Querying the Firmware Image

To query the FW image on a device, use the following command line:

# flint -d <device> q

To query the FW image in a file, use the following command line:

# flint -i <image file> q

where:

device

Device on which the query is run.

image file

Image file on which the query is run.

Examples:

  • Query the FW on the device.

    # flint -d /dev/mst/mt4099_pci_cr0 query
  • Query the FW image file.

    # flint -i 25408-2_42_5000-MCX354A-FCB_A2.bin query
  • Security Attributes field in Query output:
    This field lists the security attributes of the device’s firmware, where:

    • Secure-fw: This attribute indicates that this binary/device supports secure-firmware-updates. It means that only officially signed binaries can be loaded to the device from the host, and that the current binary is signed.

    • Signed-fw: This attribute indicates that that this binary is signed and that the device can verify digital signatures of new updates. However, unlike, secure-fw, there might still be methods to upload unsigned binaries to the device from the host.

    • debug: This attribute indicate that this binary is (or this device runs) a debug-version. Debug versions are custom made for specific data-centers or labs, and can only be installed after a corresponding debug-fw token is pushed to the device. The debug-fw-token, which is digitally signed, includes a list of the target devices MAC addresses.

    • dev: This attribute indicates that the firmware is signed with development (test) key.

  • Default Update Method" field in Query Full output:{This field reflect the method which flint will use in order to update the device. The user can enforce a different method using the –no_fw_ctrl or the –ocr flags.The default methods are:

    • Legacy: flint will use the low level flash access registers.

    • fw_ctrl: flint will operate the ‘firmware component update’ state machine.

  • Secure-boot attributes

    • Secure-boot : This attribute indicates if the device supports secure-boot

    • Life-cycle : This attribute indicates the current status of secure-boot

    • Security-version:

      • For query on image: This attribute indicates the security-version of the image.

      • For query on device:

        • “EFUSE security version”: Indicates the security version of the device

        • “Image security version”: Indicates the security version of the image on the flash

        • Programming method: Indicates when the boot will program the “EFUSE security version” to be aligned with the “image security version”.

© Copyright 2023, NVIDIA. Last updated on Oct 11, 2023.