flint – Firmware Burning Tool
The flint (Flash interface) utility performs the following functions:
Burns a binary firmware image to the Flash device attached to an adapter or a switch device.
Burns an Expansion ROM image to the Flash device attached to adapters.
Queries for firmware attributes (version, GUIDs, UIDs, MACs, PSID, etc.)
Enables executing various operations on the Flash memory from the command line (for debug/production).
Disables/enables the access to the device’s hardware registers, and changes the key used for enabling. This feature is functional only if the burnt firmware supports it.
flint [OPTIONS] <command> [parameters...]
--allow_rom_change | Allows burning/removing a ROM to/from Firmware image when product version is present. |
-banks <banks> | Set the number of attached flash devices (banks) |
-blank_guids | Burn the image with blank GUIDs and MACs (where applicable). These values can be set later using the "sg" command (see details below). |
-clear_semaphore | Force clear the flash semaphore on the device. No command is allowed when this flag is used. NOTE: May result in system instability or flash corruption if the device or another application is currently using the flash. Exercise caution. |
--cpu_util <CPU_UTIL> | Use this flag to reduce CPU utilization while burning, Windows only. Legal values are from 1 (lowest CPU) to 5 (highest CPU) |
-d[evice] <device> | Device flash is connected to. |
-dual_image | Make the burn process burn two images on flash (previously default algorithm). Current default failsafe burn process burns a single image (in alternating locations). |
-flash_params <type,log2size,num_of_flashes> | Use the given parameters to access the flash instead of reading them from the flash. Supported parameters:
|
--flashed_version | When specified, only flashed fw version is fetched |
-guid <GUID> | GUID base value. 4 GUIDs are automatically assigned to the following values: guid -> node GUID NOTE: port2 guid will be assigned even for a single port HCA - The HCA ignores this value. Commands affected: burn, sg |
-guids <GUIDs...> | 4 GUIDs must be specified here. The specified GUIDs are assigned to the following fields, repectively: node, port1, port2 and system image GUID. NOTE: port2 guid must be specified even for a single port HCA. The HCA ignores this value. It can be set to 0x0. Commands affected: burn, sg |
-h[elp] | Prints this message and exits |
-hh | Prints extended command help |
--hmac_key <hmac_key> | Path to the file containing the HMAC key (For FS4 image only). |
--hsm | Flag to use with sign command. Will use HSM HW for encryption operations. |
-i[mage] <image> | Binary image file. Commands affected: burn, verify |
--ignore_dev_data | Do not attempt to take device data sections from device (sections will be taken from the image. FS3 image only). Commands affected: burn |
--key_uuid <uuid_file> | UUID matching the given private key to be used by the sign command |
--key_uuid2 <uuid_file> | UUID matching the given private key to be used by the sign command |
-log <log_file> | Prints the burning status to the specified log file |
--low_cpu | When specified, cpu usage will be reduced. Run time might be increased |
-mac <MAC>1 | MAC address base value. 2 MACs are automatically assigned to the following values: mac -> port1 Commands affected: burn, sg |
-macs <MACs...>1 | 2 MACs must be specified here. The specified MACs are assigned to port1, port2, respectively. Commands affected: burn, sg NOTE: -mac/-macs flags are applicable only for NVIDIA® ethernet products. |
-no | Non-interactive mode - assume answer "no" to all questions. |
-no_flash_verify | Do not verify each write on the flash. |
--no_fw_ctrl | Do not attempt to work with the firmware Ctrl update commands. |
-nofs | Burns image in a non failsafe manner. |
--openssl_engine <engine name> | Name of the OpenSSL engine to be used by the sign/rsa_sign commands to work with the HSM hardware via OpenSSL API |
--openssl_key_id <key> | Key identification string to be used by the sign/rsa_sign commands to work with the HSM hardware via OpenSSL API |
--output_file <string> | Output file name for exporting the public key from PEM/BIN. |
-override_cache_replacement2 | Allow accessing the flash even if the cache replacement mode is enabled. NOTE: This flag is often referred to as -ocr |
--private_key <key_file> | Path to PEM formatted private key to be used by the sign command |
--private_key_label <string> | Flag to use with sign/import_hsm_key commands. |
