Bypassing the signing mechanism is illegal? Why?

Nouveau developers want to stay legal for good reasons. Yeah, it sucks to leave perfectly usable cards in unusable state but I guess there is no other possibility.

Well I read it, but key they extracted:
a) is nintendo use only,
b) depends on ARM vulnerabilities that GPUs don't have. In fact Nvidia doesn't use ARM on GPUs, but RISC-V for GSP for example.

Almost every vulnerability used to homebrew/extract stuff from nintendo related towards ARM.

And finally final piece in coffin, every single GPU has diffrent key. X1, X2 etc. all have diffrent. Without vulnerability in normal GPUs you can't get GPU keys. So you would need to find a way to abuse Nvidia GPUs in totally diffrent way.

doesn't really matter. We do support the Tegra devices just fine.



except userspace. Anyway, the homebrew community uses mesa/nouveau for OpenGL, and just never seriously contributed any patches back or just refused with bogus arguments like "you wouldn't accept those patches anyway". Or well.. never helped with fixing bugs So to twist it like the original comment did is kind of "hilarious".



There was actually a hw vulnerability which would allow to read out the signing key, because it's all symmetric crypto. But.. you can't publish those keys, so 1. every developer wanting to hack on the firmware would have to extract those keys and 2. Nvidia doesn't need to be pissed of by the nouveau community providing distributable signed firmware, which might or might not have prevented Nvidia even opening up and 3. would put Red Hat in this akward position where it pays money to Nouveau devs but also having a strong partnership with Nvidia.

All in all it's a very very messy situation and one might see why we didn't really want to go into this mess yet. At least from my perspective I wouldn't want to except I get a written ack from Nvidia that I am allowed to do this.

Nouveau is used in commercial products even. And just sharing signing keys or whatever is available is a legal risk especially companies are not willing to get involved in, so worst case Nouveau gets disabled everywhere by default, because of such legal risks.

Probably a way around this is to have a firmware that is signed, that chainloads a firmware that is unsigned.
That way if you want to hack on the firmware you don't need keys, just the signed firmware that chainloads an unsigned firmware.

That is what I saw one time on someone's twitter or IRC. But I can't seem to find the original post and I never kept IRC logs anyways.

Probably a way around this is to have a firmware that is signed, that chainloads a firmware that is unsigned.
That way if you want to hack on the firmware you don't need keys, just the signed firmware that chainloads an unsigned firmware.

that's sadly correct.

So to twist it like the original comment did is kind of "hilarious".

1. every developer wanting to hack on the firmware would have to extract those keys

What about laptops which store the GPU firmware in the system firmware (/BIOS). On these the GPU firmware is pulled out via an ACPI call (IIRC "_ROM"). It seems like nouveau has no problem getting it and uploading it to the GPU. I haven't checked, but does that mean reclocking works on such systems? Or would at least be possible in theory without Nvidia releasing anything else?