ConnectX-4 VPI Single and Dual Port QSFP28 Adapter Card User Manual
Rev 1.9
Mellanox Technologies
35
If the firmware is updated, the following message is printed to the system’s standard logging file:
Otherwise, the following message is printed:
Please note, this feature is disabled by default. To enable the automatic firmware update upon
system boot, set the following parameter to
“yes”
“RUN_FW_UPDATER_ONBOOT=yes”
in the
openibd service configuration file
“/etc/infiniband/openib.conf”
.
You can opt to exclude a list of devices from the automatic firmware update procedure. To do so,
edit the configurations file
“/opt/mellanox/mlnx-fw-updater/mlnx-fw-updater.conf”
and
provide a comma separated list of PCI devices to exclude from the firmware update.
Example:
4.1.8
UEFI Secure Boot
All kernel modules included in MLNX_OFED for RHEL7 and SLES12 are signed with x.509
key to support loading the modules when Secure Boot is enabled.
4.1.8.1 Enrolling Mellanox's x.509 Public Key On your Systems
In order to support loading MLNX_OFED drivers when an OS supporting Secure Boot boots on
a UEFI-based system with Secure Boot enabled, the Mellanox x.509 public key should be added
to the UEFI Secure Boot key database and loaded onto the system key ring by the kernel.
Follow these steps below to add the Mellanox's x.509 public key to your system:
Step 1.
Download the x.509 public key.
Step 2.
Add the public key to the MOK list using the mokutil utility.
You will be asked to enter and confirm a password for this MOK enrollment request.
Step 3.
Reboot the system.
The pending MOK key enrollment request will be noticed by
shim.efi
and it will launch
Mok
-
Manager.efi
to allow you to complete the enrollment from the UEFI console. You will need to
enter the password you previously associated with this request and confirm the enrollment. Once
done, the public key is added to the MOK list, which is persistent. Once a key is in the MOK list,
it will be automatically propagated to the system key ring and subsequent will be booted when
the UEFI Secure Boot is enabled.
fw_updater: Firmware was updated. Please reboot your system for the changes to take
effect.
fw_updater: Didn't detect new devices with old firmware.
MLNX_EXCLUDE_DEVICES="00:05.0,00:07.0"
Prior to adding the Mellanox's x.509 public key to your system, please make sure:
• the 'mokutil' package is installed on your system
• the system is booted in UEFI mode
# wget http://www.mellanox.com/downloads/ofed/mlnx_signing_key_pub.der
# mokutil --import mlnx_signing_key_pub.der
To see what keys have been added to the system key ring on the current boot, install the 'keyutils'
package and run:
#keyctl list %:.system_keyring
