From: "Alexandre Courbot" <acourbot@nvidia.com>
To: "Eliot Courtney" <ecourtney@nvidia.com>
Cc: "John Hubbard" <jhubbard@nvidia.com>,
"Danilo Krummrich" <dakr@kernel.org>,
"Timur Tabi" <ttabi@nvidia.com>,
"Alistair Popple" <apopple@nvidia.com>,
"Shashank Sharma" <shashanks@nvidia.com>,
"Zhi Wang" <zhiw@nvidia.com>, "David Airlie" <airlied@gmail.com>,
"Simona Vetter" <simona@ffwll.ch>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
nova-gpu@lists.linux.dev, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v12 12/22] gpu: nova-core: Hopper/Blackwell: add FSP secure boot completion waiting
Date: Tue, 02 Jun 2026 17:22:45 +0900 [thread overview]
Message-ID: <DIYF2NNIBY57.28IZ4I6AMZMHA@nvidia.com> (raw)
In-Reply-To: <DIYEI7DXE32X.3G5GWVMQNQ4PM@nvidia.com>
On Tue Jun 2, 2026 at 4:56 PM JST, Eliot Courtney wrote:
> On Tue Jun 2, 2026 at 12:21 PM JST, John Hubbard wrote:
>> Hopper and Blackwell use FSP instead of SEC2 for secure boot. The
>> driver must wait for FSP secure boot to complete before continuing
>> with GSP bring-up. Poll for boot success with a 5-second timeout, and
>> return the FSP interface only on success so that later Chain of Trust
>> operations cannot run before FSP is ready. The interface owns the FSP
>> falcon and the FMC firmware.
>>
>> Co-developed-by: Alexandre Courbot <acourbot@nvidia.com>
>> Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
>> Signed-off-by: John Hubbard <jhubbard@nvidia.com>
>> ---
>> drivers/gpu/nova-core/falcon/fsp.rs | 1 -
>> drivers/gpu/nova-core/fsp.rs | 73 ++++++++++++++++++++++++++
>> drivers/gpu/nova-core/fsp/hal.rs | 27 ++++++++++
>> drivers/gpu/nova-core/fsp/hal/gb202.rs | 23 ++++++++
>> drivers/gpu/nova-core/fsp/hal/gh100.rs | 23 ++++++++
>> drivers/gpu/nova-core/gsp/hal/gh100.rs | 6 ++-
>> drivers/gpu/nova-core/nova_core.rs | 1 +
>> drivers/gpu/nova-core/regs.rs | 36 +++++++++++++
>> 8 files changed, 187 insertions(+), 3 deletions(-)
>> create mode 100644 drivers/gpu/nova-core/fsp.rs
>> create mode 100644 drivers/gpu/nova-core/fsp/hal.rs
>> create mode 100644 drivers/gpu/nova-core/fsp/hal/gb202.rs
>> create mode 100644 drivers/gpu/nova-core/fsp/hal/gh100.rs
>>
>> diff --git a/drivers/gpu/nova-core/falcon/fsp.rs b/drivers/gpu/nova-core/falcon/fsp.rs
>> index c4a9ce8a47f8..d9f87262e8b1 100644
>> --- a/drivers/gpu/nova-core/falcon/fsp.rs
>> +++ b/drivers/gpu/nova-core/falcon/fsp.rs
>> @@ -15,7 +15,6 @@
>> };
>>
>> /// Type specifying the `Fsp` falcon engine. Cannot be instantiated.
>> -#[expect(dead_code)]
>> pub(crate) struct Fsp(());
>>
>> impl RegisterBase<PFalconBase> for Fsp {
>> diff --git a/drivers/gpu/nova-core/fsp.rs b/drivers/gpu/nova-core/fsp.rs
>> new file mode 100644
>> index 000000000000..f3524137d9f7
>> --- /dev/null
>> +++ b/drivers/gpu/nova-core/fsp.rs
>> @@ -0,0 +1,73 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
>> +
>> +//! FSP (Foundation Security Processor) interface for Hopper/Blackwell GPUs.
