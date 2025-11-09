On This Page
mstflint: Secure Host
Secure host is the general term for the capability of a device to protect itself and the subnet from malicious software through mechanisms such as blocking access of untrusted entities to the device configuration registers, directly (through PCIe) and indirectly (through MADs).
The supported opcodes of secure_host register by flint tool is setting/unsettling the lock.
WARNING:
Once a hardware access key is set, the hardware can be accessed only after the correct key is provided.
If a key is lost, please refer to Key Loss Recovery.
The hardware access in this mode is allowed only if a correct 64 bits key is provided.
Secure Host feature is supported for all NVIDIA® network adapters [the feature is supported on firmware version 1x.22.1002 or newer.]
Setting the Secure Host Key (for all NIC cards)
To set the key, run:
# mstflint -d
41:
00.0 set_key
22062011
Setting the HW Key - OK
Restoring signature - OK
A driver restart is required to activate the new key.
Accessing the device after hardware access is disabled should show the following:
# mstflint -d <dev> q
E- Cannot open <dev>: HW access is disabled on the device.
E- Run
"mstflint -d <dev> hw_access enable" in order to enable HW access.
Back user should run the following:
For ConnectX-4 and above devices:
run:
# mstflint -d <device> hw_access enable
Enter Key: ********
If a key is lost, there is no way to recover it using the tool. The only way to recover is to:
Connect the flash-not-present jumper on the card.
Reboot the machine.
Re-burn firmware
Remove the flash-not-present jumper.
Reboot the machine
Re-set the hardware access key