From RCS Wiki
Jump to navigation Jump to search


The BCM5719 is the NIC integrated into the Talos™ II and Blackbird™ systems. It is based on the wildly popular NetXtreme architecture, and there have been efforts to document the internal operation of devices based on that architecture.

As the BCM5719 is the only on-board device on the non-SAS Talos™ II variants to use proprietary firmware, Raptor Computing Systems has started a contest to see who can create a truly libre replacement firmware[1]. Anyone with the appropriate skill set is encouraged to take up the challenge, and contributions to this page as the device is analyzed in detail are welcomed.

While the BCM5719 does, at least for now, execute proprietary firmware it is prevented from corrupting the operating system and/or other protected memory regions via the system IOMMU[2].

The BCM5719 also connects to the BMC via RGMII NC-SI, providing network connectivity to the BMC.


On board EEPROM layout (note: may change as understanding of EEPROM file system evolves)

Offset Length Data CRC Protected
0x7e 6 MAC Address (port 0) NO
0xce 6 MAC Address (port 1) NO
0x20a 6 MAC Address (port 2) NO
0x25a 6 MAC Address (port 3) NO


  • Register manual
  • Firmware image for recovery of bricked Talos™ II on-board NICs. Note that the two MAC addresses inside this image must be changed to match the MAC addresses on your particular Talos™ II system; failure to do so could potentially cause serious network issues, including harm to other computers and/or users on any network(s) attached to the Broadcom network ports.
  • Reverse engineering work by Guillaume Delugré
    • Slides from initial presentation by Guillaume Delugré at HACK.LU 2010
    • Slides from second presentation of Guillaume Delugré's talk at HITB Malaysia 2011
    • Slides and Audio from followup presentation by Guillaume Delugré for Recon 2011 (Video in file is broken)]
  • Project Ortega — firmware reverse engineering project
  • meklort/bcm5719-fw - firmware reimplementation (BSD licensed)