Slashdot Mirror
NVIDIA Begins Requiring Signed GPU Firmware Images
An anonymous reader writes: In a blow to those working on open-source drivers, soft-mods for enhancing graphics cards, and the Chinese knock-offs of graphics cards, NVIDIA has begun signing and validating GPU firmware images. With the latest-generation Maxwell GPUs, not all engine functionality is being exposed unless the hardware detects the firmware image was signed by NVIDIA. This is a setback to the open-source Nouveau Linux graphics driver but they're working towards a solution where NVIDIA can provide signed, closed-source firmware images to the driver project for redistribution. Initially the lack of a signed firmware image will prevent some thermal-related bits from being programmed but with future hardware the list of requirements is expected to rise.
I'm guessing this is a response to Alibaba, where you can buy a $300 graphics card for $100 so long as you're OK with being an $80 card with a flashed bios. Remember folks, if it looks too good to be true it probably is :(.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Robot Chicken!
"NVIDIA, f**k you!" - Linus Torvalds
That's the god damn fucking last straw. All these years I thought Nividia was slowly being dragged into the open by Nouveau. Digging their heals in but still an inexorable movement in the direction of the inevitable. But jesus fucking christ this move is such bullshit, 2 steps forward and 5 steps back. No more nvidia for me. They've just made AMD the only choice for graphics cards.
Yeah. F**k Nvidia for keeping scammers from selling faulty video cards with hacked bios's.
How dare they protect their brand integrity!
Look at the bright side. Since this will hurt demand for NVIDIA products, they will be cheaper. Being cheap is a good thing.
Um. Correct me if I'm wrong, but isn't AMD/ATI even worse with open source drivers?
Firmware != Drivers
Surely it is impossible to have an opensource software if it needs a key to build it into a runnable program?
I mean you have the binary but you cannot recreate it from the source without that key to sign it with. The key is part of the source and you don't have it.
I'm pretty sure that the people upset by this will equal less than 1% of their total GPU sales.
Of the people who use computers, how many use linux, and also need powerful GPUs?
You're talking about people doing cheap supercompuing work, and linux gamers. Thats the entire market segment affected by this.
That and the people in china making counterfeit graphics cards.
For my Broadcom wirless card in Linux, the firmware has to be ripped out of the windows driver, and put into a compatible Linux driver layer. Sounds like something similar will happen with Nvidia.
On the bright side, most Linux distros have a package that does all of this automatically, so it's not so bad from a user standpoint.
If it's flashable, it is hackable, right? We'll get right on it. They will rue the day when we can print our own cards. Too bad there is no real karma in this world. Then again, if there was, we would all be dead.
If the firmware were on a flash memory soldered to the video card's PCB, there wouldn't be a problem. But a lot of devices that use a proprietary blob omit the flash to save a few cents and expect the driver to copy this blob to the device at each boot. So in this case, firmware is part of drivers.
The whole point of Noveau is to avoid Nvidia's closed proprietary blobs, for those Linux users who value freedom over mere costlessness.
Presenting a costless closed proprietary blob as the solution is about as incorrect as possible.
Surely it is impossible to have an opensource software if it needs a key to build it into a runnable program?
Of course you can under TiVo's interpretation of GPLv2, so long as the key is not an executable part of the program. The publisher can apply the signature key as part of linking the executable.
I mean you have the binary but you cannot recreate it from the source without that key to sign it with.
You're referring "Installation Information" in GPLv3. GPLv2 refers to something similar in "scripts to control compilation and installation", but it's not nearly as explicit as in GPLv3.
I've had it. I don't understand why they don't just release all of the specs of the cards. Why don't they give them away for free? Or provide a 3D-printable download at the very least. Fuck nVidia!
The real motivation for this is a current generation of nVidia based root kits- they have storage, processing, and access to the system. There is currently, not publicly, a way to dump an image of a card. Shortly a tool will be released that allows DFIR folks to dump an image for analysis.
I was always torn on buying NVIDIA or not. This, it seems, settles it for me. And no, I won't go to the hassle of finding out whether this particular model is crippled or not.
Torvalds was right.
With all this hassle nowadays - I remember the times when nVidia was the only company supporting Linux and was something like the darly child of the FOSS community - which company actually *is* the most FOSS friendly today? Intel? AMD/ATI? Some other company?
Educated opinions on this needed.
We suffer more in our imagination than in reality. - Seneca
the FOSS community wont stand for it, they will just abandon Nvidia and focus on just maintaining drivers for old cards, and put their efforts in to either hacking driver signatures or ignoring the new nvidia cards and focusing on other cards like ATI and Intel
Politics is Treachery, Religion is Brainwashing
Is truly being anti-consumer these days....
