Nvidia MSTFLINT Documentation page 57

Hide thumbs Also See for MSTFLINT:

Manual (129 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

Table of Contents

Tool

Flow

HW SET (Set flash

parameters)

"--no_fw_ctrl" (Legacy

Flow)

Read

mstmc

Write

mstre

Read

gdump

mstco

working

nfig

mstfw

working

reset

The following sections describe how Secure FW updates are performed.

Signing Binary Image Files

For firmware Secure purposes, you may sign the image file using the sign command. If you do not

provide the sign command with a private key and UUID, the command will only compute SHA256

digest and add it to the image signature section. The sign command supports RSA keys with lengths

of 2048 and 4096 bits.

•

If you provide a private key with the length of 2048 bits, the command will compute SHA256

digest and encrypt it with the private key and add the result with the provided UUID to the

appropriate image signature section.

•

If you provide a private key with the length of 4096 bits, the command will compute SHA512

digest and encrypt it with the provided key and add the result with the provided UUID to the

appropriate image signature.

You can sign with two keys in the same command by providing keys with lengths of 2048 and 4096

bits. The flags to be used for the first private key and uuid are "--private_key" and "--key_uuid",

and for the second private and uuid use "--private_key2" and "–key_uuid2".

The motivation for signing with two keys is to allow a firmware update from both firmwares,

the one that supports only 2048bit keys and the one that supports 4096bit keys.

Examples:

# mstflint -i /tmp/image.bin sign --private_key privatekey.pem --key_uuid

# mstflint -i /tmp/image.bin sign --private_key privatekey_2048.pem --key_uuid

a990-0cc47a6d39d2"

--private_key2 privatekey_4096.pem --key_uuid2

Secure FW

Flash GW is blocked

Not supported in Secure FW

working

Read Only CR- Space

working

With CS Token

Flash GW is blocked

Not supported in Secure FW

working

"e0129552-13ba-11e7-a990-0cc47a6d39d2"

"e0129552-13ba-11e7-

"a0b43568-17cb-16e9-a990-0ff47a6d39e4"

Blocked

Commands

Flash GW is

blocked

MFBA

working

Read Only

CR- Space

working

Table of Contents

Nvidia MSTFLINT Documentation page 57

Related Manuals for Nvidia MSTFLINT

Related Products for Nvidia MSTFLINT

Table of Contents