GPU Firmware
GPUs have become highly complex systems containing a number of different embedded controllers. This page will attempt to document embedded GPU firmware and support for IO virtualization through various firmware functions.
An absence of critical technical documentation has historically slowed growth and adoption of developer ecosystems for GPU virtualization.
This CC-BY-4.0 licensed content can either be used with attribution, or used as inspiration for new documentation, created by GPU vendors for public commercial distribution as developer documentation.
Where possible, this documentation will clearly label dates and versions of observed-but-not-guaranteed behaviour vs. vendor-documented stable interfaces/behaviour with guarantees of forward or backward compatibility.
Intel
Firmware Images
This section will cover firmware images used in Intel GPUs.
Intel Firmware Support Package (FSP)
Much like CPUs Intel's GPUs also contain a Firmware Support Package (FSP).
The Coreboot project provides public domain information on the FSP here.
FSP Configuration
In the context of GPUs the FSP configures several functions of the device.
Those functions are as follows:
| FSP Parameter | Possible Values |
|---|---|
| GFSP Status | 0x00 |
| FIVR SSC Value | *.*% |
| FIVR RFI Value | *.*MHz |
| GT Subsystem Vendor ID | 0x8086 |
| GT Subsystem Device ID | 0x** |
| HDA Subsystem Vendor ID | 0x0000 |
| HDA Subsystem Device ID | 0x0000 |
| P2SB Enable | Yes/No |
| LMEBAR | Max |
| GTMMADDR Prefetch Capability | Prefetch Enabled |
| Display Present | Enabled/Disabled |
| I2C For Third Party Devices | Enabled/Disabled |
| I2C Device Address 1 | 0x0000 |
| I2C Device Address 2 | 0x0000 |
| I2C Bus Speed | Standard mode (0 to 100Kbps) |
Editing FSP Configuration
The FSP configuration editor can be downloaded here and it's user manual is available here.
FSP Binary Format
The FSP's binary layout is detailed within the Intel® FSP External Architecture Specification v2.4 on page 14.
Known Firmware Package Variations
Some firmware packages may include an **End of Manufacturing Flash Protection Mode** status of Protected or Unprotected.
Similar SPI Write Protection functionality is made available through Intel CPUs under System Management Mode (SMM).
Embedded Controllers
This section will cover firmware images as they apply to various embedded controllers within the Intel GPU.
GuC
The Graphics micro (µ) Controller (GuC) is an embedded controller contained within Intel's embedded and discrete graphics (DG*) series GPUs.
Hardware Architecture
The following section is supported by igor-blue.github.io (see reference 1, 2):
"The GuC - an embedded i486 core that supports graphics scheduling, power management and firmware attestation."
Software Architecture
The following section is supported by igor-blue.github.io (see reference 1, 2):
"The μOS kernel runs in 32-bit protected mode, with no paging and old-style segments model (CS, DS, etc’). All code run in ring0. The OS handles HW/SW exceptions and crashes, and supplies debugging and logging services."
"It runs a single process - which initializes the system and then waits for interrupts/events in a loop."
GuC Blob Checksum & Code Signing
"The bootrom verifies the firmware with a digital signature using a SHA256 hash + PKCSv2.1 RSA signature, and if the test passes copies it to SRAM and starts executing."
Nvidia
Firmware Images
This section will cover firmware images used in Nvidia GPUs.
Embedded Controllers
This section will cover firmware images as they apply to various embedded controllers within the Nvidia GPU.
Falcon / NV-RISCV
The Fast Logic CONtroller (Falcon) and Nvidia RISC-V (NV-RISCV) processors run the NvOS.
GSP
The GPU System Processor (GSP) is an embedded controller used for offload of the RM Core.
The GSP runs Library Operating System (LibOS).
GSP Initialization & Offload
The GSP is initialized multiple times during the system's bring up and runtime.
GSP offload may occur during:
- Hardware bring up when a cached version of the RM Core is loaded from SPI flash
- During host driver bring up when the RM Core is offloaded by the OpenRM driver.
- During guest driver bring up when the RM Core is offloaded.
| Load Source | Payload | Notes |
|---|---|---|
| SPI Flash | Cached RM Core | Used as a fallback in case of no rm offload. |
| OpenRM | RM Core | This is the RM Core which was traditionally contained in the proprietary RM driver. |
| VGX Guest | Guest RM Core | Future OpenRM guests may accomplish RM offload via GSP stubs (controlled via gspHeapSize?). |