Just like how their Shield Controller, which is pretty much a 360 controller with a touchpad, require a geforce GPU to even work.. can't install the drivers if you don't have the gpu... even if you want to use game streaming, to get your game from your geforced powered PC in another room to a HTPC in the living room and use the controller, you can't. It's BS.
they are capable for a little while. Usually the 90 days to get out of any warranty work. Maybe a few of 'em even run at the clock freqs without crashing. It's not just clock freq either. Nvidia shuts off broken cores in software. You're games might run but they'll crash a lot. What Nvidia's worried about is that You'll blame them for a buggy card and go buy AMD. It has major brand damage potential especially with Alibaba about to become a household word what with their IPO.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
So, they're locking out things that can brick the card (flash ROM/fuses, screw up thermal sensors) and apparently a hint of OS security (the Falcons that respond to userspace commands can no longer access physical memory, only virtual memory). The latter sounds somewhat bizarre, considering the firmware should be fully under the control of the driver, not userspace (I guess/hope?), but not unreasonable. Maybe there are software security reasons for this.
Nouveau is free to continue using its own free blobs or to switch to nvidia's. If they start adding restrictions that actively cripple useful features or are DRM nonsense, then I would start complaining, but so far it sounds like an attempt at protecting the hardware while maintaining manufacturing flexibility for nvidia. This isn't much different from devices which are fused at the factory with thermal parameters and with some units disabled; the only difference is that here firmware is involved.
NV seem to be turning friendlier towards nouveau, so I'd give them the benefit of the doubt. If they wanted to be evil, they would've just required signed firmware for the card to function at all. The fact that they're bothering to have non-secure modes and are only locking out very specific features suggests they're actively trying to play nicely with open source software.
Probably whatever GPU is in a Respects Your Freedom certified laptop such as the Gluglug X60.
Andy Ritger at Nvidia is already in talks with Ben Skeggs and Martin Peres with Nouveau. They're are going to hash out the details at XDC2014. The impact for Nouveau is in the packaging and distribution parts of the cycle, not development. Also, it was Nvidia who reached out to Nouveau, not the other way around. Nvidia has their reasons for doing this, but it's not an anti FOSS thing. It's more likely one of the more sane reasons posted above.
So everyone just relax their sphincters a bit....
Intel has I believe all their Linux drivers fully open sourced. However, they're not really fast compared to AMD or NVidia. AMD has two driver versions, their closed source catalyst driver and the open source one. The catalyst driver is much faster, energy efficient and can do more tricks than the open source one. NVidia is sort-of supporting Nouveau and has their own binary driver as well. The "sort of supporting" is much limited compared to the amount of AMD is pouring in the open source version of their drivers, but it has improved greatly recently.
Depending on what you are looking for in terms of bang for buck, speed or features each of these might be "the best solution" for your needs. If you want CUDA or openCL, you'll be looking at closed source though, there's no serious support for open source drivers for relevant hardware (yet).
I was promised a flying car. Where is my flying car?
Once upon a time, there was this stuff called "Read Only Memory". Not EPROM or EEPROM, but ROM. Once it was created you couldn't change the contents of it.
If I was worried that scammers were going to take a board that I was selling as a Whizzo rather than a Whizzo Plus because it didn't meet Whizzo Plus specs, and flash it as a Whizzo Plus anyway to rip off customers, I'd put "Hi there I'm Whizzo serial number 987654321 born 2014-09-24-18:58:56 GMT at the Utopia Planitia assembly line, signed <digital signature>" somewhere in a bit of that old-fashioned Read Only Memory soldered to the board in a tamper-resistant manner, and also have that serial number etched into the board.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
> They've just made AMD the only choice for graphics cards.
This behavior isn't exactly new. Nvidia has been getting more closed and as a result more consumer unfriendly for some time now.
If Nvidia is really only doing this to stop 'counterfeit' chinese cards, they should provide a public covenant that they will release signing keys necessary for consumers to reflash their own hardware once the market for counterfeit cards has sufficiently dwindled (say two card generations, or two years, whichever is longer.) This has all the benefits of eliminating counterfeits where it counts, while also ensuring to the consumer that they will have full control over their hardware once enough time has passed to eliminate the profitability for counterfeiters and the related support issues for Nvidia.
Thoughts and/or email campaigns to get this into place?
In the past it has been possible to flash your card between variations of the same silicon with some luck. Obviously, you can't invent shaders that aren't there, but some of the "Ti" or "Z" or whatever models were often simply validated at the BIOS.
Most importantly, I suspect that nVidia wants to protect the obscene margins of the pro-level cards. Supposedly, these are locked at the driver level with much lower double floating point data rates for the consumer models (and other quirks, like high-bit color, specific optimizations etc). I don't know if it's possible to flash a consumer card into the equivalent Quadro, but that would make a huge difference in $$$$.
Anyway, whatever the motivation, any sort of locking that restricts user freedom bothers me.
While there are legal requirements to DOCUMENT that the odometer has been changed, you are fully within your rights to replace the odometer at any time during which you have the car. The only restrictions are: If the odometer is removed or the value cannot be verified to match the original mileage of the car, the car will recieve a mark on it's pink slip stating the odometer has been tampered with.
