Announcement

Collapse
No announcement yet.

Red Hat Experimenting With "NVK" Nouveau Open-Source Vulkan Driver

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by piotrj3 View Post

    You forget one very important piece - what Switch community did is likely not working in nouveau case.

    1st Tons of Tegra (unlike geforce) is already open source with all the bits.
    doesn't really matter. We do support the Tegra devices just fine.

    Originally posted by piotrj3 View Post
    2nd. There is Tegra development board extremly similar to switch in architecture (Jetson TX1). From perspective of Nouveau, if any work homebrew community did there, it is similar to what Nouveau does in relation to recent open source Nvidia Turing/Ampere driver - you have already stuff you need in open source way).
    except userspace. Anyway, the homebrew community uses mesa/nouveau for OpenGL, and just never seriously contributed any patches back or just refused with bogus arguments like "you wouldn't accept those patches anyway". Or well.. never helped with fixing bugs So to twist it like the original comment did is kind of "hilarious".

    Originally posted by piotrj3 View Post
    3rd. I seriously doubt there is bypass to load unsigned firmware. Because there is tons of scams around that were modifing firmware loading it and selling (on wish for example) GTX 650 as 1050 by modyfing bits in it. Since nvidia introduced that system there is not a single firmware modding tool or ways to make your let's say gtx1060 pretend to be gtx1080ti.
    There was actually a hw vulnerability which would allow to read out the signing key, because it's all symmetric crypto. But.. you can't publish those keys, so 1. every developer wanting to hack on the firmware would have to extract those keys and 2. Nvidia doesn't need to be pissed of by the nouveau community providing distributable signed firmware, which might or might not have prevented Nvidia even opening up and 3. would put Red Hat in this akward position where it pays money to Nouveau devs but also having a strong partnership with Nvidia.

    All in all it's a very very messy situation and one might see why we didn't really want to go into this mess yet. At least from my perspective I wouldn't want to except I get a written ack from Nvidia that I am allowed to do this.

    Comment


    • #22
      What about laptops which store the GPU firmware in the system firmware (/BIOS). On these the GPU firmware is pulled out via an ACPI call (IIRC "_ROM"). It seems like nouveau has no problem getting it and uploading it to the GPU. I haven't checked, but does that mean reclocking works on such systems? Or would at least be possible in theory without Nvidia releasing anything else?

      Comment


      • #23
        Originally posted by binarybanana View Post
        What about laptops which store the GPU firmware in the system firmware (/BIOS). On these the GPU firmware is pulled out via an ACPI call (IIRC "_ROM"). It seems like nouveau has no problem getting it and uploading it to the GPU. I haven't checked, but does that mean reclocking works on such systems? Or would at least be possible in theory without Nvidia releasing anything else?
        Not the firmware, but the VBIOS is pulled and this only contains a description of the hardware essentially.

        Comment


        • #24
          Originally posted by karolherbst View Post

          So to twist it like the original comment did is kind of "hilarious".
          That is what I saw one time on someone's twitter or IRC. But I can't seem to find the original post and I never kept IRC logs anyways.

          Originally posted by karolherbst View Post
          1. every developer wanting to hack on the firmware would have to extract those keys

          Probably a way around this is to have a firmware that is signed, that chainloads a firmware that is unsigned.
          That way if you want to hack on the firmware you don't need keys, just the signed firmware that chainloads an unsigned firmware.
          Last edited by uyjulian; 03 June 2022, 07:49 AM.

          Comment


          • #25
            Originally posted by karolherbst View Post

            that's sadly correct.
            As the owner of a GPU that I was never able to properly use without the proprietary driver, I'm glad this is fixed going forward, but I also wonder if it would be possible to have a 'pass-through mode for developer testing of drivers'... where the proprietary NVIDIA modules load up and do their firmware/clocking stuff, but they allow hand-off to arbitrary user-space drivers. I would absolutely put 'options nvidia.ko untrusted_driver_handoff=1' in my modules.d and run Nouveau if I could.

            I don't know if that's possible, but it would bring many more users to the table for testing of these new drivers.

