Afaik this was not possible because you can only load signed firmware, extracting it from the blob driver does not yeld a properly signed firmware.

Even the nvidia driver has to load signed firmware so why wouldn't we be able to have signed files from it then?

One of the developers said why they don't do that. https://www.phoronix.com/forums/foru...07#post1051307

It basically boils down to writing some pretty malware-like software to intercept this firmware loading process.

I quite frankly still think that the lack of any progress in this field is beyond suspicious, I mean if you can't reclock the card anyway, then Noveau is more a hobby project than something actually useful.

I think nouveau devs deserve a lot of respect. This could be done with enough time, but I'm worried that by the time someone figures out how to use custom firmware (or at least reclock the GPU) that series will be deprecated or very close to. I think Nvidia secured their hardware well enough to thwart any attempts to get into it with the amount of required alone.

I wish they would just play along and stop releasing awful proprietary drivers, and then fail to maintain them through their life cycles they've announce. Free drivers that barely work might be better than ones that actually work, as they will keep people from buying Nvidia's hardware because of the situation with drivers.

We don't need custom firmware and the signing keys, just a few files. Nvidia gives out some of them, to make the hardware work, but just not enough to allow nouveau to come closer to the binary one. Someone fears that nouveau will steal the show or so. Cracking the key is impossible, but cutting out the necessary files in a script should be possible if someone skilled is looking for it.

If you don't know, then please, don't make absurd speculations.

The firmware is signed from nvidia before been distributed. The check of the signature is done by the card that has the (public) key.
It just makes sure that the uploaded code is the same as the one signed.

Actually it is just improving the mmiotracer to intercept DMA commands.

So absurd that they actually match what others said:

Then maybe nouveau devs are all stupid, but luckily there's you to show them how to extract the firmware from the official drivers and load it into the GPU, right?

Actually intercepting DMA commands is just malware-like.

You want to know why? That tool does require debug features to be actually compiled in the kernel, and like most debug tools they are obvious gaping security holes, that aren't usually enabled in production kernels. https://www.mjmwired.net/kernel/Docu.../mmiotrace.txt

For example I would have to recompile my own kernel on OpenSUSE as "CONFIG_MMIOTRACE is not set" and I would also need CONFIG_DEBUG_FS.

Also, its usage does not seem that easy to automate either if I read that readme correctly.

Why this matters? Because you can't just have an experienced dev run this on select GPUs to extract the firmware and then redistribute it, as this would violate NVIDIA's license.

You would have to make a script that can do this on client PCs, and you would have to ask your users to recompile and install a debug-enabled kernel for this trick to work.

Is it possible? yeah. But I guess it is a massive PITA as if it was "just improving the mmiotracer" they would have done it already.

The "others" don't seem to be developers and they don't seem to collaborate your "explanation".

It is absurd for the driver to sign the firmware. It means that the driver also contain the signing key. That key is far more valuable, as once it is found-out, it could be used to sign any custom created firmware. This is the reason the private key is kept in safe place in NVidia and the public key is placed inside the card.

Now, the driver might contain the firmware in obfuscated form, it may need to be decrypted before uploading. However the driver still needs to have the key for decrypting the file. At the end, it just means that extracting the firmware might need a bit more complicated program than a script.

I repeated what imirkin has said.
Malware comes from malicious-software. It is not a technical term describing a group of used techniques . It describes behavior.
In other words, not every debug tool is malware, just because some malware could use debug tools.
Don't spread FUD.

You are correct that the firmware obtained through mmiotracer cannot be distributed, for legal reasons. It's however because its copyright is owned by NVidia, not because it breaks the license. Indeed it is a minor distinction, but it's the loophole that allows firmware extraction by users.

Finding out how to obtain the firmware from the binary drivers might require some RE and this is also legally risky for the developers. They should not be tainted by RE.

MMIOTrace can't be "changed" to intercept DMA. It works by removing PTEs on the relevant mmio areas, and installing a page fault handler which emulates the underlying instruction and figures out what address it would have read/written with what value.

In order to "intercept" the DMA, one would either have to do the same with an IOMMU, where I think faults aren't so easy to handle, and it's unlikely to be possible to restart the source transactions. A more probable approach is to make something that analyzes the trace data in real-time, and when it's detected that certain commands are being sent to the hardware, to also access the system memory which those commands are telling the GPU to retrieve data from.

Also, to clarify, the signed firmware is just a blob of data. Once it's identified, it's usually easy to make a tool that extracts it. I've even made a scanner that looks for firmware-type blobs in the code. https://github.com/envytools/firmware . I did this for the video decoding accel firmware, for example, as well as various gr firmware (fecs, gpccs).

Of course, once we have the firmware and can load it correctly (which is no easy feat), that's still only like 10% of the battle. Now we have to interact with this firmware properly in order to perform reclocking. It's not like one command, it's going to be a very complex procedure, heavily involving VBIOS table data, etc.

All in all, stick to Kepler. Or get AMD.