Changes and New Feature History

NVIDIA ConnectX-5 Adapter Cards Firmware Release Notes v16.35.3502 LTS

This section includes history of changes and new feature of 3 major releases back. For older releases history, please refer to the relevant firmware versions.




Header Modification

Added support to the metadata reg_c 8-11 (packet fields) for matching and modifying the header, and Advanced Steering Operation (ASO) actions.

INT Packets

Added support for forwarding INT packets to the user application for monitoring purposes by matching the BTH acknowledge request bit (bth_a).

Get Electrical Sensor, NC-SI

Implemented NVIDIA NC-SI OEM Commands:

  • Get Electrical Sensor Count (command 0x13, parameter 0x6)

  • Gel Electrical Sensor (command 0x13, parameter 0x7)

  • Get Electrical Sensors (command 0x13, parameter 0x8)

IPsec CPS Bulk Allocation

Improved the IPsec CPS by using bulk allocation.

For cases in which log_obj_range == 0, single IPSEC object will be allocated and initialized as before keeping backward compatibility.

For better performance, it is recommended to work with IPsec bulk allocation and to initialize IPsec ASO context not via the firmware but via the hardware using ASO WQE.


Added support for a new value for coredump_type field in DPA_PROCESS_COREDUMP, [FIRST_ERROR_THREAD_DUMP (1).].

Device Attestation

Attestation is a mechanism in which a host/platform automatically verifies the authenticity and integrity of the hardware and software state of a device. The mechanism is based on a HW RoT and utilizes SPDM messages that handle the attestation, measurement collection, and trust between device and platform BMC or platform RoT (usually host BMC). This provides the added value of increased security and assurance that the host/platform of device is not being tampered with and has the proper software running on it.

A CoRIM is comprised of one or more CoMIDs , with each CoMID providing the reference claims about hardware and firmware for a device. The CoRIM and CoMIDs are encoded in CBOR format. Signed CoRIMs use COSE signatures.

For further information, see "NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing".

QKEY Mitigation in the Kernel

Non-privileged users are now blocked by default from setting controlled/privileged QKEYs (QKEY with MSB set).

Bug Fixes

See Bug Fixes in this Firmware Version section.




Mergeable Buffer

Added mergeable buffer support (VIRTIO_NET_F_MRG_RXBUF in virtio spec) for VDPA kernel mode to improve performance in case of large MTU such as 9K. The feature is disabled by default and must be manually enabled while creating or modifying the virtio device.

Note: For best performance, it is NOT recommended to enable the feature if the VDPA MTU is set to the default value (1500).

Monitoring Cloud Guest RoCE Statistics on Cloud Provider

This new capability enables the VM to track and limit its Vport's activity. This is done using the new q_counters counter which enables aggregation of other Vport's from PF GVMI.

Linux Bridge Offload

Added a flow rule that enables offloading of multicast traffic by broadcasting it to multi-Flow-Table in FDB.

Selective Repeat

Selective repeat improves network utilization in case of a lossy fabric. This features is enabled by default.

Dynamic VF MSIX Allocation

Added support for dynamic MSIX modification on a VF NVME device emulation.

If a PF NVME device emulation is created with dynamic_vf_msix_control = 1, then the dynamic_vf_msix_reset can set the PF device emulation's VF MSIX number to 0. The num_msix is used in the modified VF device emulation to modify the MSIX number of the VF device emulation.

InfiniBand Congestion Control (IB CC)

Enabled IB CC per Service Level (SL) for RC/UC on the HCA side.

Now different SLs can be configured to be CC on/off according to the bitmask decided by the software.


Optimizes the ATC configuration dynamically based on the returned pages of the ATS translation requests that have been made.

PCC Algorithms

Enables a smooth and statically switch between PCC algorithms. In addition, the user can now switch between PCC algorithms while running traffic.

Hardware Steering: Bulk Allocation

Added support for 32 actions in the header modify pattern using bulk allocation.

InfiniBand Congestion Control - RTT Response Service Level

The software can explicitly set the SL of an RTT response packet, instead of it being taken from the RTT request packet's SL.

The RTT response packet SL may be set/queried via the CONGESTION_CONTROL_HCA_NP_PARAMETER MAD.

Bug Fixes

See Bug Fixes in this Firmware Version section.




Bug Fixes

See Bug Fixes in this Firmware Version section.