Other than that, you can. It might bite you in the ass in other legal regards (taxes and some things that base their value on odometer readings), but at least in parts of the US it's not illegal or outside of your rights/abilities to do so.
If Nvidia were only concerned with fakes they would only check the signature at boot time and throw a "genuine" or "unauthorized" message on the screen. That would solve 100% of the stated problem with zero problems for Linux or anyone else. The Linux devels do not need to reflash the firmware in the card, only load code into the ram.
Since I'm not willing to believe Nvidia is so stupid that they don't also realize this, I'm left with evil as their intent.
From what I've heard, Intel GPUs are not available outside intel CPUs. And current Intel CPUs can't even access RAM until some propietary and signed code is run. That happens in coreboot, UEFI, BIOS or the like, and it can potentially be used to set the stage for the next computing to be under control of the key holder (that'd be Intel or their government or their attackers or some such). I think the signed code is called MEI or something else.
Intel publishes linux GPU drivers and that makes it easy for linux users who don't mess with BIOS code. But that's just because SMM or whatever they need may already have been take care by the signed firmware.
AMD had propietary bios for the GPU run by an interpreter, but not such propietary signed code in the CPU boot. But recently they start including an "PSP" smaller CPU which will check signatures on boot firmware before
starting the main CPU and leting it run this boot code. They used to provide good documentation (I think they still do?).
ARM varies, but they have this TrustedZone posiibility to allow DRM, remote attestation and so on. Some vendors seem to violate GPL, others (Freescale) give good documetnation, most everyone buys components
somewhere and ships functionality that only works with propietary drivers, and free software reverse engineers achieve what they can.
I thought Nvidia didn't have this, just propietary drivers and unhelpful to free software (less lately, even people claiming full 100% free software running on their tegra K1 board?).
But now I heard this.
Even if you find a CPU that does not require propietary, signed software, good luck finding a complete system that doesn't ahve a GPU, wifi chip, embedded controller or something
else run propietary blobs and having full access to RAM and stuff.
Of course you have to trust the builder of the hardware that runs your code, but I cherish those days when you didn't have to trust it to always keep their keys secure, their governments
benign, their future boards honest... Those days when hardware was hardware and didn't refuse to run your software.
It used to be difficult to try to save money when you saw the adverts, but lately they're find the cure to consumism.
I should include some links to explain better all that, but it's late, and I'm lazy, feel free to look up the keywords. It is so difficult to find hardware designed to be trustable, and
the crowdfunding for the dozens of units people buy is so expensive, and features so lacking compared with the adverts for untrustable hardware that not buying anything
is just cooler nowadays.
Not that vendors notice me. The crowds keep buying their shackles like they were candy (phones, computers, software, media, whatever it is, even cars are now going to be remote
controlled by the government and hopefully only the government).
That's the only way to get resolutions not from the mid-'90s in VESA modes.
And VESA's the only way to get rock solid (albeit very slow) graphics on a server without the nVidia binary blob periodically causing triple page faults in your kernel.
After all its artificially limiting what you can do with the hardware. Plus it'll mean you'll have to run closed source firmware from the manufacturer on the device, which means that it'll probably contain malware. Why else would you distribute software in object code only? (No, competitors probably have reverse engineered it years ago.)
Of course you have to trust the builder of the hardware that runs your code, but I cherish those days when you didn't have to trust it to always keep their keys secure, their governments
benign, their future boards honest... Those days when hardware was hardware and didn't refuse to run your software.
It used to be difficult to try to save money when you saw the adverts, but lately they're find the cure to consumism.
I meant the boards of directors, the executive staff, people who decide what to put in the firmware updates and hold control over the keys to pick what to sign with them,
not the circuit boards they sell.
It's still a big deal. Having to pass trhough a company means not everyone can analyze and experiment, contribution is harder, less freedom so less usefulness, and of course MS can buy NVidia and decide no more
signatures for nouveau (or anything else can happen). There's a big difference between not disclosing information on what you sell and activing selling things built to stop working when someone fidns out how it works and tries something different.
Giving correct information about the board is easy enough by putting some values on some ROM easy to access from the drivers. If sellers or users choose to disregard this information is easy enough to point them to
the on-board info and tell them it's not designed to be sold or used that way. If they fear that someone might alter the board to include different information in those ROMs then they can use whatevver system they
use to protected the public root key the board will use to verify the signature.
Including signature verification in the board is too complex and unnecessary for the stated purpose. It is useful to implement DRM, remote controlled devices, content that fails to run if your system is not
running what a third party wants, etc. Or just convenient for selling that control over users to investors, governments, or in the black market. But it is not necessary for warning users of unadvised firmware, drivers
or operation modes.
There's a reason they choose to stop working instead of turning off a "system ok" LED or whatever whenever a signature verification fails. They want control.
I blacklisted nvidia when buying the last computer and will continue that.