You clearly don't know how signing binaries work.

You compile stuff, and then you run a software that adds a cryptographic signature linked to both the hash of the binary file AND your own private key (NVIDIA's in this case).

That ensures that the binary signed in that way cannot be tampered as any tampering with it will change its hash and therefore fail the signature check, AND that it comes from someone that has your own private key.

This would allow the firmware to be opensource while still not allowing people to run their own firmware on your hardware, which would allow opensource DRM or security mechanisms to work fine. Because if their signature is correct then you are sure that the program being run was compiled by a trusted party AND was not tampered with in any way.
And this is done also on Windows, because there is a big amount of people that will try to hack or tamper with binaries too.

Again this check would need to be performed by some trusted part of the system, so we have ME and friends. That's one of the main reasons they are there. In the case of NVIDIA it's the card's BIOS doing the check.

To add to what imirkin said, all distros sign in a similar way their packages, and all package managers complain loudly if they get a package with a wrong or unknown signature.

Signatures aren't DRM, they have different goals.

Signatures allow you to make sure that the file comes from a TRUSTED source and was NOT tampered with. Anyone can read the file without any issue, it does not protect the contents in any way.

DRM uses various tricks to not allow everyone else to view the file unless they have the key or something. It's usually some form of encryption.

The reasons they keep firmwares closed, apart from trade secrets and license agreements is that media industry is full of retards that still believe what you posted above (opensource = easy to crack because it's all open) is true. (not calling you retard, mind me)

When it clearly is not, because you need to cryptographically sign your stuff anyway even if it is closed-source.

Right - I get that. But that still doesn't explain how open sourcing the firmware will keep the private key private.

To clarify, I don't think open sourcing things makes them easy to crack, when the encryption is dynamic. But if the firmware is unique to the binary and the binary is open source, then I really don't understand how exactly it remains protected. Neither you or imirkin have explained what prevents someone from reproducing the private key of open source firmware.

I actually wouldn't buy anything else for gaming on Windows.
Their Linux driver sucks in terms of X performance though and they give a dam anymore about VDPAU. This is not a great experience, deal with it.

It works with official drivers.

The private key is unrelated to the binary. (I assume you meant "private key" instead of "firmware", if not, then I can't understand what you are saying here)

You can google up "digital signature" and you'll get good explanations of the practice, it's pretty widespread and well-known. https://www.docusign.com/how-it-work...-signature-faq

As you see from that explanation, the file is hashed, then the hash is encrypted by using a private key (unrelated to the file itself), and the hash can be decrypted by using the public key of the public-private key pair.
Without private key you can't make a new signature because that's how public-private key systems work (private can encrypt/decrypt, public can only decrypt).

And no, you cannot recompute the private key by using a file signature and the file hash.
You always have the file hash anyway as shown above, the signature is just some plain text stuff appended to it in a standardized way and you can always strip it out of the file if you want, it's not like open source gives you any edge in getting the file hash or stripping the signature.
For why that you would need to look up how private-public key algorithms work. I'm not enough into that to be able to explain it, I just know you can't do that because math reasons. I suspect prime factorization might be involved (as it is pivotal in most modern encryption systems) https://learncryptography.com/mathem...-factorization

Ummmmmm.... Last benches I saw their linux driver blob was pretty good and still better than open AMD driver. Noveau isn't from NVIDIA, and Windows comparisons are usually unfair as most games on Linux are ports.

Not their DDX driver, it really sucks badly. Catalyst was the worst and nVidia was the second worse. Now that Catalyst is gone, nVidia is now the worst. Great OpenGL drivers, absolutely horrible DDX drivers. It's unbearable with multiple monitors.

EDIT: If it were possible to use the modesetting DDX it would probably be fantastic..... But..... it can't...

From my side: please focus on older cards NVE7 as GK107, which have troubles with vdpau in mp4 and wmv. And also with id identification and energy management - only from kernel 4.4. To 3.19 was any problems, only with vdpau. Also please focus on PVLD engine. Thx