IOV - Virtual Functions (VF) per Port - The maximum Virtual Functions (VF) per port is 127. For further information, see RoCE Limitations.
It is recommended to enable the “above 4G decoding” BIOS setting for features that require large amount of PCIe resources.
Such features are: SR-IOV with numerous VFs, PCIe Emulated Switch, and Large BAR Requests.
Changes and New Feature in this Firmware Version
|GMP Classes||Added support for blocking unwanted GMP classes by dedicated MADs.|
Added a new NvConfig parameter
The default value is 2^17.
|Congestion Control Key|
Added a Congestion Control Key to all Congestion Control MADs to authenticate that they are originated from a trusted source.
Added an SMP firewall to block the option of sending SMPs (MADS sent on QP0 from the Subnet Manager) from unauthorized hosts to prevent fake SMPs from being recognized as the SM.
|Vendor Specific MADs: Class 0x9||Vendor Specific MADs Class 0x9 is no longer supported by the firmware. If case the firmware detects such MAD, the firmware will return a "NOT SUPPORTED" error to the user.|
|TLS/XTS/Signature Padding||Blocked the VF's ability to use both padding and signature in order to prevent the NIC from hanging.|
|Asserts' Severity Level|
Added 3 new assert filters (Health buffer, NVlog, FW trace). The assert will be exposed now if its severity level is equal to or above the new filter.
The filters are configurable by the ini file. The "Health buffer" filter is also configurable by new access register.
|VUID VPD Virtio|
An emulated PCI device can be hot plugged/unplugged by the DPU software stack. However, the life cycle and the state of the bare metal host system where an emulated PCI device is plugged in, is not in control of the DPU software stack.
PCI BDF may not be available in corner cases, hence, an emulation PCI device handler (VUID) is required which is predictable and stable (across emulation controller reset/restart, across DPU warm reboot). The VUID will show in PCI PF device VPD as [VU] section.
|Rate Limit per VM instead of VM-TC||Enabled Rate Limit per VM instead of VM-TC. This capability is implemented by adding support to a new Scheduling element type: rate limit elements that will connect to the rate_limit and will share its rate limit.|
|Dynamically Connected Transport (DCT) with Adaptive Routing (AR)||Performance improvements in the DCT with AR flow by exposing a hint to the software in DCI software context that indicates that RDMA WRITE on this DCI is not supported.|
|Dynamic Timeout Mechanism||Added support for dynamic timeout mechanism when in InfiniBand mode.|
|QSHR Access Register||Added support for QSHR access register to enable Set and Query rate limit per-host per-port.|
|New Software Steering ICM Resource for VXLAN Encapsulation||The firmware now exposes a new Software Steering ICM resource for VXLAN encap expand in order for the SW Steering to manage this resource directly.|
|Asymmetrical VFs per PF|
Added support for asymmetrical VFs per PF.
To enable it:
|mlxlink Support to read/write Access Registers by LID||Added 2 new MAD access registers to enable mlxlink to read/write access registers by LID (to the whole subnet).|
|VXLAN Encapsulation Expansion||Enabled the exposure of new ICM resource to the software steering for VXLAN encapsulation expansion.|