From: "Alexandre Courbot" <acourbot@nvidia.com>
To: "John Hubbard" <jhubbard@nvidia.com>
Cc: "Danilo Krummrich" <dakr@kernel.org>,
"Joel Fernandes" <joelagnelf@nvidia.com>,
"Timur Tabi" <ttabi@nvidia.com>,
"Alistair Popple" <apopple@nvidia.com>,
"Eliot Courtney" <ecourtney@nvidia.com>,
"Shashank Sharma" <shashanks@nvidia.com>,
"Zhi Wang" <zhiw@nvidia.com>, "David Airlie" <airlied@gmail.com>,
"Simona Vetter" <simona@ffwll.ch>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
rust-for-linux@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v11 13/22] gpu: nova-core: Hopper/Blackwell: add FMC signature extraction
Date: Mon, 01 Jun 2026 23:45:49 +0900 [thread overview]
Message-ID: <DIXSLENUBALG.8QIP71NU6DM7@nvidia.com> (raw)
In-Reply-To: <20260530030953.740561-14-jhubbard@nvidia.com>
On Sat May 30, 2026 at 12:09 PM JST, John Hubbard wrote:
> Extract the SHA-384 hash, RSA public key, and RSA signature from the
> FMC ELF32 firmware sections. FSP Chain of Trust verification needs
> these to validate the FMC image during boot.
>
> Co-developed-by: Alexandre Courbot <acourbot@nvidia.com>
> Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
> Signed-off-by: John Hubbard <jhubbard@nvidia.com>
> ---
> drivers/gpu/nova-core/firmware.rs | 2 +-
> drivers/gpu/nova-core/firmware/fsp.rs | 90 ++++++++++++++++++++++++++-
> 2 files changed, 88 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/nova-core/firmware.rs b/drivers/gpu/nova-core/firmware.rs
> index 6edb50b83a29..569efee0d4ac 100644
> --- a/drivers/gpu/nova-core/firmware.rs
> +++ b/drivers/gpu/nova-core/firmware.rs
> @@ -641,7 +641,7 @@ fn elf32_section<'a>(elf: &'a [u8], name: &str) -> Option<&'a [u8]> {
> }
>
> /// Automatically detects ELF32 vs ELF64 based on the ELF header.
> - pub(super) fn elf_section<'a>(elf: &'a [u8], name: &str) -> Option<&'a [u8]> {
> + pub(crate) fn elf_section<'a>(elf: &'a [u8], name: &str) -> Option<&'a [u8]> {
> // Check ELF magic.
> if elf.len() < 5 || elf.get(0..4)? != b"\x7fELF" {
> return None;
> diff --git a/drivers/gpu/nova-core/firmware/fsp.rs b/drivers/gpu/nova-core/firmware/fsp.rs
> index 011be1e571c2..dc28d0cc2d03 100644
> --- a/drivers/gpu/nova-core/firmware/fsp.rs
> +++ b/drivers/gpu/nova-core/firmware/fsp.rs
> @@ -15,13 +15,35 @@
> gpu::Chipset, //
> };
>
> +/// Size of the FSP SHA-384 hash, in bytes.
> +pub(crate) const FSP_HASH_SIZE: usize = 48;
> +/// Maximum size of the FSP public key (RSA-3072), in bytes.
> +///
> +/// The FMC ELF `publickey` section may be shorter, so the remaining bytes are zero-padded.
> +pub(crate) const FSP_PKEY_SIZE: usize = 384;
> +/// Maximum size of the FSP signature (RSA-3072), in bytes.
> +///
> +/// The FMC ELF `signature` section may be shorter, so the remaining bytes are zero-padded.
> +pub(crate) const FSP_SIG_SIZE: usize = 384;
> +
> +/// Structure to hold FMC signatures.
> +///
> +/// C representation is used because this type is used for communication with the FSP.
> +#[derive(Debug, Clone, Copy)]
> +#[repr(C)]
> +pub(crate) struct FmcSignatures {
> + pub(crate) hash384: [u8; FSP_HASH_SIZE],
> + pub(crate) public_key: [u8; FSP_PKEY_SIZE],
> + pub(crate) signature: [u8; FSP_SIG_SIZE],
> +}
> +
> pub(crate) struct FspFirmware {
> /// FMC firmware image data (only the "image" ELF section).
> #[expect(dead_code)]
> pub(crate) fmc_image: Coherent<[u8]>,
> - /// Full FMC ELF for signature extraction.
> + /// FMC firmware signatures.
