Docs: Intel N3000 FPGA Support - Device Image Flashing
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Fix Released
|
Medium
|
M Camp | ||
Bug Description
This is a documentation request for the Story 2006740 - Intel N3000 FPGA Integration
Brief Description
-----------------
This feature provides the integration of Intel N3000 FPGA in StarlingX.
The N3000 FPGA PAC has two Intel XL710 NICs, memory and an Intel FPGA.
The system discovers and inventories the device as a NIC, with the XL710 ports
available in the host port list and host interface list.
Updating an Intel N3000 FPGA Image
The N3000 FPGA as shipped from the factory is expected to have production BMC and factory
images. The following procedure describes how to update the N3000 FPGA user image on a host.
Device image types:
- root-key
The root-key image sets the main authentication key on the hardware.
- functional-key
The functional device image performs the desired work on behalf of the application.
If a rootkey device image has been written to the hardware, then the functional image
will only be accepted if it has been signed by a code-signing key (CSK) generated from
the root key which has not been revoked.
- key-revocation
The key-revocation device image will revoke a code-signing key (CSK). If a root-key device
image has been written to the hardware, then the key-revocation device image will only be
specifying an integer CSK ID, and there are 128 CSK ID cancellation slots.
The root-key device image is known as the "root entry hash bitstream", the functional device
image is known as the "user image", and the key-revocation device image is known as the "CSK
ID cancellation bitstream". For the N3000 a CSK is revoked by specifying an integer ID, and all
CSKs with that ID will be revoked. Writing the root-key device image or a key-revocation device
image is essentially permanent. Reverting to factory status requires physical access to the card
and specialized equipment.
1. Upload the device image.
To upload a root-key device image:
To upload a functional device image:
To upload a revocation key device image:
where:
imagefile The filepath of the binary device image file.
pci_vendor The hexadecimal string identifying the PCI vendor ID of the device this image applies to.
pci_device The hexadecimal string identifying the PCI device ID of the device this image applies to.
name The name of the device image (optional).
description The description of the device image (optional).
2. Assign a device label to the device.
Labels are key-value pairs that are assigned to host PCI devices and are used to specify
attributes of the devices. Labels can be used to identify certain properties of the PCI devices
where the same device image can be used.
The command syntax is:
system host-device-
The label can be overwritten using the --overwrite option. This option is not allowed while the
image update is in progress after running host-device-
Once assigned, a device label can be referenced by multiple device-image-apply commands.
3. Apply the device image on one or all supported devices.
Note: A device firmware update in progress alarm is raised once the first device image
is applied.
The system device-
- Apply a device image to all supported devices:
- Alternatively, apply a device image to devices with a specified label:
4. Write pending device images on the host to hardware.
Note: This operation currently supports one pending device image at a time.
Any previously-
reset to pending and retried.
Root and revocation key updates can be expected to take 1-2 minutes. Functional image
updates can take approximately 40 minutes for the N3000 FPGA.
- Once a device update is complete, system device-
- Once all pending device updates for the host are complete, system host-show hostname
will again display an empty string for device_
5. Lock and unlock the host.
6. Optional: Upload, apply, and update any additional key-revocation device images or
functional device images as needed.
New device images can be uploaded as needed, and already-uploaded images can be applied
with new labels. Devices can also have new labels applied to them and any device images
with matching labels will be automatically applied.
Device Management commands
Listing uploaded device images
system device-image-list
Listing device labels
system host-device-
Removing device labels
system host-device-
Remove a device image
To remove a device image from all devices
system device-image-remove image_uuid
To remove the device image from all devices with a matching label
system device-image-remove image_uuid key1=value1
Initiating a Device Image Update for a Host
system host-device-
Displaying the status of device images
system device-
| Ghada Khalil (gkhalil) wrote | #1 |
| Changed in starlingx: | |
| assignee: | nobody → M Camp (mcamp859) |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| tags: | added: stx.4.0 |
| summary: |
- Docs: Intel N3000 FPGA Support + Docs: Intel N3000 FPGA Support - Device Image Flashing |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to docs (master) | #2 |
| Changed in starlingx: | |
| status: | Triaged → In Progress |
| OpenStack Infra (hudson-openstack) wrote Fix merged to docs (master) | #3 |
| Changed in starlingx: | |
| status: | In Progress → Fix Released |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to docs (r/stx.4.0) | #4 |
| OpenStack Infra (hudson-openstack) wrote Fix merged to docs (r/stx.4.0) | #5 |
Doc updates for an stx.4.0 feature - StoryBoard: https:/