Disabling/Enabling Access to the Hardware
The secure host feature enables ConnectX family devices to block access to its internal hardware registers. The hardware access in this mode is allowed only if a correct 64 bits key is provided.
The secure host feature requires a MLNX_OFED driver installed on the machine.
To disable/enable access to the hardware:
Set the key:
# flint -d /dev/mst/mt4099_pci_cr0 set_key
22062011
Setting the HW Key - OK Restoring signature - OKNoteA driver restart is required to activate the new key.
Access the HW while HW access is disabled:
# flint -d /dev/mst/mt4099_pci_cr0 q E- Cannot open /dev/mst/mt4099_pci_cr0: HW access is disabled on the device. E- Run
"flint -d /dev/mst/mt4099_pci_cr0 hw_access enable"
in order to enable HW access.Enable HW access:
# flint -d /dev/mst/mt4099_pci_cr0 hw_access enable Enter Key: ********
Disable HW access:
# flint -d /dev/mst/mt4099_pci_cr0 hw_access disable
WarningWARNING:
1. Once a hardware access key is set, the hardware can be accessed only after the correct key is provided.
2. If a key is lost, there is no way to recover it using the tool. The only way to recover from a lost key is to:
• Connect the flash-not-present jumper on the card
• Boot in "flash recovery" mode
• Re-burn FW
• Re-set the HW access key
For further details, please refer to Secure Host.
Secure Host can be enabled on 5th generation devices in one of the following manners:
Set the key:
# flint -d /dev/mst/mt4115_pciconf0 set_key
18022018
-I- Secure Host was enabled successfully on the device.Disable HW access:
# flint -d /dev/mst/mt4115_pciconf0 hw_access disable
18022018
-I- Secure Host was enabled successfully on the device.If the key was not provided in the command line, an interactive shell will ask for it, and verifying it:
# flint -d /dev/mst/mt4115_pciconf0 set_key Enter Key : ******** Verify Key : ******** -I- Secure Host was enabled successfully on the device.
Or
Disable the Secure Host (Enable HW access):
# flint -d /dev/mst/mt4115_pciconf0 hw_access enable
18022018
-I- The Secure Host was disabled successfully on the device. And the same as previous, providing the key can be done in interactive shell: # flint -d /dev/mst/mt4115_pciconf0 hw_access enable Enter Key : ******** -I- The Secure Host was disabled successfully on the device.