> #[expect(dead_code)]
> - pub(crate) fmc_elf: Firmware,
> + pub(crate) fmc_sigs: KBox<FmcSignatures>,
> }
>
> impl FspFirmware {
> @@ -41,7 +63,69 @@ pub(crate) fn new(
>
> Ok(Self {
> fmc_image,
> - fmc_elf: fw,
> + fmc_sigs: Self::extract_fmc_signatures(&fw, dev)?,
> })
> }
> +
> + /// Extract FMC firmware signatures for Chain of Trust verification.
> + ///
> + /// Extracts real cryptographic signatures from FMC ELF32 firmware sections.
> + /// Returns signatures in a heap-allocated structure to prevent stack overflow.
> + fn extract_fmc_signatures(
> + fmc_fw: &Firmware,
> + dev: &device::Device,
> + ) -> Result<KBox<FmcSignatures>> {
> + let get_section = |name: &str, max_len: usize| {
> + elf::elf_section(fmc_fw.data(), name)
> + .ok_or(EINVAL)
> + .inspect_err(|_| dev_err!(dev, "FMC firmware missing '{}' section\n", name))
> + .and_then(|section| {
> + if section.len() > max_len {
> + dev_err!(
> + dev,
> + "FMC {} section size {} > maximum {}\n",
> + name,
> + section.len(),
> + max_len
> + );
> + Err(EINVAL)
> + } else {
> + Ok(section)
> + }
> + })
> + };
> +
> + let hash_section = get_section("hash", FSP_HASH_SIZE)?;
> + let pkey_section = get_section("publickey", FSP_PKEY_SIZE)?;
> + let sig_section = get_section("signature", FSP_SIG_SIZE)?;
> +
> + // The hash section is a SHA-384 output: it must be exactly FSP_HASH_SIZE bytes.
> + if hash_section.len() != FSP_HASH_SIZE {
> + dev_err!(
> + dev,
> + "FMC hash section size {} != expected {}\n",
> + hash_section.len(),
> + FSP_HASH_SIZE
> + );
> + return Err(EINVAL);
> + }
> +
> + let mut signatures = KBox::new(
> + FmcSignatures {
> + hash384: [0; _],
> + public_key: [0; _],
> + signature: [0; _],
> + },
> + GFP_KERNEL,
> + )?;
This construct may create the 816 bytes long `FmcSignatures` instance on
the stack, where space is at a premium. `KBox::init` guarantees in-place
initialization:
let mut signatures = KBox::init(
init!(FmcSignatures {
hash384: [0; _],
public_key: [0; _],
signature: [0; _],
}),
)?;
GFP_KERNEL,
And by chaining the initializer we can also avoid making `signatures`
mutable:
let signatures = KBox::init(
init!(FmcSignatures {
hash384 <- Zeroable::init_zeroed(),
public_key <- Zeroable::init_zeroed(),
signature <- Zeroable::init_zeroed(),
})
.chain(|sigs| {
// PANIC: src and dst lengths are both FSP_HASH_SIZE (verified above).
sigs.hash384.copy_from_slice(hash_section);
// PANIC: dst is sliced to src.len(); src.len() <= FSP_PKEY_SIZE per `get_section`.
sigs.public_key[..pkey_section.len()].copy_from_slice(pkey_section);
// PANIC: dst is sliced to src.len(); src.len() <= FSP_SIG_SIZE per `get_section`.
sigs.signature[..sig_section.len()].copy_from_slice(sig_section);
Ok(())
}),
GFP_KERNEL,
)?;
next prev parent reply other threads:[~2026-06-01 14:45 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-30 3:09 [PATCH v11 00/22] gpu: nova-core: firmware: Hopper/Blackwell support John Hubbard
2026-05-30 3:09 ` [PATCH v11 01/22] gpu: nova-core: set DMA mask width based on GPU architecture John Hubbard
2026-06-01 4:01 ` Eliot Courtney
2026-05-30 3:09 ` [PATCH v11 02/22] gpu: nova-core: Hopper/Blackwell: new location for PCI config mirror John Hubbard
2026-06-01 4:04 ` Eliot Courtney
2026-05-30 3:09 ` [PATCH v11 03/22] gpu: nova-core: Blackwell: compute PMU-reserved framebuffer size John Hubbard
2026-06-01 2:07 ` Alexandre Courbot
2026-06-01 5:34 ` Alexandre Courbot
2026-06-01 18:01 ` John Hubbard
2026-06-01 4:41 ` Eliot Courtney
2026-05-30 3:09 ` [PATCH v11 04/22] gpu: nova-core: Hopper/Blackwell: larger non-WPR heap John Hubbard
