mlxprivhost - NIC Configuration by the Host Restriction Tool
mlxprivhost enables the user to restrict the hosts from managing the device.
mlxprivhost is supported in Linux only.
mlxprivhost is not supported in ESXi 7.0.
This utility is supported in BlueField devices only.
mlxprivhost [OPTIONS] <command> [parameters…]
Restrict configuration takes effect immediately, but with disabling/enabling RShim, it requires reboot
The host cannot restrict itself, it only restricts other external hosts
A restricted host will not be able to perform operations as the below that can compromise the DPU:
Port ownership – the host cannot assign itself as port owner
Hardware counters – the host does not have access to hardware counters
Tracer functionality is blocked
RShim interface is blocked
FW flash is restricted
For Multi-host system, the tool is compatible with firmware version starting from xx.31.10xx and later
Shows this help message and exit
Shows program's version number and exit
--device DEVICE, -d DEVICE
Device to work with.
When TRUE, the host does not have an RSHIM function to access the embedded CPU registers.
Reboot is required for changes to take effect.
When TRUE, the host will not be allowed to own the Tracer
When TRUE, the host will not be allowed to read Physical port counters
When TRUE, the host will not be allowed to be Port Owner
Set all external hosts restricted except the one that called the command
Set all external hosts privileged except the one that called the command
From external host: query the status of the host
From Embedded Arm CPU: query if all external hosts are restricted
Example of mlxprivhost:
Enabling Full Host Restriction:
mlxprivhost –d /dev/mst/mt41682_pciconf0 r --disable_rshim --disable_tracer --disable_counter_rd --disable_port_owner
Disabling Host Restriction:
Query the status of host: