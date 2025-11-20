NVIDIA BlueField BSP v4.13.0
UEFI Menu

Unified Extensible Firmware Interface (UEFI) is l ow-level firmware that is part of the NVIDIA® BlueField® bootloader stack. UEFI acts as an interface between the BlueField's Arm-trusted firmware (ATF) bootloader and the OS.

The UEFI specification is available at UEFI.org.

UEFI provides a menu which supports certain configuration options. This section lists and describes configurations supported from the UEFI Device Manager menu.

For more complete information beyond the Device Manager menu option, please refer to the NVIDIA Networking Server-Side Documentation of Flexboot & UEFI > User Manual > User Interface > HII (UEFI) System Settings Configuration Options.

Most of these menu items are also configurable via Redfish (when enabled).

Accessing the UEFI Menu

To access the UEFI menu, users must have a connection to the BlueField console either through a UART serial port or the virtual RShim console device. The console should be configured to 115200 8N1. The UEFI's UI window size is 80 columns and 25 rows. Configure your terminal size accordingly.

UEFI's UI uses a legacy character encoding, CP437 (code page 437), to ensure most compatibility. Configure your terminal to use this code page to show the table borders properly.

The following is an example for how to configure this properly in putty:

image-2024-10-17_14-28-31-version-1-modificationdate-1763664142363-api-v2.png

To enter the UEFI menu, hit the Esc key twice when prompted during the normal boot sequence:

image-2024-10-17_14-7-56-version-1-modificationdate-1763664141032-api-v2.png

All BlueField platforms ship with a default UEFI menu password, bluefield. If the password is set to bluefield when you enter the UEFI menu, users are prompted to change it.

NVIDIA strongly recommends all DPUs have their UEFI password set to a non-default value. This can be done using the UEFI menu or Redfish.

Front Page

image-2024-10-17_14-16-22-version-1-modificationdate-1763664141380-api-v2.png

There are three main menu items in the front page:

  • Device Manager

  • Boot Manager

  • Boot Maintenance Manager

The rest of this page focuses on Device Manager.

Device Manager

image-2024-10-17_14-29-35-version-1-modificationdate-1763664142712-api-v2.png

System Configuration

Lists different system configuration options.

Some configuration options may require a system reset to take effect.

image-2024-10-17_14-30-49-version-1-modificationdate-1763664143059-api-v2.png

To change the configuration of any of these BIOS attributes using Redfish, refer to section "Changing BIOS Attributes Value" in the BMC Software User Manual.

Menu Option

Description

Set Password

Set the system password.

Set the UEFI password. All BlueField Platforms ship with a default UEFI menu password, bluefield. If the password is set to bluefield when you enter the UEFI menu, users are prompted to change it.

NVIDIA strongly recommends all DPUs have their UEFI password set to a non-default value. This can be done using the UEFI menu or Redfish.

Select SPCR UART

Choose UART for serial port console redirection [<Disabled>|<UART Port 0> | <UART Port 1>].

Users may set the SPCR table (ACPI) to point to UART0, UART1, or disable the feature. The OS can reference this table to steer serial output. For example, Linux uses this table for its earlycon feature.

Leave this attribute to its default if you are not certain how to configure it, or you may destabilize your system.

Enable SMMU

Enable/disable the SMMU.

BlueField Platforms have an integrated SMMU on the SoC. Users may enable or disable this unit. Enabling it can make the system more secure but, with certain network flows, the enabled SMMU could cause performance issues.

Warning

Disable SPMI

Enable/disable ACPI server platform management interface table.

Allows users to enable/disable the ACPI SPMI table. This table instructs the OS on what interface/device to use for the IPMI SSIF.

Warning

Enable 2nd eMMC

Enable/disable the second eMMC.

Some legacy BlueField systems have 2 eMMC devices. This feature has been discontinued.

Warning

Boot Partition Protection

Enable/disable the eMMC boot partition protection. Takes effect after reboot.

There are 2 logical "boot partitions" on the eMMC device used to store ATF/UEFI code. These are referred to as the primary/secondary boot partitions. Users can write-protect these partitions using this attribute.

These are separate devices from the flash storage used by the OS (for file systems). They do not contain file systems and are only used for storing binary boot code on raw flash. Do not confuse an eMMC boot partition with an EFI System Partition (ESP) used to store boot loaders and OS images on a FAT32 file system.

If secure boot is enabled, these partitions are write-protected by default.

This menu option is not currently supported for BlueField-3.

Disable PCIe

Enable/disable PCIe root complex.

Normally, UEFI enumerates the PCIe bus during the boot process and reports this information to the OS via the ACPI SSDT table. If this attribute is disabled, UEFI does not populate the SSDT with the PCIe root complex information, so the OS does not have visibility to devices on the PCIe bus.

Note

Enable OP-TEE

Enable/disable support for trusted execution environment.

Do not enable this feature. More information will be provided in future releases.

Disable TMFF

Enable/disable the BlueField-specific ACPI TMFIFO table.

This can be used by some OSes to perform console/debugging over the BlueField TMFIFO interface. It can override the SPCR table.

Warning

Disable HEST

Disable OS error handling via HEST (hardware error source table).

HEST is a mechanism for reporting hardware errors (e.g., CPU errors, memory errors, PCIe errors) to the OS.

By default, this option is disabled (i.e., HEST is enabled) so the OS can handle hardware errors more gracefully by either logging them or taking corrective action.

