flint – Firmware Burning Tool

NVIDIA ConnectX-5 Adapter Cards Firmware Release Notes v16.35.3502 LTS

The flint (Flash interface) utility performs the following functions:

  • Burns a binary firmware image to the Flash device attached to an adapter or a switch device.

  • Burns an Expansion ROM image to the Flash device attached to adapters.

  • Queries for firmware attributes (version, GUIDs, UIDs, MACs, PSID, etc.)

  • Enables executing various operations on the Flash memory from the command line (for debug/production).

  • Disables/enables the access to the device’s hardware registers, and changes the key used for enabling. This feature is functional only if the burnt firmware supports it.

Copy
Copied!
            

flint [OPTIONS] <command> [parameters...]

--allow_rom_change

Allows burning/removing a ROM to/from Firmware image when product version is present.

-banks <banks>

Set the number of attached flash devices (banks)

-blank_guids

Burn the image with blank GUIDs and MACs (where applicable). These values can be set later using the "sg" command (see details below).

Commands affected: burn

-clear_semaphore

Force clear the flash semaphore on the device. No command is allowed when this flag is used.

NOTE: May result in system instability or flash corruption if the device or another application is currently using the flash. Exercise caution.

--cpu_util <CPU_UTIL>

Use this flag to reduce CPU utilization while burning, Windows only. Legal values are from 1 (lowest CPU) to 5 (highest CPU)

-d[evice] <device>

Device flash is connected to.

Commands affected: all

-dual_image

Make the burn process burn two images on flash (previously default algorithm). Current default failsafe burn process burns a single image (in alternating locations).

Commands affected: burn

-flash_params

<type,log2size,num_of_flashes>

Use the given parameters to access the flash instead of reading them from the flash.

Supported parameters:

  • Type: The type of the flash, such as: M25PXxx, M25Pxx, SST25VFxx, W25QxxBV, W25Xxx, AT25DFxxx, S25FLXXXP

  • log2size: The log2 of the flash size

  • num_of_flashes: the number of the flashes connected to the device

--flashed_version

When specified, only flashed fw version is fetched

Commands affected: query

-guid <GUID>

GUID base value. 4 GUIDs are automatically assigned to the following values:

guid -> node GUID

guid+1 -> port1

guid+2 -> port2

guid+3 -> system image GUID

NOTE: port2 guid will be assigned even for a single port HCA - The HCA ignores this value.

Commands affected: burn, sg

-guids <GUIDs...>

4 GUIDs must be specified here. The specified GUIDs are assigned to the following fields, repectively: node, port1, port2 and system image GUID.

NOTE: port2 guid must be specified even for a single port HCA. The HCA ignores this value. It can be set to 0x0.

Commands affected: burn, sg

-h[elp]

Prints this message and exits

-hh

Prints extended command help

--hmac_key <hmac_key>

Path to the file containing the HMAC key (For FS4 image only).

--hsm

Flag to use with sign command. Will use HSM HW for encryption operations.

-i[mage] <image>

Binary image file.

Commands affected: burn, verify

--ignore_dev_data

Do not attempt to take device data sections from device (sections will be taken from the image. FS3 image only).

Commands affected: burn

--key_uuid <uuid_file>

UUID matching the given private key to be used by the sign command

--key_uuid2 <uuid_file>

UUID matching the given private key to be used by the sign command

-log <log_file>

Prints the burning status to the specified log file

--low_cpu

When specified, cpu usage will be reduced. Run time might be increased

Commands affected: query

-mac <MAC>1

MAC address base value. 2 MACs are automatically assigned to the following values:

mac -> port1

mac+1 -> port2

Commands affected: burn, sg

-macs <MACs...>1

2 MACs must be specified here. The specified MACs are assigned to port1, port2, respectively.

Commands affected: burn, sg

NOTE: -mac/-macs flags are applicable only for NVIDIA Ethernet products.

-no

Non-interactive mode - assume answer "no" to all questions.

Commands affected: all

-no_flash_verify

Do not verify each write on the flash.

--no_fw_ctrl

Do not attempt to work with the firmware Ctrl update commands.

-nofs

Burns image in a non failsafe manner.

--openssl_engine <engine name>

Name of the OpenSSL engine to be used by the sign/rsa_sign commands to work with the HSM hardware via OpenSSL API

--openssl_key_id <key>

Key identification string to be used by the sign/rsa_sign commands to work with the HSM hardware via OpenSSL API

--output_file <string>

Output file name for exporting the public key from PEM/BIN.

-override_cache_replacement2

Allow accessing the flash even if the cache replacement mode is enabled.

NOTE: This flag is often referred to as -ocr

NOTE: This flag is intended for advanced users only. Running in this mode may cause the firmware to hang.

--private_key <key_file>

Path to PEM formatted private key to be used by the sign command

--private_key_label <string>

Flag to use with sign/import_hsm_key commands.

--private_key2 <key_file>

Path to PEM formatted private key to be used by the sign command

-qq

Run a quick query. When specified, flint will not perform full image integrity checks during the query operation. This may shorten execution time when running over slow interfaces (e.g., I2C, MTUSB-1). Commands affected: query

-s[ilent]

Do not print burn progress flyer. Commands affected: burn

-striped_image

Use this flag to indicate that the given image file is in a "striped image" format.

