DOCA App Shield
This guide is intended for DOCA App Shield users and customers. Make sure to read the DOCA App Shield Programming Guide before proceeding.
Command | Description |
| Configure BAR2 |
| If the target is a virtual machine (VM), enable NVMe-emulation and SR-IOV (to work with VFs) |
| If the target is a VM, configuring the number of VFs |
Make sure to perform a "BlueField System-level Reset" or reboot the machine after changing any firmware configuration.
Best practices for logging and tracing is documented in the "Debuggability" page of DOCA documentation.
This section addresses common issues that developers and users might face, along with step-by-step solutions.
doca_apsh_system_start fails with DOCA_ERROR_INITIALIZATION
A DOCA_ERROR_INITIALIZATION
error occurs when App Shield cannot locate the main kernel module in host memory. Possible causes and solutions:
Possible Cause | Solution |
DMA device lacks DMA capability | Verify that the configured DMA device supports DMA capabilities. For detailed information, consult the "Device Discovery" section under the NVIDIA DOCA Core Programming Guide. |
Device representor not connected to target | Ensure that the VF associated with the device representor is correctly attached to the VM or host |
Memory regions/symbols file mismatch | Regenerate the input files to match the target machine |
OS type mismatch | Confirm that the VF is properly connected to the target machine and that the OS type configuration is accurate |
doca_apsh_attestation_get Fails
Possible Cause | Solution |
Corrupted hash zip file | Ensure that the provided file is a valid |
doca_apsh_attestation_get Succeeds but Attestation Immediately Fails (PAGES_PRESENT != MATCHING_HASHES)
Possible Cause | Solution |
Outdated hash zip file | This issue can occur if there has been an update to the executable file or one of the loaded libraries. To resolve this issue, regenerate the hash zip file to reflect the latest updates. |
Process loads libraries "on the fly" | In some cases, the configuration tool may miss libraries that have not been loaded at the time of the zip file creation. If the process loads libraries dynamically, manually add these libraries to the zip file. |