2026-06-01 2:24 ` Alexandre Courbot
2026-06-01 18:03 ` John Hubbard
2026-06-01 5:01 ` Eliot Courtney
2026-05-30 3:09 ` [PATCH v11 05/22] gpu: nova-core: Hopper/Blackwell: larger WPR2 (GSP) heap John Hubbard
2026-06-01 5:21 ` Eliot Courtney
2026-05-30 3:09 ` [PATCH v11 06/22] gpu: nova-core: Blackwell: use correct sysmem flush registers John Hubbard
2026-06-01 7:01 ` Alexandre Courbot
2026-06-01 18:16 ` John Hubbard
2026-06-01 7:33 ` Eliot Courtney
2026-06-01 13:13 ` Alexandre Courbot
2026-06-01 18:09 ` John Hubbard
2026-05-30 3:09 ` [PATCH v11 07/22] gpu: nova-core: don't assume 64-bit firmware images John Hubbard
2026-06-01 6:36 ` Eliot Courtney
2026-05-30 3:09 ` [PATCH v11 08/22] gpu: nova-core: add support for 32-bit " John Hubbard
2026-06-01 6:37 ` Eliot Courtney
2026-05-30 3:09 ` [PATCH v11 09/22] gpu: nova-core: add auto-detection of 32-bit, 64-bit " John Hubbard
2026-06-01 6:49 ` Eliot Courtney
2026-05-30 3:09 ` [PATCH v11 10/22] gpu: nova-core: Hopper/Blackwell: add FSP falcon engine stub John Hubbard
2026-06-01 7:47 ` Eliot Courtney
2026-06-01 16:10 ` Timur Tabi
2026-06-01 18:17 ` John Hubbard
2026-05-30 3:09 ` [PATCH v11 11/22] gpu: nova-core: Hopper/Blackwell: add FMC firmware image John Hubbard
2026-06-01 8:38 ` Eliot Courtney
2026-05-30 3:09 ` [PATCH v11 12/22] gpu: nova-core: Hopper/Blackwell: add FSP secure boot completion waiting John Hubbard
2026-06-01 7:48 ` Alexandre Courbot
2026-06-01 8:32 ` Eliot Courtney
2026-06-01 13:07 ` Alexandre Courbot
2026-06-01 18:18 ` John Hubbard
2026-05-30 3:09 ` [PATCH v11 13/22] gpu: nova-core: Hopper/Blackwell: add FMC signature extraction John Hubbard
2026-06-01 8:55 ` Eliot Courtney
2026-06-01 14:45 ` Alexandre Courbot [this message]
2026-06-01 14:49 ` Alexandre Courbot
2026-06-01 18:21 ` John Hubbard
2026-05-30 3:09 ` [PATCH v11 14/22] gpu: nova-core: Hopper/Blackwell: add FSP falcon EMEM operations John Hubbard
2026-05-30 3:09 ` [PATCH v11 15/22] gpu: nova-core: Hopper/Blackwell: add FSP message infrastructure John Hubbard
2026-05-30 3:09 ` [PATCH v11 16/22] gpu: nova-core: add MCTP/NVDM protocol types for firmware communication John Hubbard
2026-05-30 3:09 ` [PATCH v11 17/22] gpu: nova-core: Hopper/Blackwell: add FSP send/receive messaging John Hubbard
2026-05-30 3:09 ` [PATCH v11 18/22] gpu: nova-core: Hopper/Blackwell: add FspCotVersion type John Hubbard
2026-06-01 14:07 ` Alexandre Courbot
2026-06-01 18:23 ` John Hubbard
2026-05-30 3:09 ` [PATCH v11 19/22] gpu: nova-core: Hopper/Blackwell: add FSP Chain of Trust boot John Hubbard
2026-05-30 3:09 ` [PATCH v11 20/22] gpu: nova-core: Hopper/Blackwell: add GSP lockdown release polling John Hubbard
2026-05-30 3:09 ` [PATCH v11 21/22] gpu: nova-core: add non-sec2 unload path John Hubbard
2026-05-30 3:09 ` [PATCH v11 22/22] gpu: nova-core: gsp: enable FSP boot path John Hubbard
2026-05-30 3:21 ` [PATCH v11 00/22] gpu: nova-core: firmware: Hopper/Blackwell support John Hubbard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DIXSLENUBALG.8QIP71NU6DM7@nvidia.com \
--to=acourbot@nvidia.com \
--cc=a.hindborg@kernel.org \
--cc=airlied@gmail.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=apopple@nvidia.com \
--cc=bhelgaas@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=ecourtney@nvidia.com \
--cc=gary@garyguo.net \
--cc=jhubbard@nvidia.com \
--cc=joelagnelf@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=shashanks@nvidia.com \
--cc=simona@ffwll.ch \
--cc=tmgross@umich.edu \
--cc=ttabi@nvidia.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.