NVIDIA BlueField BMC Software
NVIDIA BlueField BMC Software
Breadcrumbs

Changes and New Features

For an archive of changes and features from previous releases, please refer to "Change Log History".

Changes and New Features

  • Extended Arm-UEFI support to ensure seamless operation until BlueField BMC initialization completes

  • Added RTC battery voltage monitoring to the SDR list for enhanced system diagnostics

  • Implemented Redfish mutual authentication support for BlueField-3 platforms

  • Updated BMC FRU content to enhance backward compatibility 

  • Added BMC Redfish support for remote attestation over Redfish specifically for SPDM:

    • BlueField NIC

    • CEC1736 (BMC ERoT)

  • Added support for the sensors ddr_temp and rtc_voltage under "BMC Sensor Data"

  • Security Hardening: Implemented several Linux kernel configuration changes to improve system security and activated kernel module signature. The following table summarizes key modifications:
    ParameterOld ValueNew ValueReasonCONFIG_KEXECyesNot setEnables replacement of running kernel using kexec command.CONFIG_SLAB_MERGE_DEFAULTyesNot setPrevents merging similar-sized slab caches, mitigating cross-slab heap attacksCONFIG_SHUFFLE_PAGE_ALLOCATORNot setyesEnables randomization of the high-order page allocation freelistCONFIG_SECURITY_DMESG_RESTRICTNot setyesPrevents kernel memory address leakage through dmesg CONFIG_DEBUG_FSyesNot setDisables debugfs, reducing the kernel’s attack surfaceCONFIG_BPF_SYSCALLyesNot setDisables the bpf() syscall, restricting manipulation of BPF programs and mapsCONFIG_USER_NSyesNot setDisables user namespaces to prevent privilege escalation via namespace exploitsCONFIG_BUG_ON_DATA_CORRUPTIONNot setyesEnables kernel validation checks for detecting data corruptionCONFIG_DEFAULT_MMAP_MIN_ADDR409632768Increases the minimum mmap address to mitigate kernel NULL pointer dereference exploitsCONFIG_DEBUG_KMEMLEAKyesNot setDisabled due to its dependency on CONFIG_DEBUG_FS, which is also now disabledThis parameter changed only in BlueField-2 (already not set in BlueField-3).

    Changes to the kernel configuration parameters were made in accordance with recommended security hardening practices from the Linux Kernel Self-Protection Project (KSPP)grsecurity and CLIP OS.

Last updated: