Changes and New Features

General

This is the initial firmware release for the NVIDIA® ConnectX®-9 SuperNIC.

ConnectX-9 provides the same feature set as the ConnectX-8 adapter card. For a complete list of ConnectX-8 firmware features, refer to the ConnectX-8 Firmware Release Notes.

The features described below are new and are provided in addition to the existing ConnectX-8 feature set.

Lane Margin Test (LMT)

Lane Margin Test (LMT) is a PCIe diagnostic tool that performs controlled per-lane margining in the voltage and timing domains to evaluate link robustness. It helps identify weak or unstable lanes and supports signal-integrity validation, platform bring-up, and long-term reliability analysis.

Notes:

• NVIDIA recommends setting the error threshold to 2. LMT is a destructive test, link drops or performance degradation may occur; if this happens, rerun the test.

• NVIDIA also recommends disabling drivers before starting the Lane Margin Test.

T10 Data Integrity (DIF)

This capability provides block-level data protection by appending a Data Integrity Field (DIF) to each block, including checksums and metadata. The firmware automatically verifies these fields during reads, writes, and data transfers, helping to detect and prevent data corruption, ensure end-to-end data integrity, and increase reliability for critical storage workloads. By enabling T10 DIF, systems can achieve more robust data protection, reducing the risk of silent errors and improving overall storage confidence.

Cyclic Redundancy Check (CRC)

CRC provides a fast and reliable method to detect data corruption by generating a checksum for each block of data. The firmware automatically verifies CRC values during reads, writes, and transfers, helping to detect and prevent silent data errors, ensure end-to-end data integrity, and increase overall system reliability. By leveraging CRC, storage systems can maintain high confidence in critical workloads and minimize the risk of data loss.

Transport Layer Security (TLS) Handshake

The TLS handshake establishes a secure communication session by authenticating endpoints, negotiating cryptographic algorithms, and securely exchanging encryption keys before data transfer begins. This process ensures confidentiality of data in transit, protection against tampering and man-in-the-middle attacks, and trusted identity verification, enabling secure and reliable communication for sensitive and high-value workloads.

NVMe over TCP Acceleration

This capability offloads and accelerates NVMe/TCP data path processing to hardware, reducing CPU overhead and latency while increasing throughput. By streamlining NVMe command processing and TCP handling, it enables higher IOPS, lower and more predictable latency, and improved host CPU efficiency, making it ideal for scalable, high-performance, and cloud-based storage deployments.

DOCA PCC

The DOCA PCC NP application now enables the NIC to insert the RTT response transmit timestamp in hardware, reducing software-induced jitter and improving the accuracy and consistency of RTT measurements.

DOCA PCC API: DSCP Query for PCC Flows in QP Mode

Introduces a DOCA PCC device API that enables retrieval of the DSCP value associated with a PCC flow when PCC operates in QP mode (for example, when ROCE_CC_SHAPER_COALESCE_P1=2 and ROCE_CC_SHAPER_COALESCE_P2=2 are configured via mlxconfig).

DPA Process Limit Update

The system-wide limit for DPA processes has been reduced to 30. This total includes both user processes across all GVMIs and internal ProgCC processes. The max_dpa_processes value reported to the user is calculated as: max_dpa_processes=30−number_of_progcc_processes

Host Rate Limiting Support Above 255 Gbps

Host rate limiting has been extended to support bandwidth values above 255 Gbps.

To remove the previous cap, a new max_bw_value_msb field was added to est_global, providing additional MSB bits to represent higher bandwidth values. With this enhancement, firmware and host tooling can correctly configure and report rate limits beyond 255 Gbps on high-speed links.

PLDM PDR Repository Change Event Support

PLDM now supports the PDR Repository Change event type, enabling notification to the BMC when PDRs change. With this flow, the BMC can detect cable insertion/removal events. Refer to DSP0248 for details.

BMC Write-Protection Check on Firmware Update Failure

Added a validation step during firmware updates to detect whether the BMC is asserting write protection, helping diagnose and prevent update failures.

CMB SysRAM Window Partitioning for PSC Isolation

CMB configuration enforces secure access to System RAM (SysRAM) by defining memory windows and partitions that isolate the Platform Security Controller (PSC) from other system components.

Physical Access Monitor and Protection

The Physical Monitor feature helps protect the platform against threats from attackers with physical access to the system. It monitors for physical-access events and enforces safeguards that prevent or restrict sensitive operations, reducing the risk of exposing secure information or compromising security-critical functionality.

Parallel Save/Load Support for VF Migration

Added support for running save and load operations in parallel, enabling multiple contexts (e.g., multiple VFs) to be checkpointed and restored concurrently instead of serially. This reduces overall migration time and improves scalability in environments that need to migrate or recover many VFs at once.

NVGRE VSID Modify-Header Support

Extended packet modify-header operations to support set and copy actions on the NVGRE VSID (Virtual Subnet Identifier) . A new field, TUNNEL_HDR_DW_2 (0x84), enables dynamic VSID modification, adding header rewrite support for NVGRE tunnel traffic in addition to existing filtering capabilities.

mlxlink

mlxlink show_links now reports the full PCIe identifier (domain/segment + BDF), improving device-to-link mapping and avoiding ambiguous/duplicate BDF entries on multi-domain systems.