Querying the Firmware Image
To query the FW image on a device, use the following command line:
# flint -d <device> q
To query the FW image in a file, use the following command line:
# flint -i <image file> q
where:
device | Device on which the query is run. |
image file | Image file on which the query is run. |
Examples:
Query the FW on the device.
# flint -d /dev/mst/mt4099_pci_cr0 query
Query the FW image file.
# flint -i 25408-2_42_5000-MCX354A-FCB_A2.bin query
Security Attributes field in Query output:
This field lists the security attributes of the device’s firmware, where:Secure-fw: This attribute indicates that this binary/device supports secure-firmware-updates. It means that only officially signed binaries can be loaded to the device from the host, and that the current binary is signed.
Signed-fw: This attribute indicates that that this binary is signed and that the device can verify digital signatures of new updates. However, unlike, secure-fw, there might still be methods to upload unsigned binaries to the device from the host.
debug: This attribute indicate that this binary is (or this device runs) a debug-version. Debug versions are custom made for specific data-centers or labs, and can only be installed after a corresponding debug-fw token is pushed to the device. The debug-fw-token, which is digitally signed, includes a list of the target devices MAC addresses.
dev: This attribute indicates that the firmware is signed with development (test) key.
Default Update Method" field in Query Full output:{This field reflect the method which flint will use in order to update the device. The user can enforce a different method using the –no_fw_ctrl or the –ocr flags.The default methods are:
Legacy: flint will use the low level flash access registers.
fw_ctrl: flint will operate the ‘firmware component update’ state machine.
Secure-boot attributes
Secure-boot : This attribute indicates if the device supports secure-boot
Life-cycle : This attribute indicates the current status of secure-boot
Security-version:
For query on image: This attribute indicates the security-version of the image.
For query on device:
“EFUSE security version”: Indicates the security version of the device
“Image security version”: Indicates the security version of the image on the flash
Programming method: Indicates when the boot will program the “EFUSE security version” to be aligned with the “image security version”.