NVIDIA BIOS Signature Lock Broken - What Caused Open-Source Pains For Years

New (Windows) tools have been released that break the NVIDIA BIOS Signature Lock, the "security" functionality in use since the GeForce GTX 900 days around signed firmware/BIOS handling. This authentication mechanism is what in turn has led to the GeForce GTX 700 series still being the best supported series by the open-source Nouveau driver while the GTX 900 series and later have been crippled to their low boot clock speeds due to PMU/re-clocking restrictions. While Nouveau developers have been working on the GPU System Processor (GSP) approach for RTX 20 "Turing" GPUs and newer to workaround this limitation as NVIDIA's blessed path forward, the NVIDIA BIOS Signature Lock has now been broken by Windows modders.

For a decade now NVIDIA has had these BIOS signature checks as part of their increased security/authentication around the vBIOS and firmware of the device. NVIDIA's public reasoning was to prevent fraudulent individuals/companies from flashing a vBIOS of a higher-end graphics card onto a lower-end product to sell it at a premium as if it were the higher-end product. But these checks in turn have caused much grief for the open-source Nouveau driver community and also killed off the vBIOS modding community popular among Windows gamers/enthusiasts wishing to fine-tune their graphics card for better performance.

With the NVIDIA BIOS Signature Lock being broken, a Windows utility was released today that allows for cross-flashing BIOS images on graphics cards, raising power limits on pre-Turing GPUs, and have more control around the graphics card's voltages, fan curve, and other attributes.

More details on this NVIDIA lock being broken can be found via TechPowerUP. The Windows tools are OMGVflash and NVflashk for supporting vBIOS modding and cross-flashing with newer generations of GPUs.

The GeForce GTX 700 series is the last generation of cards to work well with the Nouveau open-source driver and not be contingent upon any extra signed firmware blobs for initialization.

Whether this lock being broken will have any meaningful impact on the Nouveau developers remains to be seen, but likely won't due to the legal gray area and so far I haven't seen the source code or documentation for how this lock was defeated. Additionally, the Nouveau developers continuing to work on their kernel DRM driver are currently focused on getting the NVIDIA GPU System Processor (GSP) support in place for better handling RTX 20 series and newer hardware. But it sure would be nice if things were still like the GeForce GTX 700 days and prior that allowed for better open-source driver support without having to worry about the security/authentication requirements. In any event, this is just another example of artificial software locks eventually being broken.