Difference between revisions of "BCM5719"

From RCS Wiki
Jump to navigation Jump to search
(Adding more resources from Guillaume Delugré's talks)
(Add instructions on switching from proprietary firmware to open source firmware.)
 
(14 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
==Overview==
 
==Overview==
  
The BCM5719 is the [[NIC|NIC]] integrated into the [[Talos_II|Talos™ II]] systems. It is based on the wildly popular NetXtreme architecture, and there have been efforts to document the internal operation of devices based on that architecture.
+
The BCM5719 is the [[NIC|NIC]] integrated into the [[Talos_II|Talos™ II]] and [[Blackbird|Blackbird™]] systems. It is based on the wildly popular NetXtreme architecture, and there have been efforts to document the internal operation of devices based on that architecture.
  
As the BCM5719 is the only on-board device on the non-SAS [[Talos_II|Talos™ II]] variants to use proprietary firmware, Raptor Computing Systems has started a contest to see who can create a truly libre replacement firmware<ref>https://www.raptorcs.com/TALOSII/nic_fw_contest.php</ref>.  Anyone with the appropriate skill set is encouraged to take up the challenge, and contributions to this page as the device is analyzed in detail are welcomed.
+
The BCM5719 also connects to the BMC via RGMII NC-SI, providing network connectivity to the BMC.
 +
 
 +
==Firmware==
 +
 
 +
All Raptor systems shipped after May 10, 2021 use the open-source Ortega firmware for the BCM5719 device.
 +
 
 +
Older devices that shipped with the proprietary firmware can be updated to the open source firmware by following the [https://github.com/meklort/bcm5719-fw instructions on github] or by using the following command:
 +
<pre<includeonly></includeonly> class="plainlinks" style="background:black; color:RGB(187,187,187); border:2px #ddd inset; padding:4px; overflow:auto; margin:1px; max-height:{{{height|30em}}}; _height:{{{height|30em}}};font-size:10pt;{{{textstyle|}}}">
 +
[user@hostname ~]$ <span style="font-weight: bold;">sudo fwupdmgr switch-branch</span>
 +
</pre>
 +
Once on the open source firmware branch, fwupd will will provide updates using the following command:
 +
<pre<includeonly></includeonly> class="plainlinks" style="background:black; color:RGB(187,187,187); border:2px #ddd inset; padding:4px; overflow:auto; margin:1px; max-height:{{{height|30em}}}; _height:{{{height|30em}}};font-size:10pt;{{{textstyle|}}}">
 +
[user@hostname ~]$ <span style="font-weight: bold;">sudo fwupdmgr update</span>
 +
</pre>
  
 
==Details==
 
==Details==
Line 21: Line 34:
 
|6
 
|6
 
|MAC Address (port 1)
 
|MAC Address (port 1)
 +
|NO
 +
|-
 +
|0x20a
 +
|6
 +
|MAC Address (port 2)
 +
|NO
 +
|-
 +
|0x25a
 +
|6
 +
|MAC Address (port 3)
 