            Comment


            • #26
              Originally posted by uyjulian View Post

              That is what I saw one time on someone's twitter or IRC. But I can't seem to find the original post and I never kept IRC logs anyways.
              Well, doesn't make it in any way correct.

              Originally posted by uyjulian View Post
              Probably a way around this is to have a firmware that is signed, that chainloads a firmware that is unsigned.
              That way if you want to hack on the firmware you don't need keys, just the signed firmware that chainloads an unsigned firmware.
              maybe, but those falcons have separated code and data memory and I am not sure you can just load code and execute it in any way. Maybe we can replace the entire bootloader thing... nothing one could just try out on a whim though and there are more pressing issues. So if somebody has enough time to figure all of that out, they can just go ahead and try it

              Comment


              • #27
                Originally posted by uyjulian View Post

                Probably a way around this is to have a firmware that is signed, that chainloads a firmware that is unsigned.
                That way if you want to hack on the firmware you don't need keys, just the signed firmware that chainloads an unsigned firmware.
                You couldn't distribute the chainloading signed firmware any more than the complete signed firmware. They're equally illegal.

                Comment


                • #28
                  Originally posted by karolherbst View Post

                  Nouveau is used in commercial products even. And just sharing signing keys or whatever is available is a legal risk especially companies are not willing to get involved in, so worst case Nouveau gets disabled everywhere by default, because of such legal risks.
                  Thank you for clarification. It's good thing that Nouveau developers also want to avoid legal risks. It would be shame to get Nouveau blocked. Especially now when it can finally become much more useful for more users.

                  Comment


                  • #29
                    Originally posted by karolherbst View Post

                    doesn't really matter. We do support the Tegra devices just fine.



                    except userspace. Anyway, the homebrew community uses mesa/nouveau for OpenGL, and just never seriously contributed any patches back or just refused with bogus arguments like "you wouldn't accept those patches anyway". Or well.. never helped with fixing bugs So to twist it like the original comment did is kind of "hilarious".



                    There was actually a hw vulnerability which would allow to read out the signing key, because it's all symmetric crypto. But.. you can't publish those keys, so 1. every developer wanting to hack on the firmware would have to extract those keys and 2. Nvidia doesn't need to be pissed of by the nouveau community providing distributable signed firmware, which might or might not have prevented Nvidia even opening up and 3. would put Red Hat in this akward position where it pays money to Nouveau devs but also having a strong partnership with Nvidia.

                    All in all it's a very very messy situation and one might see why we didn't really want to go into this mess yet. At least from my perspective I wouldn't want to except I get a written ack from Nvidia that I am allowed to do this.
                    Well I read it, but key they extracted:
                    a) is nintendo use only,
                    b) depends on ARM vulnerabilities that GPUs don't have. In fact Nvidia doesn't use ARM on GPUs, but RISC-V for GSP for example.

                    Almost every vulnerability used to homebrew/extract stuff from nintendo related towards ARM.

                    And finally final piece in coffin, every single GPU has diffrent key. X1, X2 etc. all have diffrent. Without vulnerability in normal GPUs you can't get GPU keys. So you would need to find a way to abuse Nvidia GPUs in totally diffrent way.

                    Comment


                    • #30
                      Originally posted by piotrj3 View Post

                      Well I read it, but key they extracted:
                      a) is nintendo use only,
                      b) depends on ARM vulnerabilities that GPUs don't have. In fact Nvidia doesn't use ARM on GPUs, but RISC-V for GSP for example.

                      Almost every vulnerability used to homebrew/extract stuff from nintendo related towards ARM.

                      And finally final piece in coffin, every single GPU has diffrent key. X1, X2 etc. all have diffrent. Without vulnerability in normal GPUs you can't get GPU keys. So you would need to find a way to abuse Nvidia GPUs in totally diffrent way.
                      yeah.. the last part is kind of the huge questions. Is there a way to extract those keys on desktop GPUs as well or not? There are so many ifs involved that it's not something I would be willing to investigate on a whim as long as there are more important things to work on

                      Comment

                      Working...
                      X