Robert Mustacchi

I made something public.

I made something public.

Yeah, so we do something a little weird with the neck.

Yeah, so we do something a little weird with the neck.

Yeah. We've gone our own way. One of the things that we were really trying to make sure we could do, because the NIC has its own firmware and configuration, which changes a whole bunch of different settings and things there, is we wanted to make sure we could validate slash attest that information. And we went through a bunch of different ways as a group to figure out how could we do that.

Yeah. We've gone our own way. One of the things that we were really trying to make sure we could do, because the NIC has its own firmware and configuration, which changes a whole bunch of different settings and things there, is we wanted to make sure we could validate slash attest that information. And we went through a bunch of different ways as a group to figure out how could we do that.

And what we settled was that the NIC actually has its own manufacturing mode built in. So, which is useful, because some of this config file are things like, you know, what PCI, you know, it's a whole bunch of information for the PCIe certies, or, you know, describes things about how Ethernet should work, you know, what, do you have I squared C for transceivers? Do you have different PHYs, etc.

And what we settled was that the NIC actually has its own manufacturing mode built in. So, which is useful, because some of this config file are things like, you know, what PCI, you know, it's a whole bunch of information for the PCIe certies, or, you know, describes things about how Ethernet should work, you know, what, do you have I squared C for transceivers? Do you have different PHYs, etc.

So this information is all very critical for the NIC to work. But, you know, we didn't want to have just a one time factory programming process here, because What if we need to update it? What if something got wrong? How do we deal with it? So we end up using this feature of the NIC called manufacturing mode, which basically has the NIC boot out of an internal mask ROM. It doesn't enable Ethernet.

So this information is all very critical for the NIC to work. But, you know, we didn't want to have just a one time factory programming process here, because What if we need to update it? What if something got wrong? How do we deal with it? So we end up using this feature of the NIC called manufacturing mode, which basically has the NIC boot out of an internal mask ROM. It doesn't enable Ethernet.

It doesn't load any firmware that would run on some of the cores internally. It doesn't do a whole lot of stuff. But it gives us access to the hardware blocks for the NIC's own... EEPROM and SpyFlash.

It doesn't load any firmware that would run on some of the cores internally. It doesn't do a whole lot of stuff. But it gives us access to the hardware blocks for the NIC's own... EEPROM and SpyFlash.

So basically what this means is rather than basically creating a complex MUX system to change ownership of these devices like we have to for the host SpyFlash, here we basically read and validate this through the NIC in its manufacturing mode. So what this means is that every time the server turns on... We're all booted.

So basically what this means is rather than basically creating a complex MUX system to change ownership of these devices like we have to for the host SpyFlash, here we basically read and validate this through the NIC in its manufacturing mode. So what this means is that every time the server turns on... We're all booted.

So the way we've rigged this up is that on the board, we have a GPIO strapped. So the system, the NIC always shows up in manufacturing mode. Right. Then, because we have power control over every device, we can basically validate all this and effectively, you know, we don't necessarily turn off all the power here.

So the way we've rigged this up is that on the board, we have a GPIO strapped. So the system, the NIC always shows up in manufacturing mode. Right. Then, because we have power control over every device, we can basically validate all this and effectively, you know, we don't necessarily turn off all the power here.

We kind of reassert the reset of the device and then basically boot it back up into what they call mission mode.

We kind of reassert the reset of the device and then basically boot it back up into what they call mission mode.

So yeah, the way mission mode works is exactly that way, Adam. They basically have a little spy nor flash, a little EEPROM, and it reads from that. And so we have those same things, it's just that in manufacturing mode, to basically bootstrap it, we just do it through the NIC.

So yeah, the way mission mode works is exactly that way, Adam. They basically have a little spy nor flash, a little EEPROM, and it reads from that. And so we have those same things, it's just that in manufacturing mode, to basically bootstrap it, we just do it through the NIC.