NVIDIA BlueField BMC Software v25.04
NVIDIA Docs Hub Homepage  NVIDIA Networking  BlueField DPUs / SuperNICs & DOCA  NVIDIA BlueField BMC Software v25.04  Changes and New Features

Changes and New Features

Info

For an archive of changes and features from previous releases, please refer to "Change Log History".

Changes and New Features

  • Extended Arm-UEFI support to ensure seamless operation until BlueField BMC initialization completes
  • Added RTC battery voltage monitoring to the SDR list for enhanced system diagnostics
  • Implemented Redfish mutual authentication support for BlueField-3 platforms
  • Updated BMC FRU content to enhance backward compatibility

  • Added BMC Redfish support for remote attestation over Redfish specifically for SPDM:

    • BlueField NIC
    • CEC1736 (BMC ERoT)
  • Added support for the sensors ddr_temp and rtc_voltage under "BMC Sensor Data"

  • Security Hardening: Implemented several Linux kernel configuration changes to improve system security and activated kernel module signature. The following table summarizes key modifications:

    ParameterOld ValueNew ValueReason
    CONFIG_KEXECyesNot setEnables replacement of running kernel using kexec command.
    CONFIG_SLAB_MERGE_DEFAULTyesNot setPrevents merging similar-sized slab caches, mitigating cross-slab heap attacks
    CONFIG_SHUFFLE_PAGE_ALLOCATORNot setyesEnables randomization of the high-order page allocation freelist
    CONFIG_SECURITY_DMESG_RESTRICTNot setyesPrevents kernel memory address leakage through dmesg
    CONFIG_DEBUG_FSyesNot setDisables debugfs, reducing the kernel’s attack surface
    CONFIG_BPF_SYSCALLyesNot setDisables the bpf() syscall, restricting manipulation of BPF programs and maps
    CONFIG_USER_NSyesNot setDisables user namespaces to prevent privilege escalation via namespace exploits
    CONFIG_BUG_ON_DATA_CORRUPTIONNot setyesEnables kernel validation checks for detecting data corruption
    CONFIG_DEFAULT_MMAP_MIN_ADDR409632768Increases the minimum mmap address to mitigate kernel NULL pointer dereference exploits
    CONFIG_DEBUG_KMEMLEAKyesNot set

    Disabled due to its dependency on CONFIG_DEBUG_FS, which is also now disabled

    This parameter changed only in BlueField-2 (already not set in BlueField-3).

    Info

    Changes to the kernel configuration parameters were made in accordance with recommended security hardening practices from the Linux Kernel Self-Protection Project (KSPP), grsecurity and CLIP OS.
© Copyright 2025, NVIDIA. Last updated on Apr 7, 2026
content here