Difference between revisions of "BCM5719"
(Adding more resources from Guillaume Delugré's talks) |
(Add instructions on switching from proprietary firmware to open source firmware.) |
||
(14 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
==Overview== | ==Overview== | ||
− | The BCM5719 is the [[NIC|NIC]] integrated into the [[Talos_II|Talos™ II]] systems. | + | The BCM5719 is the [[NIC|NIC]] integrated into the [[Talos_II|Talos™ II]] and [[Blackbird|Blackbird™]] systems. It is based on the wildly popular NetXtreme architecture, and there have been efforts to document the internal operation of devices based on that architecture. |
− | + | The BCM5719 also connects to the BMC via RGMII NC-SI, providing network connectivity to the BMC. | |
+ | |||
+ | ==Firmware== | ||
+ | |||
+ | All Raptor systems shipped after May 10, 2021 use the open-source Ortega firmware for the BCM5719 device. | ||
+ | |||
+ | Older devices that shipped with the proprietary firmware can be updated to the open source firmware by following the [https://github.com/meklort/bcm5719-fw instructions on github] or by using the following command: | ||
+ | <pre<includeonly></includeonly> class="plainlinks" style="background:black; color:RGB(187,187,187); border:2px #ddd inset; padding:4px; overflow:auto; margin:1px; max-height:{{{height|30em}}}; _height:{{{height|30em}}};font-size:10pt;{{{textstyle|}}}"> | ||
+ | [user@hostname ~]$ <span style="font-weight: bold;">sudo fwupdmgr switch-branch</span> | ||
+ | </pre> | ||
+ | Once on the open source firmware branch, fwupd will will provide updates using the following command: | ||
+ | <pre<includeonly></includeonly> class="plainlinks" style="background:black; color:RGB(187,187,187); border:2px #ddd inset; padding:4px; overflow:auto; margin:1px; max-height:{{{height|30em}}}; _height:{{{height|30em}}};font-size:10pt;{{{textstyle|}}}"> | ||
+ | [user@hostname ~]$ <span style="font-weight: bold;">sudo fwupdmgr update</span> | ||
+ | </pre> | ||
==Details== | ==Details== | ||
Line 21: | Line 34: | ||
|6 | |6 | ||
|MAC Address (port 1) | |MAC Address (port 1) | ||
+ | |NO | ||
+ | |- | ||
+ | |0x20a | ||
+ | |6 | ||
+ | |MAC Address (port 2) | ||
+ | |NO | ||
+ | |- | ||
+ | |0x25a | ||
+ | |6 | ||
+ | |MAC Address (port 3) | ||
|NO | |NO | ||
|} | |} | ||
==Resources== | ==Resources== | ||
− | * [[:File:Bcm5719_talos.bin| | + | * [https://git.raptorcs.com/git/bcm5719-ortega/ Official Ortega firmware shipped on Raptor systems] |
− | * [https://static.raptorcs.com/TALOSII/contest_files/10-hack.lu-nicreverse_slides.pdf | + | * [https://docs.broadcom.com/docs-and-downloads/collateral/pg/5718-PG107-R.pdf Register manual] |
− | * [https://infocon.org/cons/Hack%20In%20The%20Box/HITB%202011%20-%20Malaysia/D2T3%20-%20Guillaume%20Delugre%20-%20Reverse%20Engineering%20Broadcom%20NetExtreme%20Firmware.pdf Slides from second presentation of Guillaume Delugré's talk at HITB Malaysia 2011 | + | * [[:File:Bcm5719_talos.bin|Proprietary Broadcom firmware image]] for recovery of bricked [[Talos_II|Talos™ II]] on-board NICs. This image is considered deprecated by Raptor, and Raptor strongly recommends the use of the open-source Ortega firmware instead of the proprietary Broadcom firmware. Note that the two MAC addresses inside this image '''must''' be changed to match the MAC addresses on your particular [[Talos_II|Talos™ II]] system; failure to do so could potentially cause serious network issues, including harm to other computers and/or users on any network(s) attached to the Broadcom network ports. |
− | * [http://esec-lab.sogeti.com/static/publications/11-recon-nicreverse_slides.pdf Slides | + | * Reverse engineering work by Guillaume Delugré |
− | + | ** [https://static.raptorcs.com/TALOSII/contest_files/10-hack.lu-nicreverse_slides.pdf Slides] from initial presentation by Guillaume Delugré at HACK.LU 2010 | |
+ | ** [https://infocon.org/cons/Hack%20In%20The%20Box/HITB%202011%20-%20Malaysia/D2T3%20-%20Guillaume%20Delugre%20-%20Reverse%20Engineering%20Broadcom%20NetExtreme%20Firmware.pdf Slides] from second presentation of Guillaume Delugré's talk at HITB Malaysia 2011 | ||
+ | ** [http://esec-lab.sogeti.com/static/publications/11-recon-nicreverse_slides.pdf Slides] and [https://infocon.org/cons/REcon/REcon%202011/14_Guillaume_Delugre.mp4 Audio] from [https://recon.cx/2011/schedule/events/120.en.html followup presentation] by Guillaume Delugré for Recon 2011 (Video in file is broken)] | ||
+ | * '''[[Project Ortega]]''' — firmware reverse engineering project | ||
+ | * [https://github.com/meklort/bcm5719-fw/ meklort/bcm5719-fw] - firmware reimplementation (BSD licensed) | ||
==References== | ==References== | ||
+ | |||
+ | [[Category:Mainboard Components]] |
Latest revision as of 07:16, 3 July 2021
Contents
Overview
The BCM5719 is the NIC integrated into the Talos™ II and Blackbird™ systems. It is based on the wildly popular NetXtreme architecture, and there have been efforts to document the internal operation of devices based on that architecture.
The BCM5719 also connects to the BMC via RGMII NC-SI, providing network connectivity to the BMC.
Firmware
All Raptor systems shipped after May 10, 2021 use the open-source Ortega firmware for the BCM5719 device.
Older devices that shipped with the proprietary firmware can be updated to the open source firmware by following the instructions on github or by using the following command:
[user@hostname ~]$ sudo fwupdmgr switch-branch
Once on the open source firmware branch, fwupd will will provide updates using the following command:
[user@hostname ~]$ sudo fwupdmgr update
Details
On board EEPROM layout (note: may change as understanding of EEPROM file system evolves)
Offset | Length | Data | CRC Protected |
---|---|---|---|
0x7e | 6 | MAC Address (port 0) | NO |
0xce | 6 | MAC Address (port 1) | NO |
0x20a | 6 | MAC Address (port 2) | NO |
0x25a | 6 | MAC Address (port 3) | NO |
Resources
- Official Ortega firmware shipped on Raptor systems
- Register manual
- Proprietary Broadcom firmware image for recovery of bricked Talos™ II on-board NICs. This image is considered deprecated by Raptor, and Raptor strongly recommends the use of the open-source Ortega firmware instead of the proprietary Broadcom firmware. Note that the two MAC addresses inside this image must be changed to match the MAC addresses on your particular Talos™ II system; failure to do so could potentially cause serious network issues, including harm to other computers and/or users on any network(s) attached to the Broadcom network ports.
- Reverse engineering work by Guillaume Delugré
- Slides from initial presentation by Guillaume Delugré at HACK.LU 2010
- Slides from second presentation of Guillaume Delugré's talk at HITB Malaysia 2011
- Slides and Audio from followup presentation by Guillaume Delugré for Recon 2011 (Video in file is broken)]
- Project Ortega — firmware reverse engineering project
- meklort/bcm5719-fw - firmware reimplementation (BSD licensed)