Table of Contents
Advertisement
a.
Generate a binary file that contains 8 public keys.
You can use mstconfig command xml2bin to generate the file:
i.
To generate 2048 bits public keys:
1.
2.
3.
4.
5.
6.
7.
8.
9.
ii.
To generate 4096 bits public keys, please follow the same steps as above, but
use "file_public_key_4096" instead of "file_public_key".
For further information,
b.
Set the key's binary file in the firmware image using the mstflint set_public_keys
command.
For further information,
2.
If there is need to modify the definition for the forbidden_versions in a given firmware image
then:
a.
Generate a binary file that contains the forbidden versions.
You can use the mstconfig command xml2bin to generate it according to the steps
described in Step a above (Generate a binary file that contains 8 public keys).
An example for forbidden versions xml node:
<nv_forbidden_versions>
<creation_time_day>18</creation_time_day>
<creation_time_month>6</creation_time_month>
<creation_time_year>7e2</creation_time_year>
<creation_time_second>d</creation_time_second>
<creation_time_minute>19</creation_time_minute>
<creation_time_hour>12</creation_time_hour>
<min_allowed_fw_version>0</min_allowed_fw_version>
<forbidden_fw_version index="0">53:1f:0d06</forbidden_fw_version>
<forbidden_fw_version index="1..31">0</forbidden_fw_version>
</nv_forbidden_versions>
b.
Set the key's binary file in the firmware image using the mstflint
set_forbidden_versions command.
Run: mstconfig gen_tlvs_file output.txt.
Open the output.txt.
Go to the line starting with "file_public_key" and change the 0 to 1.
Save the file and exit.
Run: mstconfig gen_xml_template output.txt output.xml
Open the output.xml.
Duplicate the xml node "file_public_key" so the file has 8 copies, for each
node fill it as follows:
• cs_token_en = 0
• fw_en = 1
• mlnx_nvconf_en = 1
• vendor_nvconf_en = 1
• auth_type: 0x3 for 2048 bits keys and 0x4 for 4096 bits keys.
Example for public_key_exp, keypair_uuid, key:
<public_key_exp>4083403379</public_key_exp>
<keypair_uuid>5A7A2B2A87DB7416</keypair_uuid>
<key>
f8000003000000000000000000010001c459afea005911e797dc000000000000b8168ba624e5cac81d4
91f48c6a3b8f1a816cb7dea789d770893b0fb5abeb67f7a8d19ad8d4203dd8b85b3faaaf96187b116eb
1c5d3f3517c3ce8b4422395f2e43ccb286d4bc4474c8385e857349f35be3094f25ccbd71c209c6531f0
d8bcaacdbbf14af58809e8937e4db424b3d0c48e0cae7b89f53f797b9e24335900448466b0e5182e3a9
4c31e18487f8fe367862c8a70e8c7007d2400760461bbb36470a26d6db13d2e63d137d67cd449c0788c
307ce2dbc3f580ec7207cdb856472520ee956912cfaf77e6e793f620d6e362fa13da036003f85ae8dbb
22d4b314ceb64c
</key>
You can have spaces between the bytes: f8 00 00 03, or you can
have multiple lines.
The order of the bytes is the same as the output of openssl file,
Therefore, you can take the key as is from the openssl file.
Save and Exit.
Run: mstconfig xml2bin output.xml output.bin.
see mstconfig xml2bin
see Setting a "Public Keys" Section in a Binary Image
Command.
File.
59
Advertisement
Table of Contents