>> +//!
>> +//! Hopper/Blackwell use a simplified firmware boot sequence: FMC, then FSP, then GSP.
>> +//! Unlike Turing/Ampere/Ada, there is no SEC2 (Security Engine 2) usage.
>> +//! FSP handles secure boot directly using FMC firmware and Chain of Trust.
>> +
>> +use kernel::{
>> + device,
>> + io::poll::read_poll_timeout,
>> + prelude::*,
>> + time::Delta, //
>> +};
>> +
>> +use crate::{
>> + driver::Bar0,
>> + falcon::{
>> + fsp::Fsp as FspEngine,
>> + Falcon, //
>> + },
>> + firmware::fsp::FspFirmware,
>> + gpu::Chipset,
>> + regs, //
>> +};
>> +
>> +mod hal;
>> +
>> +/// FSP interface for Hopper/Blackwell GPUs.
>> +///
>> +/// An `Fsp` is produced by [`Fsp::wait_secure_boot`], which only returns once FSP secure boot
>> +/// has completed. It owns the FSP falcon and the FMC firmware, which are used for the subsequent
>> +/// Chain of Trust boot.
>> +pub(crate) struct Fsp {
>> + #[expect(dead_code)]
>> + falcon: Falcon<FspEngine>,
>> + #[expect(dead_code)]
>> + fsp_fw: FspFirmware,
>> +}
>> +
>> +impl Fsp {
>> + /// Waits for FSP secure boot completion, then returns the [`Fsp`] interface.
>> + ///
>> + /// Polls the thermal scratch register until FSP signals boot completion or the timeout
>> + /// elapses. Returning an [`Fsp`] only on success guarantees, at the API level, that the
>> + /// interface is not used before secure boot has completed.
>> + pub(crate) fn wait_secure_boot(
>> + dev: &device::Device<device::Bound>,
>> + bar: &Bar0,
>> + chipset: Chipset,
>> + fsp_fw: FspFirmware,
>
> What about constructing FspFirmware inside `wait_secure_boot`? It fits
> the concept of having this Fsp object own and control the FSP. This also
> matches the pattern of Gsp::boot creating its own GspFirmware.
That makes sense, otoh since this method is named after its most
important side-effect its name does not carry the expectation of loading
some firmware image. So after consideration I think it makes sense to
keep firmware loading a separate step - I would say differently if this
was named "new", but then we lose the important fact that this is also
touching the hardware and waiting on it.
At the end of the day, `Fsp` ends up ownning the `FspFirmware`, so the
most important architectural point is addressed.
>
>> + ) -> Result<Fsp> {
>> + /// FSP secure boot completion timeout in milliseconds.
>> + const FSP_SECURE_BOOT_TIMEOUT_MS: i64 = 5000;
>> +
>> + let hal = hal::fsp_hal(chipset).ok_or(ENOTSUPP)?;
>> + let falcon = Falcon::<FspEngine>::new(dev, chipset)?;
>> +
>> + read_poll_timeout(
>> + || Ok(hal.fsp_boot_status(bar)),
>> + |&status| status == regs::NV_THERM_I2CS_SCRATCH_FSP_BOOT_COMPLETE_STATUS_SUCCESS,
>> + Delta::from_millis(10),
>> + Delta::from_millis(FSP_SECURE_BOOT_TIMEOUT_MS),
>> + )
>> + .map_err(|_| {
>> + dev_err!(dev, "FSP secure boot completion timeout\n");
>> + ETIMEDOUT
>> + })?;
>
> nit: this can just be inspect_err(), it will be ETIMEDOUT if it times
> out.
Indeed, I'll fixup when applying.
