The secure host feature enables ConnectX family devices to block access to its internal hardware registers. The hardware access in this mode is allowed only if a correct 64 bits key is provided.
The secure host feature requires a MLNX_OFED driver installed on the machine.
To disable/enable access to the hardware:
Set the key:
# flint -d /dev/mst/mt4099_pci_cr0 set_key
22062011
Setting the HW Key - OK Restoring signature - OKWarningA driver restart is required to activate the new key.
Access the HW while HW access is disabled:
# flint -d /dev/mst/mt4099_pci_cr0 q E- Cannot open /dev/mst/mt4099_pci_cr0: HW access is disabled on the device. E- Run
"flint -d /dev/mst/mt4099_pci_cr0 hw_access enable"
in order to enable HW access.Enable HW access:
# flint -d /dev/mst/mt4099_pci_cr0 hw_access enable Enter Key: ********
Disable HW access:
# flint -d /dev/mst/mt4099_pci_cr0 hw_access disable
ImportantWARNING:
1. Once a hardware access key is set, the hardware can be accessed only after the correct key is provided.
2. If a key is lost, there is no way to recover it using the tool. The only way to recover from a lost key is to:
• Connect the flash-not-present jumper on the card
• Boot in "flash recovery" mode
• Re-burn FW
• Re-set the HW access key
For further details, please refer to Secure Host.
Secure Host can be enabled on 5th generation devices in one of the following manners:
Set the key:
# flint -d /dev/mst/mt4115_pciconf0 set_key
18022018
-I- Secure Host was enabled successfully on the device.Disable HW access:
# flint -d /dev/mst/mt4115_pciconf0 hw_access disable
18022018
-I- Secure Host was enabled successfully on the device.If the key was not provided in the command line, an interactive shell will ask for it, and verifying it:
# flint -d /dev/mst/mt4115_pciconf0 set_key Enter Key : ******** Verify Key : ******** -I- Secure Host was enabled successfully on the device.
Or
Disable the Secure Host (Enable HW access):
# flint -d /dev/mst/mt4115_pciconf0 hw_access enable
18022018
-I- The Secure Host was disabled successfully on the device. And the same as previous, providing the key can be done in interactive shell: # flint -d /dev/mst/mt4115_pciconf0 hw_access enable Enter Key : ******** -I- The Secure Host was disabled successfully on the device.