ASF Firmware v6.02 Installation/Configuration Instructions
----------------------------------------------------------
This version of the ASF firmware uses a new file naming convention
(for BCM575x firmware) that requires b57diag version 7.16 (or later) to
update the ASF firmware in the adapter's NVRAM.
This version of the ASF firmware requires b57diag version 7.13 (or later)
to configure the ASF configuration table (version 6) in the adapter's NVRAM.
This version of the ASF firmware adds support for the ASF 2.0 specification.
ASF 2.0 is only officially supported for the BCM5750 and BCM5751, although
there is also an engineering release for BCM5705 (for testing purposes only).
Background
----------
The ASF (Alert Standard Format) defines methods for remote management and
control of systems in OS-absent environments.
The Remote Management and Control Protocol (RMCP) defined as part of ASF 1.0
provided no security mechanisms to protect desktop systems from
unauthorized remote management. A managed client (NIC) listens for RMCP
packets on UDP port 26Fh (623).
ASF 2.0 introduced the RMCP Security-Extensions Protocol (RSP) to provide
authentication and integrity services for remote management. The secure RMCP
protocol defined in ASF 2.0 listens for secure RMCP packets on UDP port 298h
(664).
About ASF 2.0
-------------
There are 2 supported authenticated "session" types for ASF 2.0 remote
management: Operator and Administrator. The implication is that authenticated
Administrators may have more "rights" than authenticated Operators, but that
determination is actually made by the individual that configures the Security
Policy of the managed client (NIC). It's actually possible for an
Administrator to have fewer rights than an Operator, if the Security Policy
is configured as such.
Most RMCP messages can be sent to an ASF 2.0 managed client using a
"Bypass Session" which provides no authentication or integrity. However, the
potentially destructive RMCP commands (e.g. Reset, PowerDown, etc.) require
an authenticated session with the proper "rights" to send these commands.
You Will Need
-------------
ASF testing requires a minimum of two computers:
1. A managed client with an ASF-enabled Broadcom Ethernet NIC. This PC should
be tested in both OS-present and OS-absent states.
2. A management console with any Ethernet NIC, running ASF Management Console
software (presumably on Windows).
Software You will need
-------------------
1. A version of b57diag built with Secure ASF support.
You can verify this version by the existence of the "asfcfg" option after
running b57diag with both the "-b57eng" and "-asfeng" options:
ASF 2.0 (Secure RMCP)
2. ASF firmware v6.xx built for your NIC under test
(e.g. for BCM5750/5751, use ASFE5x*.BIN).
3. ASF Management Console (replacement for ASF NetMon), AsfMgmtCon.exe.
To verify the receipt of PET packets, this application requires Windows
SNMP Services be installed and running.
Installation
------------
1. Update the ASF firmware with the b57diag "asfprg" command.
Configuration
-------------
Run "b57diag -shasta -b57eng -asfeng" on the managed client and use the
"asfcfg" command to:
1. Set the NIC's IP address ("SysIP") and the IP address of the management
console ("ManagementConsolIP").
2. Enable the RMCP, PET, and Heart Beat options.
3. Enable ASF 2.0 (Secure RMCP), set the Keys to the desired secret
(password) strings. You can have different Keys for operators and
administrators (the equivalent of different passwords), but both
session types use the same Generation Key.
4. Set the Operator and Administrator Rights values to the desired bit mask
(0x0-0xf), allowing any combination of the following commands to be sent
from an authenticated management console: PowerUp, Reset, ResetPower,
PowerDown. These values determine the Security Policy for the managed
client (NIC).
5. Enable ASF in option 24 of the b57diag "secfg" command menu, or use the
"setasf -e" command to enable this option more easily.
6. Reset the NIC to execute the ASF firmware.
Run AsfMgmtCon on the managment console. Under the "Security" tab, select a
"Role" (Administrator or Operator) and set the Key values to match the
corresponding Key values configured on the managed client.
Operation
---------
You should now be able to click the "Authenticate" button to authenticate the
management console with the managed client. The "End Session" button should
become active indicating you have been successfully authenticated. If the
authentication fails, you can check the log output in the "Manage" tab for
detailed dumps of the authentication packet exchange. Error messages are
prefixed with exclamation marks ('!').
After successful authentication, you should be able to send destructive
commands (i.e. Reset, PowerUp, PowerDown, PowerReset) to the managed client
(using the "Send" button on the "Manage" console). The effect of the
destructive commands depends on the ASF compatibility of the managed client
platform and the SMBus configuration.
All other RMCP commands may be sent without prior authentication. If the
"Secure RMCP" checkbox is not checked in the "Security" tab, AsfMgmtCon will
operate in ASF 1.0 compatibility mode.
/* End-of-file */
Download Driver Pack
After your driver has been downloaded, follow these simple steps to install it.
Expand the archive file (if the download file is in zip or rar format).
If the expanded file has an .exe extension, double click it and follow the installation instructions.
Otherwise, open Device Manager by right-clicking the Start menu and selecting Device Manager.
Find the device and model you want to update in the device list.
Double-click on it to open the Properties dialog box.
From the Properties dialog box, select the Driver tab.
Click the Update Driver button, then follow the instructions.
Very important: You must reboot your system to ensure that any driver updates have taken effect.
For more help, visit our Driver Support section for step-by-step videos on how to install drivers for every file type.