Link Protocol

IB/Ethernet (IB NDR / 200GbE) supported ConnectX-7 adapter cards now raise at their default link protocol. For the list of these cards, please refer to the "Supported Devices" section of this Release Notes, see the cards that have (default mode) in their description.

For a non-default protocol, please refer to the Hardware User Manual.


Enabled provisioning of the OEM public key that is used for OEM NVconfig file signature verification.

Bug Fixes

See Bug Fixes in this Firmware Version section.




PCC Algorithm

Enables the users to collect more information from NP to RP for PCC algorithm. To achieve this, the NP ingress bytes information was added to the RTT response packet sent from the NP side.

HPCC: Support per-IP and per-QP methods

Enables the user to configure the PCC algorithm shaper coalescing mode using nvconfig to select CC algorithm shaper coalescing for IB and ROCE.


SPDM Attestation

Enabled GET_MEASUREMENTS to be called before CHALLENGE is called in SPDM Attestation flow according to the SPDM protocol.

Bug Fixes

See Bug Fixes in this Firmware Version section.





Added support for copy modify header steering action to/from the UDP field.

Range based Lookup

Added support for range based lookup. This new capability is available using the following new PRM command:

GENERATE WQE which receives GTA WQE, the command supports "match on range" and num_hash_definer=[1,2] and num_match_ste=[1,2].

For further information, refer to section "RTC Object Format" in the PRM.

RoCE based VM Migration

Added support for RoCE based VM migration.

Resource Dump

Added the following resource dump segments:

  • SEG_HW_STE_FULL that includes dump to STE and all its dependencies

  • SEG_FW_STE_FULL that include dump to FW_STE and to HW_STE_FULL in range

Striding WQE - Headroom and Tail-room

As the software requires additional space before and after a packet is scattered for its processing for stridden RQ, the hardware will allocate the required room while scattering packets to spare a copy.

Connections per Second (CPS)

Improved security offload's Connections per Second (CPS) rate using the general object DEK (PSP TLS etc).

VF Migration Flow

Added support for pre-copy commands in VF migration flow in order to reduce the migration downtime.

VF Migration Flow

Optimized performance to support full VF migration flow.

VirtIO vDPA Performance Virtualization

Increased the VirtIO hardware offload message rate to 20/20 MPPS for 256 virtual devices by optimizing the datapath application code.

PTP: Accuracy Scheduling

Added support for all PTP/accuracy scheduling.

RoCE: Adaptive Timer

Enabled ADP timer to allow the user to configure RC or DC qp_timeout values lower than 16.

QoS Priority Trust Default State

QoS priority trust default state can now be changed using the new nvconfig below:



The values that can be used to set the default state are:





Bug Fixes

See Bug Fixes section.


Bug Fixes

See Bug Fixes section.


MACsec Full Offload

Enabled MACsec full offload for NIC tables (aware mode). UnTil now full offload was available only for FDB tables.

LLDP Properties Implementation on RDE

Added LLDPEnable, LLDPTransmit and LLDPReceive properties to the RDE Port schema implementation.

Programmable CC, PPCC, MAD, IBCC

Added support for PPCC register with bulk operations, MAD for algorithm configuration and tunable parameters.

Programmable Congestion Control (PCC)

Optimized both of the DPA's infrastructure and algorithm to be Programmable CC based.

Programmable Counters

Added support for programmable counters for PCC via PPCC register and MAD.

Bug Fixes

See Bug Fixes section.


Firmware Based Attestation Flow

Attestation is a cryptographic reporting of the security configuration of a device, used by a platform to establish trust in the device. The device’s security configuration includes (but is not limited to) its identity, the code it is running and the states of security related mechanisms and assets.

This new capability enables BMC to attest the device over SPDM protocol. The feature works for secure NICs with production certificates installed. SPDM protocol is defined in DMTF DSP0274 v1.1.0.

Currently the following SPDM commands are supported:






Since CHALLENGE and GET_MEASUREMENTS are not functional yet, when they are called, the NIC will respond with RESPONSE_NOT_READY.


Added support for 100G & 200G optical cables (InfiniBand & Ethernet).

Please note this support comes with a limitation when connecting ConnectX-7 to a ConnectX-6 Dx or an NVIDIA Spectrum-3 as described in Known Issues 3070409.

Bug Fixes

See Bug Fixes section.

© Copyright 2023, NVIDIA. Last updated on Oct 18, 2023.