Re: [PATCH v11 13/22] gpu: nova-core: Hopper/Blackwell: add FMC signature extraction
From: Alexandre Courbot
Date: Mon Jun 01 2026 - 10:46:13 EST
On Sat May 30, 2026 at 12:09 PM JST, John Hubbard wrote:
> Extract the SHA-384 hash, RSA public key, and RSA signature from the
> FMC ELF32 firmware sections. FSP Chain of Trust verification needs
> these to validate the FMC image during boot.
>
> Co-developed-by: Alexandre Courbot <acourbot@xxxxxxxxxx>
> Signed-off-by: Alexandre Courbot <acourbot@xxxxxxxxxx>
> Signed-off-by: John Hubbard <jhubbard@xxxxxxxxxx>
> ---
> drivers/gpu/nova-core/firmware.rs | 2 +-
> drivers/gpu/nova-core/firmware/fsp.rs | 90 ++++++++++++++++++++++++++-
> 2 files changed, 88 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/nova-core/firmware.rs b/drivers/gpu/nova-core/firmware.rs
> index 6edb50b83a29..569efee0d4ac 100644
> --- a/drivers/gpu/nova-core/firmware.rs
> +++ b/drivers/gpu/nova-core/firmware.rs
> @@ -641,7 +641,7 @@ fn elf32_section<'a>(elf: &'a [u8], name: &str) -> Option<&'a [u8]> {
> }
>
> /// Automatically detects ELF32 vs ELF64 based on the ELF header.
> - pub(super) fn elf_section<'a>(elf: &'a [u8], name: &str) -> Option<&'a [u8]> {
> + pub(crate) fn elf_section<'a>(elf: &'a [u8], name: &str) -> Option<&'a [u8]> {
> // Check ELF magic.
> if elf.len() < 5 || elf.get(0..4)? != b"\x7fELF" {
> return None;
> diff --git a/drivers/gpu/nova-core/firmware/fsp.rs b/drivers/gpu/nova-core/firmware/fsp.rs
> index 011be1e571c2..dc28d0cc2d03 100644
> --- a/drivers/gpu/nova-core/firmware/fsp.rs
> +++ b/drivers/gpu/nova-core/firmware/fsp.rs
> @@ -15,13 +15,35 @@
> gpu::Chipset, //
> };
>
> +/// Size of the FSP SHA-384 hash, in bytes.
> +pub(crate) const FSP_HASH_SIZE: usize = 48;
> +/// Maximum size of the FSP public key (RSA-3072), in bytes.
> +///
> +/// The FMC ELF `publickey` section may be shorter, so the remaining bytes are zero-padded.
> +pub(crate) const FSP_PKEY_SIZE: usize = 384;
> +/// Maximum size of the FSP signature (RSA-3072), in bytes.
> +///
> +/// The FMC ELF `signature` section may be shorter, so the remaining bytes are zero-padded.
> +pub(crate) const FSP_SIG_SIZE: usize = 384;
> +
> +/// Structure to hold FMC signatures.
> +///
> +/// C representation is used because this type is used for communication with the FSP.
> +#[derive(Debug, Clone, Copy)]
> +#[repr(C)]
> +pub(crate) struct FmcSignatures {
> + pub(crate) hash384: [u8; FSP_HASH_SIZE],
> + pub(crate) public_key: [u8; FSP_PKEY_SIZE],
> + pub(crate) signature: [u8; FSP_SIG_SIZE],
> +}
> +
> pub(crate) struct FspFirmware {
> /// FMC firmware image data (only the "image" ELF section).
> #[expect(dead_code)]
> pub(crate) fmc_image: Coherent<[u8]>,
> - /// Full FMC ELF for signature extraction.
> + /// FMC firmware signatures.
> #[expect(dead_code)]
> - pub(crate) fmc_elf: Firmware,
> + pub(crate) fmc_sigs: KBox<FmcSignatures>,
> }
>
> impl FspFirmware {
> @@ -41,7 +63,69 @@ pub(crate) fn new(
>
> Ok(Self {
> fmc_image,
> - fmc_elf: fw,
> + fmc_sigs: Self::extract_fmc_signatures(&fw, dev)?,
> })
> }
> +
> + /// Extract FMC firmware signatures for Chain of Trust verification.
> + ///
> + /// Extracts real cryptographic signatures from FMC ELF32 firmware sections.
> + /// Returns signatures in a heap-allocated structure to prevent stack overflow.
> + fn extract_fmc_signatures(
> + fmc_fw: &Firmware,
> + dev: &device::Device,
> + ) -> Result<KBox<FmcSignatures>> {
> + let get_section = |name: &str, max_len: usize| {
> + elf::elf_section(fmc_fw.data(), name)
> + .ok_or(EINVAL)
> + .inspect_err(|_| dev_err!(dev, "FMC firmware missing '{}' section\n", name))
> + .and_then(|section| {
> + if section.len() > max_len {
> + dev_err!(
> + dev,
> + "FMC {} section size {} > maximum {}\n",
> + name,
> + section.len(),
> + max_len
> + );
> + Err(EINVAL)
> + } else {
> + Ok(section)
> + }
> + })
> + };
> +
> + let hash_section = get_section("hash", FSP_HASH_SIZE)?;
> + let pkey_section = get_section("publickey", FSP_PKEY_SIZE)?;
> + let sig_section = get_section("signature", FSP_SIG_SIZE)?;
> +
> + // The hash section is a SHA-384 output: it must be exactly FSP_HASH_SIZE bytes.
> + if hash_section.len() != FSP_HASH_SIZE {
> + dev_err!(
> + dev,
> + "FMC hash section size {} != expected {}\n",
> + hash_section.len(),
> + FSP_HASH_SIZE
> + );
> + return Err(EINVAL);
> + }
> +
> + let mut signatures = KBox::new(
> + FmcSignatures {
> + hash384: [0; _],
> + public_key: [0; _],
> + signature: [0; _],
> + },
> + GFP_KERNEL,
> + )?;
This construct may create the 816 bytes long `FmcSignatures` instance on
the stack, where space is at a premium. `KBox::init` guarantees in-place
initialization:
let mut signatures = KBox::init(
init!(FmcSignatures {
hash384: [0; _],
public_key: [0; _],
signature: [0; _],
}),
)?;
GFP_KERNEL,
And by chaining the initializer we can also avoid making `signatures`
mutable:
let signatures = KBox::init(
init!(FmcSignatures {
hash384 <- Zeroable::init_zeroed(),
public_key <- Zeroable::init_zeroed(),
signature <- Zeroable::init_zeroed(),
})
.chain(|sigs| {
// PANIC: src and dst lengths are both FSP_HASH_SIZE (verified above).
sigs.hash384.copy_from_slice(hash_section);
// PANIC: dst is sliced to src.len(); src.len() <= FSP_PKEY_SIZE per `get_section`.
sigs.public_key[..pkey_section.len()].copy_from_slice(pkey_section);
// PANIC: dst is sliced to src.len(); src.len() <= FSP_SIG_SIZE per `get_section`.
sigs.signature[..sig_section.len()].copy_from_slice(sig_section);
Ok(())
}),
GFP_KERNEL,
)?;