NVIDIA BlueField Platform Software Troubleshooting Guide
NVIDIA Docs Hub  NVIDIA Networking  BlueField DPUs / SuperNICs & DOCA  NVIDIA BlueField Platform Software Troubleshooting Guide  DOCA App Shield
Download PDF

On This Page

DOCA App Shield

Preface

This guide is intended for DOCA App Shield users and customers. Make sure to read the DOCA App Shield Programming Guide before proceeding.

Command Cheat Sheet

Command

Description

dpu> mlxconfig -d /dev/mst/mt41686_pciconf0 s PF_BAR2_SIZE=2 PF_BAR2_ENABLE=1

Configure BAR2

dpu> mlxconfig -d /dev/mst/mt41686_pciconf0 s NVME_EMULATION_ENABLE=1 SRIOV_EN=1

If the target is a virtual machine (VM), enable NVMe-emulation and SR-IOV (to work with VFs)

dpu> mlxconfig -d /dev/mst/mt41686_pciconf0 s NUM_OF_VFS=<wanted number>

If the target is a VM, configuring the number of VFs

Note

Make sure to perform a "BlueField System-level Reset" or reboot the machine after changing any firmware configuration.

Logging and Counters

Best practices for logging and tracing is documented in the "Debuggability" page of DOCA documentation.

Debug Info Package

N/A

Scenarios

This section addresses common issues that developers and users might face, along with step-by-step solutions.

doca_apsh_system_start fails with DOCA_ERROR_INITIALIZATION

A DOCA_ERROR_INITIALIZATION error occurs when App Shield cannot locate the main kernel module in host memory. Possible causes and solutions:

Possible Cause

Solution

DMA device lacks DMA capability

Verify that the configured DMA device supports DMA capabilities. For detailed information, consult the "Device Discovery" section under the NVIDIA DOCA Core Programming Guide.

Device representor not connected to target

Ensure that the VF associated with the device representor is correctly attached to the VM or host

Memory regions/symbols file mismatch

Regenerate the input files to match the target machine

OS type mismatch

Confirm that the VF is properly connected to the target machine and that the OS type configuration is accurate


doca_apsh_attestation_get Fails

Possible Cause

Solution

Corrupted hash zip file

Ensure that the provided file is a valid .zip file


doca_apsh_attestation_get Succeeds but Attestation Immediately Fails (PAGES_PRESENT != MATCHING_HASHES)

Possible Cause

Solution

Outdated hash zip file

This issue can occur if there has been an update to the executable file or one of the loaded libraries. To resolve this issue, regenerate the hash zip file to reflect the latest updates.

Process loads libraries "on the fly"

In some cases, the configuration tool may miss libraries that have not been loaded at the time of the zip file creation. If the process loads libraries dynamically, manually add these libraries to the zip file.
© Copyright 2025, NVIDIA. Last updated on Jul 17, 2025.
content here