NIC Mode Installation

The following sections detail the procedure for installing BlueField software when the BlueField networking platform (DPU or SuperNIC) is running in NIC mode.

Note

NIC mode is the default mode for BlueField SuperNICs, while BlueField DPUs are shipped with DPU mode as their default. To switch between the modes, see NVIDIA BlueField Modes of Operation. To check which mode your BlueField is currently running, see Common Configurations.

Note

In the out-of-box state of the BlueField the host is assumed to be trusted. Later in this procedure, after performing BFB Bundle update, a step is provided to disable the host RShim which the user may perform to protect the BlueField from potential security threats from the host.

Upgrade BlueField Firmware Components and BSP Using BFB Image

Upgrade the BlueField firmware components (i.e., ATF, UEFI, NIC-firmware, BlueField BMC firmware) and the BSP using the BFB image.

Tip

Make sure to download the latest bf-fwbundle image (BFB file) available from the DOCA-Host and BlueField Bundle Runtime Downloads.

This can be performed using one of the following methods:

  1. From the host x86, which should be considered as trusted during this maintenance window, follow the installation procedure here.
  2. If a DPU BMC connected to the ToR switch over 1GbE is available, follow the DPU Mode Installation procedure.
Changing UEFI and BMC Password Using bf.cfg

  • To change the UEFI password, add the current UEFI password under parameter UEFI_PASSWORD and define the new UEFI password under NEW_UEFI_PASSWORD inside the bf.cfg configuration file.

  • To change the BMC root password, add the current BMC root password under parameter BMC_PASSWORD and define the new BMC root password under NEW_BMC_PASSWORD inside the bf.cfg configuration file.

Change Mode of Operation to Zero-trust Mode

Unless it is explicitly desired for the host to be trusted, make sure to disable the host RShim to protect the BlueField from potential security threats from the host by running the following NC-SI command from the host BMC:

Set RShim State Command Format

Byte/Bit

31:24

23:16

15:8

7:0

0...15

NC-SI Header (OEM Command)

16:19

NVIDIA Manufacture ID (IANA) = 0x8119

20:23

Command rev=0x00

MLNX Cmd ID= 0x12

Parameter=0x1B

Reserved

24:27

Reserved

Host_RT_Access_State

28:31

Checksum 31:0

Set RShim State Command Parameters

Field

Bytes

Offset in NC-SI Command

Description

Host_RT_Access_State

1

27

RShim state:

  • 0 – Enabled

  • 1 – Locked

  • Other – reserved
