GPU Firmware

From Open-IOV
Jump to navigation Jump to search

GPUs have become highly complex systems containing a number of different embedded controllers. This page will attempt to document embedded GPU firmware and support for IO virtualization through various firmware functions.

Intel

Firmware Images

Figure 1: The FSP Binary Layout from Intel® Firmware Support Package External Architecture Specification.
Figure 1: The FSP Binary Layout from Intel® Firmware Support Package External Architecture Specification. Source

Intel Firmware Support Package (FSP)

Much like CPUs Intel's GPUs also contain a Firmware Support Package (FSP).

The Coreboot project provides public domain information on the FSP here.

FSP Configuration

In the context of GPUs the FSP configures several functions of the device.

Those functions are as follows:

GPU Firmware Support Package
FSP Parameter Possible Values
GFSP Status 0x00
FIVR SSC Value *.*%
FIVR RFI Value *.*MHz
GT Subsystem Vendor ID 0x8086
GT Subsystem Device ID 0x**
HDA Subsystem Vendor ID 0x0000
HDA Subsystem Device ID 0x0000
P2SB Enable Yes/No
LMEBAR Max
GTMMADDR Prefetch Capability Prefetch Enabled
Display Present Enabled/Disabled
I2C For Third Party Devices Enabled/Disabled
I2C Device Address 1 0x0000
I2C Device Address 2 0x0000
I2C Bus Speed Standard mode (0 to 100Kbps)
Editing FSP Configuration

The FSP configuration editor can be downloaded here and it's user manual is available here.

FSP Binary Format

The FSP's binary layout is detailed within the Intel® FSP External Architecture Specification v2.4 on page 14.

Known Firmware Package Variations

Some firmware packages may include an **End of Manufacturing Flash Protection Mode** status of Protected or Unprotected.

Figure 2: Firmware status information for an Intel DG2 device.
Figure 2: Firmware status information for an Intel DG2 device.

Similar SPI Write Protection functionality is made available through Intel CPUs under System Management Mode (SMM).

Embedded Controllers

GuC

The Graphics micro (µ) Controller (GuC) is an embedded controller contained within Intel's Discrete Graphics (DG*) series GPUs.

Hardware Architecture

According to igor-blue.github.io (see reference 1, 2):

"The GuC - an embedded i486 core that supports graphics scheduling, power management and firmware attestation."

Software Architecture

According to igor-blue.github.io (see reference 1, 2):

"The μOS kernel runs in 32-bit protected mode, with no paging and old-style segments model (CS, DS, etc’). All code run in ring0. The OS handles HW/SW exceptions and crashes, and supplies debugging and logging services."

"It runs a single process - which initializes the system and then waits for interrupts/events in a loop."

"The bootrom verifies the firmware with a digital signature using a SHA256 hash + PKCSv2.1 RSA signature, and if the test passes copies it to SRAM and starts executing."

Nvidia

Firmware Images

Embedded Controllers

Falcon

NvRISC

GSP

CMU

AMD

References (Talks & Reading Material)

  1. Security of the Intel Graphics Stack - Part 1 - Introduction
  2. Security of the Intel Graphics Stack - Part 2 - FW <-> GuC
  3. Firmware Security Realizations Part 3: SPI Write Protections