--private_key2 <key_file> | Path to PEM formatted private key to be used by the sign command |
--public_key_label <string> | Flag to use with sign/import_hsm_key commands. |
Run a quick query. When specified, flint will not perform full image integrity checks during the query operation. This may shorten execution time when running over slow interfaces (e.g., I2C, MTUSB-1). Commands affected: query | |
-s[ilent] | Do not print burn progress flyer. Commands affected: burn |
-striped_image | Use this flag to indicate that the given image file is in a "striped image" format. Commands affected: query verify |
-uid <UID> | 5th Generation (Group II) devices only. Derive and set the device’s base UID. GUIDs and MACs are derived from the given base UID according to NVIDIA® Methodologies. |
-use_dev_rom | Save the ROM which exists in the device (FS3 and FS4 image only). |
--use_fw | Access to flash using FW (ConnectX-3/ConnectX-3 Pro device only). |
-use_image_guids | Burn (guids/uids/macs) as appears in the given image. |
-use_image_ps | Burn vsd as appears in the given image - do not keep existing VSD on flash. |
-use_image_rom | Do not save the ROM which exists in the device. |
--user_password <string> | Flag to use with HSM HW for encryption operations. |
-v | Version info. |
-vsd <string> | Write this string, of up to 208 characters, to VSD when burn. |
-y[es] | Non interactive mode - assume answer "yes" to all questions. |
--linkx | Burn or query the cable device connected to the host. |
Note 1. The -mac and -macs options are applicable only to NVIDIA® Ethernet adapter and switch devices.
Note 2. When accessing SwitchX via I2C or PCI, the -override_cache_replacement flag must be set.
The flint utility commands are:
Common FW Update and Query
b[urn] | Burn flash |
q[uery] [full] | Query misc. flash/firmware characteristics, use "full" to get more information. |
v[erify] | Verify entire flash |
swreset | SW reset the target unmanaged switch device. This command is supported only in the In-Band access method. |
sign_with_hmac | Sign image with HMAC. |
Expansion ROM Update:
brom <ROM-file> | Burn the specified ROM file on the flash. |
drom | Remove the ROM section from the flash. |
rrom <out-file> | Read the ROM section from the flash. |
qrom | Query ROM in a given image. |
Initial Burn, Production:
bb | Burn Block - Burns the given image as is. No checks are done. Note: FwBurnBlock is not supported any longer in FS3 and up images. |
sg [guids_num=<num> | Set GUIDs. |
set_vpd [vpd file] | Set read-only VPD (For FS3 image only). |
smg [guids_num=<num> | Set manufacture GUIDs (For FS3 image only). |
sv | Set the VSD. |
Misc FW Image operations:
ri <out-file> | Read the fw image on the flash. |
dc [out-file] | Dump Configuration: print fw configuration file for the given image. |
dh [out-file] | Dump Hash: print hash file for the given image. |
checksum|cs | Perform MD5 checksum on firmware. |
timestamp|ts <set|query|reset> | Set/query/reset firmware timestamp. |
cache_image|ci | Cache FW image (Windows only). |
sign | Sign firmware image file |
rsa_sign | Sign firmware image file with RSA |
set_public_keys [public key binary file] | Set Public Keys (For FS3/FS4 image only). |
set_forbidden_versions [forbidden versions] | Set Forbidden Versions (For FS3/FS4 image only). |
import_hsm_key | This command allows to import the private and public key to the HSM HW. |
export_public_key | This command extracts the public key from given BIN file or from PEM file. |
HW Access Key:
set_key [key] | Set/Update the HW access key which is used to enable/disable access to HW. |
hw_access <enable|disable> [key] | Enable/disable the access to the HW. |
Low Level Flash Operations:
hw query | Query HW info and flash attributes. |
e[rase] <addr> | Erase sector |
rw <addr> | Read one dword from flash |
ww <addr> < data> | Write one dword to flash |
wwne <addr> | Write one dword to flash without sector erase |
wb <data-file> <addr> | Write a data block to flash |
wbne <addr> <size> <data ...> | Write a data block to flash without sector erase |
rb <addr> <size> [out-file] | Read a data block from flash |
The following commands are non-failsafe when performed on a 5th generation (Group II) device: sg, smg, sv and set_vpd.
Manufacture GUIDs are similar to GUIDs. However, they are located in the protected area of the flash and set during production. By default, firmware will use GUIDs unless specified otherwise during production.