When this option is checked and HEST is disabled, the BIOS (ATF/UEFI) is immediately involved when hardware errors happen, potentially preventing undesired error propagation.

Warning

Disable ForcePxe Retry

If enabled, PXE boot option entries are attempted only once instead of retrying them in a loop when "ForcePxe" is requested via IPMI interface

Field Mode

Disable/enable NIC BMC field mode.

Allows users to enable/disable NIC BMC field mode. When the NIC BMC has field mode enabled, most of its functionality is disabled (beyond the serial console). The BlueField Platform's OOB interface will also not be functional if field mode is enabled.

Leave this attribute to its default unless you are certain you wish to enable field mode on the NIC BMC. Consult the DPU BMC user manual for more information on field mode.

Set RTC

Allows users to set the time and date for the real-time clock.

BlueField Modes

  • Internal CPU Model: [<Separated>|<Embedded>]

  • Host Privilege Level: [<Restricted>|<Privileged>]

  • NIC Mode – sets the BlueField to operate in either NIC mode or DPU mode

Note

Any change to this attribute requires device reset to take effect.

Redfish Configuration

Enable/disable Redfish support. If UEFI is unable to discover a Redfish server, it reverts to using the defined UEFI boot options (i.e., the "normal" UEFI boot sequence). Disabling Redfish helps improve boot time as the Redfish server discovery process is skipped.

Disabling Redfish in the UEFI menu disables the Redfish client in UEFI. However, users can still interact with BMC Redfish server. Any request sent to the BMC Redfish server when the UEFI Redfish client is disabled would be cached by the BMC server until the UEFI Redfish client is re-enabled to process the pending requests.

BMC Redfish server clears the pending cached request if BMC is factory reset or power cycled.

The RTCSync option syncs RTC time with Redfish time under the Manager schema.

Password Settings

  • Default Password Policy – mandates the password being set adheres to the new policy of 12 characters minimum and 64 characters maximum. The last 5 passwords cannot be reused.

  • Set Legacy Password – set password with legacy password policy to accommodate a UEFI firmware downgrade. The new password policy (default) is not compatible with older versions of UEFI firmware.

Reset EFI Variables

This action clears all EFI variables to factory default state. Reset the device to take effect.

Only reset the EFI variable store under the advice of NVIDIA Enterprise Support. Resetting the EFI variable store deletes all UEFI variables including the boot options and the system may not boot without setting new boot options.

EmmcWipe

Clears the eMMC disk. The action is immutable and all data on eMMC is lost after it is performed.

This action is logged in the RShim log.

NvmeWipe

Clears the NVMe SSD. This action is immutable and all data on NVMe SSD is lost after it is performed.

This action is logged in the RShim log.

Large ICMC size

Set the large ICMC size in hex and MB. Valid value: 0-100000h in 80h increments.

This menu option is only relevant for BlueField-3 platforms.

Enable DDR 5600

Enable/disable DDR max speed of 5600 MT/s.

This menu option is only relevant for B3220 BlueField-3 devices which have a default speed of 5200 MT/s. This speed can be increased to 5600 MT/s provided the hardware can support it, which is indicated via the fuse bits. Other BlueField SKUs are automatically fixed at 5600 MT/s irrespective of this setting and cannot be reduced to 5200 MT/s.

L3 Cache Partition

Set the L3 cache partition level to allocate part of the L3 cache for the NIC and others for the BlueField-3 Arm core. The customer-selectable L3 cache partition to be allocated for the NIC can be selected from the following percentage levels:

L3 Cache Level #

L3 Cache Percentage for NIC

0 (default)

0% (default)

1

12.5%

2

25%

3

37.5%

4

50%

5

62.5%

6

75%

7

87.5%

Do not enable this feature. More information will be provided in future software releases.

Secure Boot Configuration

Please refer to section "Arm OS Secure Boot (Configured from UEFI)" for more information.

RAM Disk Configuration

Provides option to create/delete RAM disks.

image-2024-10-17_14-32-27-version-1-modificationdate-1763664143398-api-v2.png

Tls Auth Configuration

Provides configuration (enroll/delete) of TLS auth certificates for HTTPS traffic in UEFI.

If TLS Auth certificate is configured then all HTTPS traffic on all network interfaces will be verified. UEFI only supports Server CA configuration, Client CA configuration is currently not supported.

image-2024-10-17_14-33-2-version-1-modificationdate-1763664143736-api-v2.png

image-2024-10-17_14-33-21-version-1-modificationdate-1763664144038-api-v2.png

iSCSI Configuration

Provides configuration options for iSCSI.

image-2024-10-17_14-34-24-version-1-modificationdate-1763664144345-api-v2.png

Network Device List

Lists the MAC addresses of the available network interfaces in UEFI.

image-2024-10-17_14-40-45-version-1-modificationdate-1763664144700-api-v2.png

Users can find more information (Link status, Link speed, PCI ID, Link type, etc.) on each interface upon selection. Users can also configure the interfaces (IPv4, IPv6, VLAN, HTTP BOOT) as needed.

image-2024-10-17_14-41-10-version-1-modificationdate-1763664145073-api-v2.png

The following menu can be reached by selecting the Nvidia Network Adapter - <mac-address> menu options:

image-2024-10-17_14-43-14-version-1-modificationdate-1763664145418-api-v2.png

