NVIDIA Alerts Nouveau: They're Starting To Sign/Validate GPU Firmware Images

Written by Michael Larabel in Nouveau on 27 September 2014 at 04:20 AM EDT. 105 Comments
To the dismay of open-source fans, NVIDIA is tightening the belt so to speak around their GPU hardware: with Maxwell and future hardware, certain aspects of the NVIDIA graphics processor chip will only be available to the "Falcon" (a.k.a. "FUC") firmware images that have been signed by NVIDIA. While this will throw a wrench at Nouveau's open-source effort, NVIDIA at least informed Nouveau and are jointly working towards an adequate solution.

Andy Ritger, one of the long-time NVIDIA Linux developers who is is a great person to work with, informed the Nouveau community on Friday night about the tightening of the "Falcon" micro-processor security. Falcon is what the Nouveau developers have referred to as "FUC" and it's the firmware for this micro-processor onboard the GPU that's needed in order to properly support hardware acceleration, etc. I.e. it's critical. It's what causes problems when NVIDIA hardware is first reverse-engineered and enabled by Nouveau: usually for the first few kernel releases it requires Nouveau users to first initialize their hardware with the proprietary NVIDIA driver to obtain an MMIOtrace'd dump so they can then create their own firmware files. However, moving forward the hardware is going to be expecting signed firmware images in order to expose the complete GPU capabilities. With time, Nouveau's DRM driver has come up with the ability to self-generate its required FUC microcode for given GPUs so that it will work freely across NVIDIA GPUs without depending upon closed-source and non-redistributable firmware blobs.

Andy explained, "certain aspects of the chip will only be available to Falcon firmware images signed by NVIDIA. So far, the set of restricted things is pretty small, but I expect this list will slowly grow over future hardware generations."

NVIDIA requiring signed firmware images is being done to better protect the hardware from being misprogrammed for security reasons. With this initial security implementation, the restrictions are relatively mundane like protecting fuses and ROM from being written by incorrect or malicious software. There's protections for registers dealing with thermal shutdown and the thermal sensors while with GM20x there's now physical memory access restrictions too. However, as Andy mentioned, he expects the restrictions to grow over time for firmware that hasn't been signed by NVIDIA Corp.

To help out Nouveau, Ritger and his team are working on the best way to make NVIDIA firmware images separate from the rest of their Linux driver. As what would be a win for end-users, NVIDIA would make these firmware images "officially redistributable for use by Nouveau" -- i.e. avoiding the situation above where early hardware enablement currently requires doing MMIOtrace dumps, generating your own firmware files, etc as you could now use NVIDIA's public firmware images.

NVIDIA providing closed-source, redistributable firmware images for use by Nouveau wouldn't be too far off from what AMD does right now, albeit a step back from where things are at when Nouveau can spin its own firmware support. While AMD has their much-praised, open-source Linux graphics driver stack, the driver does remain entirely dependent upon the company's closed-source microcode files for operation. This is why the open-source Radeon graphics don't work in Debian (out of the box) and other distributions that refrain from shipping binary-only firmware blobs.

Andy asked the Nouveau developers about backwards compatibility concerns and other questions and he hopes to have a greater discussion early next month at XDC2014 Bordeaux. Andy's email can be found here along with some early responses. At the end of the day, NVIDIA hardware is becoming tighter with more restrictions imposed (in the name of security) and the hardware is less open-source friendly on a fundamental term, but NVIDIA's Linux group continues to increase their cooperation with Nouveau to ensure this doesn't thwart their open-source effort and that this open-source NVIDIA Linux driver will remain viable for end-users.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week