Secure Firmware Update
Secure Firmware Update is supported only on ConnectX-4 onwards adapter cards.
A “Secure firmware update” is the ability of a device to verify digital signatures of new firmware binaries, in order to assure that only officially approved versions can be installed from the host, the network[1] or a Board Management Controller (BMC).
The firmware of devices with “secure firmware up date” functionality (secure FW), restricts access to specific commands and registers that can be used to modify the firmware binary image on the flash, as well as commands that can jeopardize security in general. Most notably, the commands and registers for random flash access are disabled.
Secure FW verifies new binaries before activating them, compared to legacy devices where this task is done by the update tool using direct flash access commands. In addition to signature verification, secure FW also checks that the binary is designated to the same device model, that the new firmware is also secured, and that the new FW version is not included in a forbidden versions blacklist. The firmware rejects binaries that do not match the verification criteria.
Secure FW utilizes the same ‘fail safe’ upgrade procedures, so events like power failure during update should not leave the device in an unstable state. The table below lists the impact of secure FW update on MFT tools.
Tool | Flow | Secure FW | With CS Token | Blocked Commands |
flint / mlxburn | Burn FW | Working with controlled fw update | Working with controlled fw update | |
Query | Working with controlled fw update | Working with controlled fw update | ||
Set GUIDs | Working with controlled fw update | Working with controlled fw update | ||
Verify | Working partially (BOOT image) | Working partially (BOOT image) | ||
Set DV INFO: SET MFG, SET VSD, VPD | Not supported in Secure FW | Not supported in Secure FW | MFBA | |
ROM OPS: BROM, DROM | Not supported, BOOT image modification is not supported (MFBA) | Not supported, BOOT image modification is not supported (MFBA) | MFBA | |
"-ocr" override cache replacement (Direct flash GW access) | Not supported in Secure FW | Not supported in Secure FW | Flash GW is blocked | |
HW SET (Set flash parameters) | Flash GW is blocked | Flash GW is blocked | Flash GW is blocked | |
"--no_fw_ctrl" (Legacy Flow) | Not supported in Secure FW | Not supported in Secure FW | MFBA | |
mlxfwmanager / mlxup | Burn FW | Working with controlled fw update | Working with controlled fw update | |
mlxfwmanager | with --no_fw_ctrl | Not supported in Secure FW | Not supported in Secure FW | MFBA |
mlxdump | fsdump | Blocked icmds | Working | gcif_get_ft_info, gcif_get_ft_list, gcif_get_fg, gcif_get_fg_list, gcif_get_fte, gcif_get_fte_list |
phyUc | Blocked icmds | working | gcif_phy_uc_get_array_prop_px, gcif_phy_uc_set_get_data, | |
rxdump | CR-Space is locked & Blocked icmds | working | gcif_read_rx_slice_desc, gcif_read_rx_slice_packet | |
sxdump | CR-Space is locked & Blocked icmds | working | gcif_read_wq_buf fer | |
wqdump | Dump QP contexts | Blocked icmds | working | gcif_read_context |
Dump WQs | Blocked icmds | working | gcif_read_host_m em, gcif_read_q_en- try, gcif_qp_get_pi_ci | |
ICM | Blocked icmds | working | gcif_read_icm | |
WRITE QP (Devmon) | working | gcif_write_context | ||
mget_temp | hw_access | Read Only CR- Space | working | Read Only CR- Space |
mcra | Read | working | working | working |
Write | Read Only CR- Space | working | Read Only CR- Space | |
mstdump | Read | working | working | working |
mlxtrace / fwtrace | MEM & FIFO | Only fwtrace is supported and only in Linux | working | Read Only CR- Space |
pckt_drop | uses write to CR- Space to work | Read Only CR- Space | working | Read Only CR- Space |
mlxlink | working | working | working | working |
mlxreg | working | working | working | working |
mlxcables | working | working | working | working |
mlxconfig | working | working | working | working |
mlxfwreset | working | working | working | working |
i2c/mlxi2c | Not relevant when not in livefish | |||
With Force flag (ENV VAR) | Read Only CR- Space | working | Read Only CR- Space |
When Secure Firmware is enabled, the flint output slightly changes due to the differences in the underlying NIC accessing methods. Some functionalities may be restricted according to the device security level.
flint query under secure mode:
# flint -d /dev/mst/mt4115_pciconf0 q
Image type: FS3
FW Version: 12.19
.2278
FW Release Date: 7.6
.2017
Description: UID GuidsNumber
Base GUID: 7cfe90030029205e 4
Base MAC: 00007cfe9029205e 4
Image VSD:
Device VSD:
PSID: MT_2190110032
Security Attributes: secure-fw, dev
Unavailable information is reported as N/A.