|NO
 
|NO
 
|}
 
|}
  
 
==Resources==
 
==Resources==
* [[:File:Bcm5719_talos.bin|Firmware image]] for recovery of bricked [[Talos_II|Talos™ II]] on-board NICs.  Note that the two MAC addresses inside this image '''must''' be changed to match the MAC addresses on your particular [[Talos_II|Talos™ II]] system; failure to do so may violate law and could potentially cause serious network issues.
+
* [https://git.raptorcs.com/git/bcm5719-ortega/ Official Ortega firmware shipped on Raptor systems]
* [https://static.raptorcs.com/TALOSII/contest_files/10-hack.lu-nicreverse_slides.pdf Initial reverse engineering effort by Guillaume Delugré]
+
* [https://docs.broadcom.com/docs-and-downloads/collateral/pg/5718-PG107-R.pdf Register manual]
* [https://infocon.org/cons/Hack%20In%20The%20Box/HITB%202011%20-%20Malaysia/D2T3%20-%20Guillaume%20Delugre%20-%20Reverse%20Engineering%20Broadcom%20NetExtreme%20Firmware.pdf Slides from second presentation of Guillaume Delugré's talk at HITB Malaysia 2011]
+
* [[:File:Bcm5719_talos.bin|Proprietary Broadcom firmware image]] for recovery of bricked [[Talos_II|Talos™ II]] on-board NICs.  This image is considered deprecated by Raptor, and Raptor strongly recommends the use of the open-source Ortega firmware instead of the proprietary Broadcom firmware.  Note that the two MAC addresses inside this image '''must''' be changed to match the MAC addresses on your particular [[Talos_II|Talos™ II]] system; failure to do so could potentially cause serious network issues, including harm to other computers and/or users on any network(s) attached to the Broadcom network ports.
* [http://esec-lab.sogeti.com/static/publications/11-recon-nicreverse_slides.pdf Slides from followup presentation by Guillaume Delugré for Recon 2011]
+
* Reverse engineering work by Guillaume Delugré
* [https://infocon.org/cons/REcon/REcon%202011/14_Guillaume_Delugre.mp4 Audio from Recon 2011 presentation (Video in file is broken)]
+
** [https://static.raptorcs.com/TALOSII/contest_files/10-hack.lu-nicreverse_slides.pdf Slides] from initial presentation by Guillaume Delugré at HACK.LU 2010
 +
** [https://infocon.org/cons/Hack%20In%20The%20Box/HITB%202011%20-%20Malaysia/D2T3%20-%20Guillaume%20Delugre%20-%20Reverse%20Engineering%20Broadcom%20NetExtreme%20Firmware.pdf Slides] from second presentation of Guillaume Delugré's talk at HITB Malaysia 2011
 +
** [http://esec-lab.sogeti.com/static/publications/11-recon-nicreverse_slides.pdf Slides] and [https://infocon.org/cons/REcon/REcon%202011/14_Guillaume_Delugre.mp4 Audio] from [https://recon.cx/2011/schedule/events/120.en.html followup presentation] by Guillaume Delugré for Recon 2011 (Video in file is broken)]
 +
* '''[[Project Ortega]]''' &mdash; firmware reverse engineering project
 +
* [https://github.com/meklort/bcm5719-fw/ meklort/bcm5719-fw] - firmware reimplementation (BSD licensed)
  
 
==References==
 
==References==
 +
 +
[[Category:Mainboard Components]]

Latest revision as of 07:16, 3 July 2021

Overview

The BCM5719 is the NIC integrated into the Talos™ II and Blackbird™ systems. It is based on the wildly popular NetXtreme architecture, and there have been efforts to document the internal operation of devices based on that architecture.

The BCM5719 also connects to the BMC via RGMII NC-SI, providing network connectivity to the BMC.

Firmware

All Raptor systems shipped after May 10, 2021 use the open-source Ortega firmware for the BCM5719 device.

Older devices that shipped with the proprietary firmware can be updated to the open source firmware by following the instructions on github or by using the following command:

Once on the open source firmware branch, fwupd will will provide updates using the following command:

Details

On board EEPROM layout (note: may change as understanding of EEPROM file system evolves)

Offset Length Data CRC Protected
0x7e 6 MAC Address (port 0) NO
0xce 6 MAC Address (port 1) NO
0x20a 6 MAC Address (port 2) NO
0x25a 6 MAC Address (port 3) NO

Resources

  • Official Ortega firmware shipped on Raptor systems
  • Register manual
  • Proprietary Broadcom firmware image for recovery of bricked Talos™ II on-board NICs. This image is considered deprecated by Raptor, and Raptor strongly recommends the use of the open-source Ortega firmware instead of the proprietary Broadcom firmware. Note that the two MAC addresses inside this image must be changed to match the MAC addresses on your particular Talos™ II system; failure to do so could potentially cause serious network issues, including harm to other computers and/or users on any network(s) attached to the Broadcom network ports.
  • Reverse engineering work by Guillaume Delugré
    • Slides from initial presentation by Guillaume Delugré at HACK.LU 2010
    • Slides from second presentation of Guillaume Delugré's talk at HITB Malaysia 2011
    • Slides and Audio from followup presentation by Guillaume Delugré for Recon 2011 (Video in file is broken)]
  • Project Ortega — firmware reverse engineering project
  • meklort/bcm5719-fw - firmware reimplementation (BSD licensed)

References