SFP/SFP+ memory map
SFP [USER] allows read/erase/write of any block or page in memory map. Please take a look at memory organization for typical SFP & SFP+ transceivers:
- In block A0h (256bytes) first 128bytes (00h – 7Fh) are for serial ID and vendor information. It may be write protected (password may be required). Second 128bytes (80h-FFh) are reserved.
- In block A2h (256bytes) first 127bytes (00h – 7Eh) are diagnostic information (alarm and warning thresholds, cal constants, real time diagnostics) and optional password entry area. 128th byte (7Fh) is page select byte (only if SFP supports pages). Next 128 bytes (80h-FFh) is page content (depends on selected page). SFP may not support A2h block (it will be communication error) or page select (it may contain only single page). Page 00h or 01h is User Writable EEPROM (120bytes) and vendor specific (8bytes). Page 0 may be write protected (password may be required). Page 02h is for control functions. Pages 03h-7Fh are reserved. Pages 80h-FFh are vendor specific.
- In SFF-8472 specification starting from page 11 you can check exactly what information is stored in memory
QSFP/QSFP+ (QSFP28) memory map
QSFP [USER] allows to read/erase/write of any block or page in QSFP/QSFP+ memory map. The [USER] mode allows to read/write specific part of memory. Please check memory organization table for your QSFP/QSFP+ module datasheet or in MSA Standard (SFF-8636 specification):
- QSFP/QSFP+ contains only block A0h (256 bytes) divided into pages (byte 7Fh in block A0h is page select byte). Pages are 128bytes length. Page 00h is required and provides static module identity and capabilities information (it may be write protected with password). Other pages may be optional.
- Please note that Read-Only bytes can NOT be modified - it will be no effect (or verification error) if you try to change these bytes
- In SFF-8636 specification starting from page 32 you can check exactly what information is stored in specific memory areas
With REVELPROG-IS you can select page from menu and read/write specific pages.
Please note that you do not have to change page bytes manually in buffer.
XFP memory map
XFP [USER] allows to read/erase/write of any block or table in XFP memory map. Please check memory organization for your XFP module datasheet or in MSA Standard (INF-8077i specification):
- XFP contains only block A0h (256 bytes) divided into tables (byte 7Fh in block A0h is table select byte). Tables are 128bytes length. Table 01h is default and contains Serial ID Data. Table 02h is User EEPROM. Tables may be write protected (password may be required for erase or write). Other pages may be optional.
Write protected transceivers and password entry
Some transceivers also provides an optional password entry location that may be used to protect vendor internal functions or user writable memory. Password shall not be required to read any data, but it may be used for write protection for specific areas. Nor shall passwords be required to write any controls defined in the digital diagnostics functions. Passwords may be used by manufacturers to control write access to MSA defined read only data for factory setup, or to OEMs to limit write access in the User EEPROM area. Finally, passwords may be used to control read or write access to the vendor specific pages or tables. Separate passwords value ranges will be defined to prevent accidental writing to critical module control areas. There are 2 types of passwords: manufacturer password and host password (also known as user password). You can enter password using password tool in REVEPLROG-IS application. If you do not know password, you can try to hack it using brute force password tool.
Please check this topic for more details how to password entry or how to search password for protected modules:
Writing protected SFP / QSFP / XFP and searching password (brute force method)