flint – Firmware Burning Tool
The flint (Flash interface) utility performs the following functions:
Burns a binary firmware image to the Flash device attached to an adapter or a switch device.
Burns an Expansion ROM image to the Flash device attached to adapters.
Queries for firmware attributes (version, GUIDs, UIDs, MACs, PSID, etc.)
Enables executing various operations on the Flash memory from the command line (for debug/production).
Disables/enables the access to the device’s hardware registers, and changes the key used for enabling. This feature is functional only if the burnt firmware supports it.
flint [OPTIONS] <command> [parameters...]
--allow_rom_change |
Allows burning/removing a ROM to/from Firmware image when product version is present. |
-banks <banks> |
Set the number of attached flash devices (banks) |
-blank_guids |
Burn the image with blank GUIDs and MACs (where applicable). These values can be set later using the "sg" command (see details below). Commands affected: burn |
-clear_semaphore |
Force clear the flash semaphore on the device. No command is allowed when this flag is used. NOTE: May result in system instability or flash corruption if the device or another application is currently using the flash. Exercise caution. |
--cpu_util <CPU_UTIL> |
Use this flag to reduce CPU utilization while burning, Windows only. Legal values are from 1 (lowest CPU) to 5 (highest CPU) |
-d[evice] <device> |
Device flash is connected to. Commands affected: all |
-dual_image |
Make the burn process burn two images on flash (previously default algorithm). Current default failsafe burn process burns a single image (in alternating locations). Commands affected: burn |
-flash_params <type,log2size,num_of_flashes> |
Use the given parameters to access the flash instead of reading them from the flash. Supported parameters:
|
--flashed_version |
When specified, only flashed fw version is fetched Commands affected: query |
-guid <GUID> |
GUID base value. 4 GUIDs are automatically assigned to the following values: guid -> node GUID guid+1 -> port1 guid+2 -> port2 guid+3 -> system image GUID NOTE: port2 guid will be assigned even for a single port HCA - The HCA ignores this value. Commands affected: burn, sg |
-guids <GUIDs...> |
4 GUIDs must be specified here. The specified GUIDs are assigned to the following fields, repectively: node, port1, port2 and system image GUID. NOTE: port2 guid must be specified even for a single port HCA. The HCA ignores this value. It can be set to 0x0. Commands affected: burn, sg |
-h[elp] |
Prints this message and exits |
-hh |
Prints extended command help |
--hmac_key <hmac_key> |
Path to the file containing the HMAC key (For FS4 image only). |
--hsm |
Flag to use with sign command. Will use HSM HW for encryption operations. |
-i[mage] <image> |
Binary image file. Commands affected: burn, verify |
--ignore_dev_data |
Do not attempt to take device data sections from device (sections will be taken from the image. FS3 image only). Commands affected: burn |
--key_uuid <uuid_file> |
UUID matching the given private key to be used by the sign command |
--key_uuid2 <uuid_file> |
UUID matching the given private key to be used by the sign command |
-log <log_file> |
Prints the burning status to the specified log file |
--low_cpu |
When specified, cpu usage will be reduced. Run time might be increased Commands affected: query |
-mac <MAC>1 |
MAC address base value. 2 MACs are automatically assigned to the following values: mac -> port1 mac+1 -> port2 Commands affected: burn, sg |
-macs <MACs...>1 |
2 MACs must be specified here. The specified MACs are assigned to port1, port2, respectively. Commands affected: burn, sg NOTE: -mac/-macs flags are applicable only for NVIDIA Ethernet products. |
-no |
Non-interactive mode - assume answer "no" to all questions. Commands affected: all |
-no_flash_verify |
Do not verify each write on the flash. |
--no_fw_ctrl |
Do not attempt to work with the firmware Ctrl update commands. |
-nofs |
Burns image in a non failsafe manner. |
--openssl_engine <engine name> |
Name of the OpenSSL engine to be used by the sign/rsa_sign commands to work with the HSM hardware via OpenSSL API |
--openssl_key_id <key> |
Key identification string to be used by the sign/rsa_sign commands to work with the HSM hardware via OpenSSL API |
--output_file <string> |
Output file name for exporting the public key from PEM/BIN. |
-override_cache_replacement2 |
Allow accessing the flash even if the cache replacement mode is enabled. NOTE: This flag is often referred to as -ocr NOTE: This flag is intended for advanced users only. Running in this mode may cause the firmware to hang. |
--private_key <key_file> |
Path to PEM formatted private key to be used by the sign command |
--private_key_label <string> |
Flag to use with sign/import_hsm_key commands. |
--private_key2 <key_file> |
Path to PEM formatted private key to be used by the sign command |
|
Run a quick query. When specified, flint will not perform full image integrity checks during the query operation. This may shorten execution time when running over slow interfaces (e.g., I2C, MTUSB-1). Commands affected: query |
-s[ilent] |
Do not print burn progress flyer. Commands affected: burn |
-striped_image |
Use this flag to indicate that the given image file is in a "striped image" format. Commands affected: query verify |
-uid <UID> |
5th Generation (Group II) devices only. Derive and set the device’s base UID. GUIDs and MACs are derived from the given base UID according to NVIDIA Methodologies. Commands affected: burn, sg |
-use_dev_rom |
Save the ROM which exists in the device (FS3 and FS4 image only). Commands affected: burn |
--use_fw |
Access to flash using FW (ConnectX-3/ConnectX-3 Pro device only). Commands affected: all |
-use_image_guids |
Burn (guids/uids/macs) as appears in the given image. Commands affected: burn |
-use_image_ps |
Burn vsd as appears in the given image - do not keep existing VSD on flash. Commands affected: burn |
-use_image_rom |
Do not save the ROM which exists in the device. Commands affected: burn |
--user_password <string> |
Flag to use with HSM HW for encryption operations. |
-v |
Version info. |
-vsd <string> |
Write this string, of up to 208 characters, to VSD when burn. |
-y[es] |
Non interactive mode - assume answer "yes" to all questions. Commands affected: all |
--linkx |
Burn or query the cable device connected to the host. |
--aws_hsm |
Flag for the rsa_sign command |
--cert_chain_index |
Use this flag to specify the certificate location. The acceptable values are 0-7 (default - 0). |
--i2c_secondary <address> |
Change the I2C secondary address. |
--comid_file <template_file> |
Path to CoMID template file to be filled with M1-M4 measurements by the get_measurements. |
The -mac and -macs options are applicable only to NVIDIA Ethernet adapter and switch devices.
