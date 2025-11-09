MSTFLINT Package - Firmware Burning and Diagnostics Tools Documentation v4.34.0-1
NVIDIA Docs Hub Homepage  NVIDIA Networking  Networking Software  Firmware Management  MSTFLINT Package - Firmware Burning and Diagnostics Tools Documentation v4.34.0-1  mstdpa

mstdpa

The mstdpa tool allows the user to sign DPA applications, which are given to the tool as part of a Host ELF file.

It also supports the creation, signing, and removal of single applications.

In addition, mlxdpa allows the user to add or remove certificates from the DPA device — this is done by creating certificate containers and signing them.

The tool generates the signatures using a provided private key PEM file.

Tool Requirements:

  • Supported operating systems: Linux

  • Supported platforms: x86-64, arm64

mlxdpa Synopsis

Sign Host ELF using PEM file

Copy
Copied!
            

            
mstdpa --host_elf <ELF file> --cert_chain <certificate chain> --private_key <key .pem file> --output_file <output file path> sign_dpa_apps

Create an upload container for a single app

Copy
Copied!
            

            
mstdpa -s <single ELF> --life_cycle_priority <Nvidia,OEM,User>  -m <appmetadata yaml file> --manifest <manifest bin file> -o <output file path> create_single_dpa_app

Sign upload container for a single app using a PEM file

Copy
Copied!
            

            
mstdpa -s <elf generated in step 2> -c <certificate file> -p <key .pem file> --cert_chain_count <certificate chain> --life_cycle_priority <Nvidia,OEM,User> -o <output file path> sign_single_dpa_app

Query manifest from a single ELF

Copy
Copied!
            

            
mstdpa -s <dpa app> -o <output file path> query_manifest

Create DPA app removal container

Copy
Copied!
            

            
mstdpa --dpa_app_uuid <dpa app uuid> -o <output file path> --life_cycle_priority <Nvidia,OEM,User> create_dpa_app_removal

Sign DPA app removal container

Copy
Copied!
            

            
mstdpa --dpa_app_removal_container <dpa app removal container> --keypair_uuid <keypair uuid> -p <key .pem file> -o <output file path> --life_cycle_priority <Nvidia,OEM,User> sign_dpa_app_removal

Where:

-e|--host_elf

Path to the Host ELF file containing DPA applications

-c|--cert_chain

Path to a certificate chain file to embed in the crypto data

-p|--private_key

Path to a private key PEM file for signature generation

-o|--output_file

Path to output signed Host/single ELF

-h|--help

Show help message

-v|--version

Show tool version

--cert_chain_count <Hex number>

Number of certificates in the provided certificate chain

--dpa_app_removal_container <Path>

Path to a DPA app removal container to sign

--manifest <Manifest>

Path to the manifest file

-m|--app_metadata <App Metadata>

Path to the app metadata YAML file

-s|--single_app <Single App>

Path to the single app file

Creating a Certificate Container

Container for adding a certificate

Copy
Copied!
            

            
mstdpa --cert_container_type add -c <.DER formatted certificate> -o <output path> --life_cycle_priority <Nvidia,OEM,User> create_cert_container

Container for removing a certificate

Copy
Copied!
            

            
mstdpa --cert_container_type remove [--cert_uuid <uuid of the certificate for removal>] [--remove_all_certs] -o <output path> --life_cycle_priority <Nvidia,OEM,User> create_cert_container

Create a certificate upload container with the keep_sig flag

Copy
Copied!
            

            
mstdpa --cert_container_type add -c <.DER formatted certificate> -o <output path> --life_cycle_priority <Nvidia,OEM,User> --keep_sig create_cert_container

Create a certificate upload container with thenvidia_signed_oem flag

Copy
Copied!
            

            
mstdpa --cert_container_type add -c <.DER formatted certificate> -o <output path> --nvidia_signed_oem create_cert_container

Signing a Certificate Container

Container for adding a certificate

Copy
Copied!
            

            
mstdpa --cert_container <container> -p <private key pem file> --keypair_uuid <uuid> --cert_uuid <uuid> --life_cycle_priority <Nvidia,OEM,User> -o <output path> sign_cert_container

Container for removing a certificate

Copy
Copied!
            

            
mstdpa --cert_container <container> -p <private key pem file> --keypair_uuid <uuid> --life_cycle_priority <Nvidia,OEM,User> -o <output path> sign_cert_container

Where:

--cert_container

Path to a certificate container to sign

--cert_container_type <Add/Remove>

Type of a certificate container to create

-c|--certificate

Path to a .DER formatted certificate

--keypair_uuid

Key-pair UUID of the private key used for signing

--cert_uuid

Time-based UUID generated right before signing

--remove_all_certs

Remove all CA Certificates, provide with the sign_cert_remove command

--life_cycle_priority <Nvidia, OEM , User>

Life-cycle priority of a requested certificate container

-o|--output_file

Path to an output file

-p|--private_key

Path to a private key PEM file for signature generation

--nvidia_signed_oem

NVIDIA signed an OEM certificate

-k|--keep_sig

The whole certificate container will be kept
© Copyright 2025, NVIDIA. Last updated on Nov 9, 2025
content here