Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Nvidia Manuals
  4. Computer Hardware
  5. Mellanox ConnectX-6 MCX654106A-ECAT
  6. User manual

Nvidia Mellanox ConnectX-6 MCX654106A-ECAT User Manual page 51

Infiniband/vpi adapter cards
Hide thumbs Also See for Mellanox ConnectX-6 MCX654106A-ECAT:

Advertisement

separated list of PCI devices to exclude from the firmware update.
Example:
MLNX_EXCLUDE_DEVICES="00:05.0,00:07.0"
UEFI Secure Boot
All kernel modules included in MLNX_OFED for RHEL7 and SLES12 are signed with x.509 key to
support loading the modules when Secure Boot is enabled.
Enrolling Mellanox's x.509 Public Key on Your Systems
In order to support loading MLNX_OFED drivers when an OS supporting Secure Boot boots on a UEFI-
based system with Secure Boot enabled, the Mellanox x.509 public key should be added to the UEFI
Secure Boot key database and loaded onto the system key ring by the kernel.
Follow these steps below to add the Mellanox's x.509 public key to your system:
Prior to adding the Mellanox's x.509 public key to your system, please make sure that (1) The
'mokutil' package is installed on your system, and (2) The system is booted in UEFI mode.
1.
Download the x.509 public key.
# wget
http://www.mellanox.com/downloads/ofed/mlnx_signing_key_pub.der
2.
Add the public key to the MOK list using the mokutil utility.
# mokutil
--import
3.
Reboot the system.
The pending MOK key enrollment request will be noticed by shim.efi and it will launch MokManager.efi
to allow you to complete the enrollment from the UEFI console. You will need to enter the password
you previously associated with this request and confirm the enrollment. Once done, the public key is
added to the MOK list, which is persistent. Once a key is in the MOK list, it will be automatically
propagated to the system key ring and subsequent will be booted when the UEFI Secure Boot is
enabled.
To see what keys have been added to the system key ring on the current boot, install the
'keyutils' package and run: #keyctl list %:.system_keyring#
Removing Signature from kernel Modules
The signature can be removed from a signed kernel module using the 'strip' utility which is provided by
the 'binutils' package. The strip utility will change the given file without saving a backup. The operation
can be undo only by resigning the kernel module. Hence, we recommend backing up a copy prior to
removing the signature.
To remove the signature from the MLNX_OFED kernel modules:
1.
Remove the signature.
mlnx_signing_key_pub.der
51

Advertisement

loading

Related Manuals for Nvidia Mellanox ConnectX-6 MCX654106A-ECAT

Related Products for Nvidia Mellanox ConnectX-6 MCX654106A-ECAT

This manual is also suitable for:

Mellanox connectx-6 mcx653105a-efatMellanox connectx-6 mcx653106a-efatMellanox connectx-6 mcx651105a-edatMellanox connectx-6 mcx653105a-ecatMellanox connectx-6 mcx653106a-ecatMellanox connectx-6 mcx653105a-hdat ... Show all