When accessing SwitchX via I2C or PCI, the -override_cache_replacement flag must be set.
The flint utility commands are:
Common Firmware Update and Query
b[urn] |
Burn flash |
q[uery] [full] |
Query misc. flash/firmware characteristics, use "full" to get more information. |
v[erify] |
Verify entire flash |
swreset |
SW reset the target unmanaged switch device. This command is supported only in the In-Band access method. |
sign_with_hmac |
Sign image with HMAC. |
get_measurements|gm |
Calculates M1-M4 measurements (for FS4 image only). |
Expansion ROM Update:
brom <ROM-file> |
Burn the specified ROM file on the flash. |
drom |
Remove the ROM section from the flash. |
rrom <out-file> |
Read the ROM section from the flash. |
qrom |
Query ROM in a given image. |
Initial Burn, Production:
bb |
Burn Block - Burns the given image as is. No checks are done. Note: The MFT 'bb' option is an advanced flag used ONLY for production flows. It is NOT recommend to use it, as it can cause unrecoverable firmware burning failures. Note: FwBurnBlock is not supported any longer in FS3 and up images. |
sg [guids_num=<num> step_size=<size>] | [nocrc] |
Set GUIDs. |
set_vpd [vpd file] |
Set read-only VPD (For FS3 image only). |
smg [guids_num=<num> step_size=<size>] |
Set manufacture GUIDs (For FS3 image only). |
sv |
Set the VSD. |
Misc Firmware Image Operations
ri <out-file> |
Read the fw image on the flash. |
dc [out-file] |
Dump Configuration: print fw configuration file for the given image. |
dh [out-file] |
Dump Hash: print hash file for the given image. |
checksum|cs |
Perform MD5 checksum on firmware. |
timestamp|ts <set|query|reset> [timestamp] [FW version] |
Set/query/reset firmware timestamp. |
cache_image|ci |
Cache FW image (Windows only). |
sign |
Sign firmware image file |
rsa_sign |
Sign firmware image file with RSA |
set_public_keys [public key binary file] |
Set Public Keys (For FS3/FS4 image only). |
set_forbidden_versions [forbidden versions] |
Set Forbidden Versions (For FS3/FS4 image only). |
import_hsm_key |
This command allows to import the private and public key to the HSM HW. |
export_public_key |
This command extracts the public key from given BIN file or from PEM file. |
Hardware Access Key:
set_key [key] |
Set/Update the HW access key which is used to enable/disable access to HW. The key can be provided in the command line or interactively typed after the command is given. NOTE: The new key is activated only after the device is reset. |
hw_access <enable|disable> [key] |
Enable/disable the access to the HW. The key can be provided in the command line or interactively typed after the command is given. |
Low Level Flash Operations:
hw query |
Query HW info and flash attributes. |
e[rase] <addr> |
Erase sector |
rw <addr> |
Read one dword from flash |
ww <addr> < data> |
Write one dword to flash |
wwne <addr> |
Write one dword to flash without sector erase |
wb <data-file> <addr> |
Write a data block to flash |
wbne <addr> <size> <data ...> |
Write a data block to flash without sector erase |
rb <addr> <size> [out-file] |
Read a data block from flash |
Return Values:
Value |
Description |
0 |
Successful completion |
1 |
An error has occurred |
7 |
For the burn command - The option of burning new firmware was not chosen by the user when prompted. Thus, the firmware burning process was aborted. |
The following commands are non-failsafe when performed on a 5th generation (Group II) device: sg, smg, sv and set_vpd.
Manufacture GUIDs are similar to GUIDs. However, they are located in the protected area of the flash and set during production. By default, firmware will use GUIDs unless specified otherwise during production.