GPU Firmware

From Open-IOV
Jump to navigation Jump to search

GPUs have become highly complex systems containing a number of different embedded controllers. This page will attempt to document embedded GPU firmware and support for IO virtualization through various firmware functions.

Intel

Firmware Images

Figure 1: The FSP Binary Layout from Intel® Firmware Support Package External Architecture Specification.
Figure 1: The FSP Binary Layout from Intel® Firmware Support Package External Architecture Specification. Source

Intel Firmware Support Package (FSP)

Much like CPUs Intel's GPUs also contain a Firmware Support Package (FSP).

The Coreboot project provides public domain information on the FSP here.

FSP Configuration

In the context of GPUs the FSP configures several functions of the device.

Those functions are as follows:

GPU Firmware Support Package
FSP Parameter Possible Values
GFSP Status 0x00
FIVR SSC Value *.*%
FIVR RFI Value *.*MHz
GT Subsystem Vendor ID 0x8086
GT Subsystem Device ID 0x**
HDA Subsystem Vendor ID 0x0000
HDA Subsystem Device ID 0x0000
P2SB Enable Yes/No
LMEBAR Max
GTMMADDR Prefetch Capability Prefetch Enabled
Display Present Enabled/Disabled
I2C For Third Party Devices Enabled/Disabled
I2C Device Address 1 0x0000
I2C Device Address 2 0x0000
I2C Bus Speed Standard mode (0 to 100Kbps)
Editing FSP Configuration

The FSP configuration editor can be downloaded here and it's user manual is available here.

FSP Binary Format

The FSP's binary layout is detailed within the Intel® FSP External Architecture Specification v2.4 on page 14.

Known Firmware Package Variations

Some firmware packages may include an **End of Manufacturing Flash Protection Mode** status of Protected or Unprotected.

Figure 2: Firmware status information for an Intel DG2 device.
Figure 2: Firmware status information for an Intel DG2 device.

Similar SPI Write Protection functionality is made available through Intel CPUs under System Management Mode (SMM).

Embedded Controllers

GuC

The Graphics micro (µ) Controller (GuC) is an embedded controller contained within Intel's Discrete Graphics (DG*) series GPUs.

Hardware Architecture

The following section is supported by igor-blue.github.io (see reference 1, 2):

"The GuC - an embedded i486 core that supports graphics scheduling, power management and firmware attestation."

Software Architecture

The following section is supported by igor-blue.github.io (see reference 1, 2):

"The μOS kernel runs in 32-bit protected mode, with no paging and old-style segments model (CS, DS, etc’). All code run in ring0. The OS handles HW/SW exceptions and crashes, and supplies debugging and logging services."

"It runs a single process - which initializes the system and then waits for interrupts/events in a loop."

GuC Blob Checksum & Code Signing

"The bootrom verifies the firmware with a digital signature using a SHA256 hash + PKCSv2.1 RSA signature, and if the test passes copies it to SRAM and starts executing."

Nvidia

Firmware Images

Embedded Controllers

Falcon / NV-RISCV

The Fast Logic CONtroller (Falcon) and Nvidia RISC-V (NV-RISCV) processors run the NvOS.

GSP

The GPU System Processor (GSP) is an embedded controller used for offload of the RM Core.

The GSP runs Library Operating System (LibOS).

GSP Initialization & Offload

The GSP is initialized multiple times during the system's bring up and runtime.

GSP offload may occur during:

  • Hardware bring up when a cached version of the RM Core is loaded from SPI flash
  • During host driver bring up when the RM Core is offloaded by the OpenRM driver.
  • During guest driver bring up when the RM Core is offloaded.
Possible GSP Offloads
Load Source Payload Notes
SPI Flash Cached RM Core Used as a fallback in case of no rm offload.
OpenRM RM Core This is the RM Core which was traditionally contained in the proprietary RM driver.
VGX Guest Guest RM Core Future OpenRM guests may accomplish RM offload via GSP stubs (controlled via gspHeapSize?).

CMU

AMD

References (Talks & Reading Material)

  1. Security of the Intel Graphics Stack - Part 1 - Introduction
  2. Security of the Intel Graphics Stack - Part 2 - FW <-> GuC
  3. Firmware Security Realizations Part 3: SPI Write Protections