>
>> +
>> + Ok(Fsp { falcon, fsp_fw })
>> + }
>> +}
>> diff --git a/drivers/gpu/nova-core/fsp/hal.rs b/drivers/gpu/nova-core/fsp/hal.rs
>> new file mode 100644
>> index 000000000000..83d1e7daa998
>> --- /dev/null
>> +++ b/drivers/gpu/nova-core/fsp/hal.rs
>> @@ -0,0 +1,27 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
>> +
>> +use crate::{
>> + driver::Bar0,
>> + gpu::{
>> + Architecture,
>> + Chipset, //
>> + },
>> +};
>> +
>> +mod gb202;
>> +mod gh100;
>> +
>> +pub(super) trait FspHal {
>> + /// Returns the secure boot status from the architecture-specific `NV_THERM_I2CS_SCRATCH` register.
>> + fn fsp_boot_status(&self, bar: &Bar0) -> u32;
>> +}
>> +
>> +/// Returns the FSP HAL, or `None` if the architecture doesn't support FSP.
>> +pub(crate) fn fsp_hal(chipset: Chipset) -> Option<&'static dyn FspHal> {
>
> nit: this can be pub(super)
Same.
>
> With above changes,
>
> Reviewed-by: Eliot Courtney <ecourtney@nvidia.com>
Thanks!
next prev parent reply other threads:[~2026-06-02 8:22 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-02 3:20 [PATCH v12 00/22] gpu: nova-core: firmware: Hopper/Blackwell support John Hubbard
2026-06-02 3:20 ` [PATCH v12 01/22] gpu: nova-core: set DMA mask width based on GPU architecture John Hubbard
2026-06-02 6:40 ` Eliot Courtney
2026-06-02 3:20 ` [PATCH v12 02/22] gpu: nova-core: Hopper/Blackwell: new location for PCI config mirror John Hubbard
2026-06-02 3:20 ` [PATCH v12 03/22] gpu: nova-core: Blackwell: compute PMU-reserved framebuffer size John Hubbard
2026-06-02 3:20 ` [PATCH v12 04/22] gpu: nova-core: Hopper/Blackwell: larger non-WPR heap John Hubbard
2026-06-02 3:20 ` [PATCH v12 05/22] gpu: nova-core: Hopper/Blackwell: larger WPR2 (GSP) heap John Hubbard
2026-06-02 3:20 ` [PATCH v12 06/22] gpu: nova-core: Blackwell: use correct sysmem flush registers John Hubbard
2026-06-02 3:30 ` sashiko-bot
2026-06-02 8:00 ` Alexandre Courbot
2026-06-02 7:12 ` Eliot Courtney
2026-06-02 8:26 ` Alexandre Courbot
2026-06-02 3:20 ` [PATCH v12 07/22] gpu: nova-core: don't assume 64-bit firmware images John Hubbard
2026-06-02 3:20 ` [PATCH v12 08/22] gpu: nova-core: add support for 32-bit " John Hubbard
2026-06-02 3:20 ` [PATCH v12 09/22] gpu: nova-core: add auto-detection of 32-bit, 64-bit " John Hubbard
2026-06-02 3:20 ` [PATCH v12 10/22] gpu: nova-core: Hopper/Blackwell: add FSP falcon engine stub John Hubbard
2026-06-02 6:50 ` Eliot Courtney
2026-06-02 3:20 ` [PATCH v12 11/22] gpu: nova-core: Hopper/Blackwell: add FMC firmware image John Hubbard
2026-06-02 7:18 ` Eliot Courtney
2026-06-02 3:21 ` [PATCH v12 12/22] gpu: nova-core: Hopper/Blackwell: add FSP secure boot completion waiting John Hubbard
2026-06-02 7:56 ` Eliot Courtney
2026-06-02 8:22 ` Alexandre Courbot [this message]
