Disabling/Enabling Access to the Hardware
NVIDIA Docs Hub  NVIDIA Firmware Tools (MFT) Documentation v4.23.0  Disabling/Enabling Access to the Hardware

On This Page

The secure host feature enables ConnectX family devices to block access to its internal hardware registers. The hardware access in this mode is allowed only if a correct 64 bits key is provided.

Warning

The secure host feature requires a MLNX_OFED driver installed on the machine.

4th Generation Devices

To disable/enable access to the hardware:

  1. Set the key:

    Copy
    Copied!
                
    
            
    # flint -d /dev/mst/mt4099_pci_cr0 set_key 22062011
Setting the HW Key - OK
Restoring signature - OK

    Warning

    A driver restart is required to activate the new key.

  2. Access the HW while HW access is disabled:

    Copy
    Copied!
                
    
            
    # flint -d /dev/mst/mt4099_pci_cr0 q
E- Cannot open /dev/mst/mt4099_pci_cr0: HW access is disabled on the device.
E- Run "flint -d /dev/mst/mt4099_pci_cr0 hw_access enable" in order to enable HW access.

  3. Enable HW access:

    Copy
    Copied!
                
    
            
    # flint -d /dev/mst/mt4099_pci_cr0 hw_access enable
Enter Key: ********

  4. Disable HW access:

    Copy
    Copied!
                
    
            
    # flint -d /dev/mst/mt4099_pci_cr0 hw_access disable

    Important

    WARNING:
    1. Once a hardware access key is set, the hardware can be accessed only after the correct key is provided.
    2. If a key is lost, there is no way to recover it using the tool. The only way to recover from a lost key is to:
    • Connect the flash-not-present jumper on the card
    • Boot in "flash recovery" mode
    • Re-burn FW
    • Re-set the HW access key
    For further details, please refer to Secure Host.

5th Generation Devices

Secure Host can be enabled on 5th generation devices in one of the following manners:

  1. Set the key:

    Copy
    Copied!
                
    
            
    # flint -d /dev/mst/mt4115_pciconf0 set_key 18022018
-I- Secure Host was enabled successfully on the device.

  2. Disable HW access:

    Copy
    Copied!
                
    
            
    # flint -d /dev/mst/mt4115_pciconf0 hw_access disable 18022018
-I- Secure Host was enabled successfully on the device.

    If the key was not provided in the command line, an interactive shell will ask for it, and verifying it:

    Copy
    Copied!
                
    
            
    # flint -d /dev/mst/mt4115_pciconf0 set_key
Enter Key : ********
Verify Key : ********
-I- Secure Host was enabled successfully on the device.

Or

  1. Disable the Secure Host (Enable HW access):

    Copy
    Copied!
                
    
            
    # flint -d /dev/mst/mt4115_pciconf0 hw_access enable 18022018
-I- The Secure Host was disabled successfully on the device.
And the same as previous, providing the key can be done in interactive shell:
# flint -d /dev/mst/mt4115_pciconf0 hw_access enable
Enter Key : ********
-I- The Secure Host was disabled successfully on the device.

© Copyright 2023, NVIDIA. Last updated on Oct 12, 2023.