Announcement

Collapse
No announcement yet.

NVIDIA Publishes Nouveau Patches For Secure Boot, Unified Firmware Loading

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • NVIDIA Publishes Nouveau Patches For Secure Boot, Unified Firmware Loading

    Phoronix: NVIDIA Publishes Nouveau Patches For Secure Boot, Unified Firmware Loading

    NVIDIA has released new patches today for helping the open-source Nouveau driver step towards properly supporting the GeForce GTX 900 "Maxwell" graphics cards as well as better supporting Tegra...

    http://www.phoronix.com/scan.php?pag...Secure-Boot-FW

  • #2
    Hm, I get the description of secure boot, but what's the problem it's trying to solve?

    Comment


    • #3
      It looks that Nvidia want's to go the Tegra X1 route for all Maxwell 2 - and hopefully older - GPUs now. A bit late but at least it seems to happen...

      Comment


      • #4
        Originally posted by bug77 View Post
        Hm, I get the description of secure boot, but what's the problem it's trying to solve?
        Haven't looked at the patches, but from the description it sounds like code to load signed microcode images (probably including some validation by the HW or microcode), so that modified microcode images won't load & run unless they have been signed by the vendor.

        The problem it's trying to solve is typically risk of someone hacking microcode to work around various aspects of content protection, if not on Linux then on other OSes which support the same HW.
        Last edited by bridgman; 18 January 2016, 10:44 AM.
        Test signature

        Comment


        • #5
          Originally posted by bridgman View Post

          Haven't looked at the patches, but from the description it sounds like code to load signed microcode images (probably including some validation by the HW or microcode), so that modified microcode images won't load & run unless they have been signed by the vendor.

          The problem it's trying to solve is typically risk of someone hacking microcode to work around various aspects of content protection, if not on Linux then on other OSes which support the same HW.
          Has this kind of attack ever been reported in the wild? Or is nvidia giving us a solution looking for a problem? Or maybe they saw what intel did and thought, why not?

          Comment


          • #6
            Originally posted by bug77 View Post

            Has this kind of attack ever been reported in the wild? Or is nvidia giving us a solution looking for a problem? Or maybe they saw what intel did and thought, why not?
            IIRC, part of the motivation for NVIDIA doing this was due to Chinese sellers modifying the BIOS/firmware to advertise a given card as something else -- e.g. to fake passing off a GTX 950 as a GTX 970.
            Michael Larabel
            http://www.michaellarabel.com/

            Comment


            • #7
              The problem is that whether an attack has happened or not is kind of irrelevant, we all need to prevent it anyways in order to satisfy the cluster of agreements that bind us to our content protection overlords.

              You're probably thinking "we don't care about that stuff on Linux" and you're probably right, but because we sell the same hardware for use with multiple OSes the security considerations need to be driven by the tightest requirements, not the loosest ones.

              EDIT - ouch, didn't know about the faking of hardware, that would not make for happy camper customers
              Test signature

              Comment


              • #8
                Michael

                ​Well not only that, you could create your own Quadro cards with half bios patch/half soldering. Now Nvidia must be really stupid to use a PCI ID for a legal hardware that can be constructed via only soldering.

                Comment


                • #9
                  Then you need to stay away from AAA games without fglrx profiles Well most ppl boot Windows for games anyway because only a few % of AAA titles are available for Linux. Like where is GTA V - even Payday 2 was announed and never done.

                  Comment


                  • #10
                    Originally posted by Michael View Post

                    IIRC, part of the motivation for NVIDIA doing this was due to Chinese sellers modifying the BIOS/firmware to advertise a given card as something else -- e.g. to fake passing off a GTX 950 as a GTX 970.
                    Originally posted by bridgman View Post
                    The problem is that whether an attack has happened or not is kind of irrelevant, we all need to prevent it anyways in order to satisfy the cluster of agreements that bind us to our content protection overlords.

                    You're probably thinking "we don't care about that stuff on Linux" and you're probably right, but because we sell the same hardware for use with multiple OSes the security considerations need to be driven by the tightest requirements, not the loosest ones.

                    EDIT - ouch, didn't know about the faking of hardware, that would not make for happy camper customers
                    Ok, so it seems there's sound reasoning behind this secure boot.

                    PS I still await the day the Chinese will counterfeit a Chinese counterfeit. It seems they have everything else covered.

                    Comment

                    Working...
                    X