2026-06-02 3:21 ` [PATCH v12 13/22] gpu: nova-core: Hopper/Blackwell: add FMC signature extraction John Hubbard
2026-06-02 3:32 ` sashiko-bot
2026-06-02 7:56 ` Alexandre Courbot
2026-06-02 8:11 ` Eliot Courtney
2026-06-02 8:28 ` Alexandre Courbot
2026-06-03 0:04 ` Timur Tabi
2026-06-03 0:20 ` Alexandre Courbot
2026-06-03 3:09 ` Timur Tabi
2026-06-03 3:53 ` John Hubbard
2026-06-02 3:21 ` [PATCH v12 14/22] gpu: nova-core: Hopper/Blackwell: add FSP falcon EMEM operations John Hubbard
2026-06-02 11:42 ` Eliot Courtney
2026-06-02 14:55 ` Alexandre Courbot
2026-06-02 15:02 ` Alexandre Courbot
2026-06-02 3:21 ` [PATCH v12 15/22] gpu: nova-core: Hopper/Blackwell: add FSP message infrastructure John Hubbard
2026-06-02 3:33 ` sashiko-bot
2026-06-03 1:14 ` Alexandre Courbot
2026-06-03 1:41 ` Eliot Courtney
2026-06-02 12:21 ` Eliot Courtney
2026-06-03 1:34 ` Alexandre Courbot
2026-06-03 4:49 ` Eliot Courtney
2026-06-03 5:00 ` Alexandre Courbot
2026-06-03 1:00 ` Alexandre Courbot
2026-06-02 3:21 ` [PATCH v12 16/22] gpu: nova-core: add MCTP/NVDM protocol types for firmware communication John Hubbard
2026-06-02 5:36 ` sashiko-bot
2026-06-03 2:41 ` Alexandre Courbot
2026-06-02 12:53 ` Eliot Courtney
2026-06-02 3:21 ` [PATCH v12 17/22] gpu: nova-core: Hopper/Blackwell: add FSP send/receive messaging John Hubbard
2026-06-02 3:35 ` sashiko-bot
2026-06-02 3:21 ` [PATCH v12 18/22] gpu: nova-core: Hopper/Blackwell: select FSP Chain of Trust version John Hubbard
2026-06-02 12:55 ` Eliot Courtney
2026-06-02 3:21 ` [PATCH v12 19/22] gpu: nova-core: Hopper/Blackwell: add FSP Chain of Trust boot John Hubbard
2026-06-02 3:40 ` sashiko-bot
2026-06-03 5:23 ` Alexandre Courbot
2026-06-03 5:19 ` Alexandre Courbot
2026-06-02 3:21 ` [PATCH v12 20/22] gpu: nova-core: Hopper/Blackwell: add GSP lockdown release polling John Hubbard
2026-06-02 3:38 ` sashiko-bot
2026-06-03 5:45 ` Alexandre Courbot
2026-06-02 3:21 ` [PATCH v12 21/22] gpu: nova-core: add non-sec2 unload path John Hubbard
2026-06-02 3:21 ` [PATCH v12 22/22] gpu: nova-core: gsp: enable FSP boot path John Hubbard
2026-06-02 3:38 ` sashiko-bot
2026-06-02 12:38 ` [PATCH v12 00/22] gpu: nova-core: firmware: Hopper/Blackwell support Danilo Krummrich
2026-06-02 13:37 ` Alexandre Courbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DIYF2NNIBY57.28IZ4I6AMZMHA@nvidia.com \
--to=acourbot@nvidia.com \
--cc=a.hindborg@kernel.org \
--cc=airlied@gmail.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=apopple@nvidia.com \
--cc=bhelgaas@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=ecourtney@nvidia.com \
--cc=gary@garyguo.net \
--cc=jhubbard@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=nova-gpu@lists.linux.dev \
--cc=ojeda@kernel.org \
--cc=shashanks@nvidia.com \
--cc=simona@ffwll.ch \
--cc=tmgross@umich.edu \
--cc=ttabi@nvidia.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox