[Nouveau] NVIDIA Falcon Microprocessor Security

[Martin Peres]

Hi Andy,

On 26/09/2014 19:19, Andy Ritger wrote:
> Hi, all.
>
> Below is a link to a brief document describing some changes in NVIDIA
> Falcon processors ("fuc", in Nouveau-speak, IIUC)
We actually renamed most of our docs to falcon :)

> that happened in
> Maxwell: certain aspects of the chip will only be available to Falcon
> firmware images signed by NVIDIA.  So far, the set of restricted things
> is pretty small, but I expect this list will slowly grow over future
> hardware generations.
>
>      ftp://download.nvidia.com/open-gpu-doc/Falcon-Security/1/Falcon-Security.html
>
> I suspect this will not be the most popular decision, but it is the
> direction the hardware is taking.

Thank you for the heads-up! We actually wondered yesterday about
what kind of operations were forbidden without a signed falcon.

> On a slightly different note, we'd like to work out the best way to
> make NVIDIA firmware images separately (from the rest of the driver)
> available and officially redistributable for use by Nouveau.  At this
> point, it is mostly just a release engineering question, but I don't think
> we'll have a lot of influence over the content: the engineers working on
> Falcon microcode assume it changes in lock-step with NVIDIA's nvidia.ko,
> so there are no backwards compatibility guarantees.  How painful has
> the lack of backwards compatibility been for Nouveau thus far?
>
> If NVIDIA just released firmware binaries along side each NVIDIA GPU driver
> release, would it be reasonable for Nouveau to pick and choose which
> firmware you'd like promoted to, e.g.,
>
>      http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/
>
> ?
>
> Anyway, this might be a good topic to discuss at XDC.  It looks I'll
> see a lot of you then; I'm looking forward to it!

Yeah, this really seems like a very good discussion to have at XDC. I'll
find a room for us to sit and discuss the problem.

Thanks again and see you soon!
Martin