Announcement

Collapse
No announcement yet.

NVIDIA Wants To Be A Better Linux Patron

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Prescience500
    replied
    If Matthew Garrett's solution is implemented, would that make NVIDIA's proprietary drivers compatable with Wayland?

    Leave a comment:


  • entropy
    replied
    Originally posted by 0xBADCODE View Post
    To make kernel mode locked down you have to prohibit loading of unsigned kernel code. By default only kernel code signed by Fedora people would be able to load. That's where Nvidia could hit yet another wall with their binary crap. They seems to compile kernel module on the go. However, there is no private key to sign it. So it looks like if there is some trouble on the way: the module would not load. The driver would not work. Allow unsigned module load and whole secure- thing vanishes as nothing would prevent anyone (including rootkit authors) to load their own modules in this way. Basically neutralizing all effects of "secure" thing. Sure, this "secure"-boot is just a big fake to transfer control over computer from user to hardware & software manufacturers. However getting so many job on securing thing just to fail it in such a stupid way is just very dumb. And it's proprietary drivers who are getting in the way again...

    P.S. also signing code you've never seen is like blindly signing contract you've never read.
    If Red Hat/Ubuntu have signed kernels what does "technically" hinders them to load whatever kernel modules?
    Of course this fundamentally questions the chain of trust, but serious question, is a signed kernel only able to load signed modules?
    If so, how is that done "technically"?

    Edit: Note to myself: RTFM - Matthew's blog comes with a roundup: http://mjg59.dreamwidth.org/12368.html
    Last edited by entropy; 06-24-2012, 10:22 PM.

    Leave a comment:


  • 0xBADCODE
    replied
    Originally posted by asdx
    How exactly secure boot is going to break blobs like nvidia? If so, we should really take advantage of things like this to incentive Nvidia to improve the current situation and be more helpful to the Linux community.
    To make kernel mode locked down you have to prohibit loading of unsigned kernel code. By default only kernel code signed by Fedora people would be able to load. That's where Nvidia could hit yet another wall with their binary crap. They seems to compile kernel module on the go. However, there is no private key to sign it. So it looks like if there is some trouble on the way: the module would not load. The driver would not work. Allow unsigned module load and whole secure- thing vanishes as nothing would prevent anyone (including rootkit authors) to load their own modules in this way. Basically neutralizing all effects of "secure" thing. Sure, this "secure"-boot is just a big fake to transfer control over computer from user to hardware & software manufacturers. However getting so many job on securing thing just to fail it in such a stupid way is just very dumb. And it's proprietary drivers who are getting in the way again...

    P.S. also signing code you've never seen is like blindly signing contract you've never read.

    Leave a comment:


  • johnc
    replied
    I sure hope they don't spend a dime or an ounce of effort on anything that doesn't in the end make for a better end-user experience for those of us who actually buy their products.

    Leave a comment:


  • deanjo
    replied
    Originally posted by Dukenukemx View Post
    Upper-management is still Nvidia no matter how you slice it. Then Nvidia should fire those guys, and get management that will allow to have open source drivers. Unless Nvidia plans to support even Legacy products, there will always be a need for open source drivers.
    They already support legacy products.

    Leave a comment:


  • 0xBADCODE
    replied
    Nvidia is still double standard guys, right?

    The best way to help to Linux is obviously to publish datasheets for their GPUs and possibly help those who already working on nouveau. Same goes for SoC's as well. However as for me it looks like if nVIDIA hasn't got it right and rather cares about "restoring their good image" than about actual cooperation, getting things running and doing it in ways convenient for devs, maintainers and (as the result) users as well.

    Hey Nvidia. Just take a look how AMD and Intel are doing it for Linux. Unfortunately this implies working on opensource drivers and publishing PDFs.
    Last edited by 0xBADCODE; 06-24-2012, 09:54 PM.

    Leave a comment:


  • Dukenukemx
    replied
    Upper-management is still Nvidia no matter how you slice it. Then Nvidia should fire those guys, and get management that will allow to have open source drivers. Unless Nvidia plans to support even Legacy products, there will always be a need for open source drivers.

    Leave a comment:


  • entropy
    replied
    Originally posted by patrik View Post
    Not exactly. What he suggests is that Nouveau and Nvidia share the Nouveau code. If they don't share it, it wont get into mainline because the kernel doesn't accept shim drivers.
    There might also be a few trick in the command submission code of the blob that they don't like to reveal (fencing, reordering, priorities). Also, I think they would have a hard time keeping their "one driver core for all platforms" intact.
    Thanks for clarifying this. I wasn't that sure as my post might imply.

    I'm not sure what a 'shim driver' is, though. If someone creates a new closed-source DDX for radeon that
    interacts with the existing libdrm kernel implementation - would that be a 'shim driver'?
    If so, how would the kernel devs be able to reject them? It's userspace like the mesa bits.
    And they surely had to stick to the kernel drm part if there is at least one OSS userspace driver that needs it, right?

    Originally posted by patrik View Post
    It's still a good idea but would require efforts from both Nouveau and Nvidia.
    It sounds like a major overhaul of both pieces of code.

    Leave a comment:


  • patrik
    replied
    Originally posted by entropy View Post
    That's actually what Matthew Garrett suggested in his reply:
    Not exactly. What he suggests is that Nouveau and Nvidia share the Nouveau code. If they don't share it, it wont get into mainline because the kernel doesn't accept shim drivers.

    There might also be a few trick in the command submission code of the blob that they don't like to reveal (fencing, reordering, priorities). Also, I think they would have a hard time keeping their "one driver core for all platforms" intact.

    It's still a good idea but would require efforts from both Nouveau and Nvidia.

    Leave a comment:


  • ElderSnake
    replied
    I like Matthew Garrett's idea. Seems to be the best compromise between both parties if NVIDIA is so desperate to keep their 3D engine bits so secret.

    Leave a comment:

Working...
X