Commands affected: query verify

-uid <UID>

5th Generation (Group II) devices only. Derive and set the device’s base UID. GUIDs and MACs are derived from the given base UID according to NVIDIA Methodologies.

Commands affected: burn, sg

-use_dev_rom

Save the ROM which exists in the device (FS3 and FS4 image only).

Commands affected: burn

--use_fw

Access to flash using FW (ConnectX-3/ConnectX-3 Pro device only).

Commands affected: all

-use_image_guids

Burn (guids/uids/macs) as appears in the given image.

Commands affected: burn

-use_image_ps

Burn vsd as appears in the given image - do not keep existing VSD on flash.

Commands affected: burn

-use_image_rom

Do not save the ROM which exists in the device.

Commands affected: burn

--user_password <string>

Flag to use with HSM HW for encryption operations.

-v

Version info.

-vsd <string>

Write this string, of up to 208 characters, to VSD when burn.

-y[es]

Non interactive mode - assume answer "yes" to all questions.

Commands affected: all

--linkx

Burn or query the cable device connected to the host.

--aws_hsm

Flag for the rsa_sign command

--cert_chain_index

Use this flag to specify the certificate location. The acceptable values are 0-7 (default - 0).

-s, --i2c-secondary <address>

Change the I2C secondary address.

Warning

The -mac and -macs options are applicable only to NVIDIA Ethernet adapter and switch devices.

Warning

When accessing SwitchX via I2C or PCI, the -override_cache_replacement flag must be set.

The flint utility commands are:

Common Firmware Update and Query

b[urn]

Burn flash

q[uery] [full]

Query misc. flash/firmware characteristics, use "full" to get more information.

v[erify]

Verify entire flash

swreset

SW reset the target unmanaged switch device. This command is supported only in the In-Band access method.

sign_with_hmac

Sign image with HMAC.

Expansion ROM Update:

brom <ROM-file>

Burn the specified ROM file on the flash.

drom

Remove the ROM section from the flash.

rrom <out-file>

Read the ROM section from the flash.

qrom

Query ROM in a given image.

Initial Burn, Production:

bb

Burn Block - Burns the given image as is. No checks are done.

Note: The MFT 'bb' option is an advanced flag used ONLY for production flows.

It is NOT recommend to use it, as it can cause unrecoverable firmware burning failures.

Note: FwBurnBlock is not supported any longer in FS3 and up images.

sg [guids_num=<num>

step_size=<size>] | [nocrc]

Set GUIDs.

set_vpd [vpd file]

Set read-only VPD (For FS3 image only).

smg [guids_num=<num>

step_size=<size>]

Set manufacture GUIDs (For FS3 image only).

sv

Set the VSD.

Misc Firmware Image Operations

ri <out-file>

Read the fw image on the flash.

dc [out-file]

Dump Configuration: print fw configuration file for the given image.

dh [out-file]

Dump Hash: print hash file for the given image.

checksum|cs

Perform MD5 checksum on firmware.

timestamp|ts <set|query|reset>

[timestamp] [FW version]

Set/query/reset firmware timestamp.

cache_image|ci

Cache FW image (Windows only).

sign

Sign firmware image file

rsa_sign

Sign firmware image file with RSA

set_public_keys [public key binary file]

Set Public Keys (For FS3/FS4 image only).

set_forbidden_versions [forbidden versions]

Set Forbidden Versions (For FS3/FS4 image only).

import_hsm_key

This command allows to import the private and public key to the HSM HW.

export_public_key

This command extracts the public key from given BIN file or from PEM file.

Hardware Access Key:

set_key [key]

Set/Update the HW access key which is used to enable/disable access to HW.

The key can be provided in the command line or interactively typed after the command is given.

NOTE: The new key is activated only after the device is reset.

hw_access <enable|disable> [key]

Enable/disable the access to the HW.

The key can be provided in the command line or interactively typed after the command is given.

Low Level Flash Operations:

hw query

Query HW info and flash attributes.

e[rase] <addr>

Erase sector

rw <addr>

Read one dword from flash

ww <addr> < data>

Write one dword to flash

wwne <addr>

Write one dword to flash without sector erase

wb <data-file> <addr>

Write a data block to flash

wbne <addr> <size> <data ...>

Write a data block to flash without sector erase

rb <addr> <size> [out-file]

Read a data block from flash

Return Values:

Value

Description

0

Successful completion

1

An error has occurred

7

For the burn command - The option of burning new firmware was not chosen by the user when prompted. Thus, the firmware burning process was aborted.

Warning

The following commands are non-failsafe when performed on a 5th generation (Group II) device: sg, smg, sv and set_vpd.

Warning

Manufacture GUIDs are similar to GUIDs. However, they are located in the protected area of the flash and set during production. By default, firmware will use GUIDs unless specified otherwise during production.

© Copyright 2023, NVIDIA. Last updated on Dec 28, 2023.