BCM5719

From RCS Wiki
Jump to: navigation, search

Overview

The BCM5719 is the NIC integrated into the Talos™ II systems. It is based on the wildly popular NetXtreme architecture, and there have been efforts to document the internal operation of devices based on that architecture.

As the BCM5719 is the only on-board device on the non-SAS Talos™ II variants to use proprietary firmware, Raptor Computing Systems has started a contest to see who can create a truly libre replacement firmware[1]. Anyone with the appropriate skill set is encouraged to take up the challenge, and contributions to this page as the device is analyzed in detail are welcomed.

While the BCM5719 does, at least for now, execute proprietary firmware it is prevented from corrupting the operating system and/or other protected memory regions via the system IOMMU[2].

Details

On board EEPROM layout (note: may change as understanding of EEPROM file system evolves)

Offset Length Data CRC Protected
0x7e 6 MAC Address (port 0) NO
0xce 6 MAC Address (port 1) NO
0x20a 6 MAC Address (port 2) NO
0x25a 6 MAC Address (port 3) NO

Resources

  • Firmware image for recovery of bricked Talos™ II on-board NICs. Note that the two MAC addresses inside this image must be changed to match the MAC addresses on your particular Talos™ II system; failure to do so could potentially cause serious network issues, including harm to other computers and/or users on any network(s) attached to the Broadcom network ports.
  • Reverse engineering work by Guillaume Delugré
    • Slides from initial presentation by Guillaume Delugré at HACK.LU 2010
    • Slides from second presentation of Guillaume Delugré's talk at HITB Malaysia 2011
    • Slides and Audio from followup presentation by Guillaume Delugré for Recon 2011 (Video in file is broken)]
  • Project Ortega — firmware reverse engineering project

References