The journey for updating Realtek NIC MAC

Realtek Network Interface Controller (NIC, also known as a Network Interface Card) is widely used in PC. Usually an EEPROM would be connected to the RTL NIC chip to provide programmable storage for saving some network related setting, such as MAC address. IP address is bound with the MAC. So if multiple NIC has same MAC, it would be a disaster for switch/bridge/router to correctly forward IP packet.

On Linux and Windows, it is possible to change the MAC address temporarily by using some command such as ifconfig, but the setting won't persist during reboot. It is also possible to override the MAC address with a saved file or value stored in Registry table and keep the change permanently. However, this change can also get lost if the card is moved to a different setup, or the OS gets reinstalled.

So to permanently change the MAC, will need to reprogram the EEPROM. There is an Open Source tools, rtl8168-eeprom, supposed can be used to update EEPROM. However, several issues to get it working:

1) open('/dev/mem') may fail, due to a new kernel feature 'KERNEL_LOCKDOWN'.

2) Rebuild kernel from source. After build and install, it cannot boot the new kernel with error

/boot/vmlinuz-x.y.z-generic has invalid signature

This is due to for secure boot, customer kernel has to be signed. Refer to this.

3) Tried to build kernel with CONFIG_SECURITY_LOCKDOWN_LSM disabled, will run into problem during kernel_config, as KERNEL_LOCKDOWN is forced on due to config policy setting

4) Build old kernel 4.4 from source for Ubuntu 20.04 (Focal Fossa) doesn't work very well, as the kernel version is too low which cause build problem.

5) So the way to run the tools is install kernel 4.4 deb package from LaunchPad. However, the tools cannot properly access RTL8168 EEPROM as it failed to read back the ID from EEPROM.

Ethtool has option '-m' for dump module EEPROM, '-e' for dump EEPROM, and '-E' for update MAC. However, running ethtool with these option may get  'Operation Not Permitted' error. Run 'ethtool -i devname' may get 'support-eeprom-access: no'. So the NIC driver does not support EEPROM access.

As a side note, Realtek might have released some tools for this purpose, which can run on Windows, Linux, and UEFI shell. You can search for 'RTNicPG' from Internet. I'm able to find several links but none of them from Realtek official website. Maybe it got leaked out as an internal used tools.