Re: [PATCH 5/9] gpu: nova-core: add FSP and PRC protocol documentation
From: Alexandre Courbot
Date: Tue Jun 16 2026 - 04:18:54 EST
On Thu Jun 4, 2026 at 8:43 PM JST, Zhi Wang wrote:
> Add documentation for the Foundation Security Processor (FSP) interface
> covering the simplified Hopper/Blackwell boot flow, the Chain of Trust
> (COT) message protocol, the MCTP/NVDM message format, and the Product
> Reconfiguration Control (PRC) protocol used to query device configuration
> knobs such as vGPU mode.
>
> Signed-off-by: Zhi Wang <zhiw@xxxxxxxxxx>
This is super useful, thanks! One question below:
> ---
> Documentation/gpu/nova/core/fsp.rst | 142 ++++++++++++++++++++++++++++
> Documentation/gpu/nova/index.rst | 1 +
> 2 files changed, 143 insertions(+)
> create mode 100644 Documentation/gpu/nova/core/fsp.rst
>
> diff --git a/Documentation/gpu/nova/core/fsp.rst b/Documentation/gpu/nova/core/fsp.rst
> new file mode 100644
> index 000000000000..52d618d22bb8
> --- /dev/null
> +++ b/Documentation/gpu/nova/core/fsp.rst
> @@ -0,0 +1,142 @@
> +.. SPDX-License-Identifier: GPL-2.0
> +
> +===================================================
> +FSP (Foundation Security Processor) and Secure Boot
> +===================================================
> +This document describes the role of the FSP in the GPU boot sequence on
> +Hopper and Blackwell GPUs, and how it differs from the earlier Ampere boot
> +flow. It also provides a brief overview of the PRC (Product Reconfiguration
> +Control) protocol used to query device configuration through FSP. As with
> +other documents in this directory, the information is subject to change and
> +is intended to help developers understand the corresponding kernel code.
> +
> +What is FSP?
> +============
> +The Foundation Security Processor (FSP) is the GPU's Internal Root of Trust
> +(IROT). It is a dedicated security processor that boots from immutable ROM
> +(Boot ROM) inside the GPU and is responsible for establishing the Chain of
> +Trust before any other firmware is allowed to run.
> +
> +FSP runs independently of the host CPU and starts executing as soon as the
> +GPU is powered on. By the time the nova-core driver is loaded, FSP has
> +already completed its own secure boot and is ready to accept commands from
> +the driver.
> +
> +Simplified boot flow (Hopper/Blackwell)
> +=======================================
> +Starting with Hopper, the boot flow is significantly simplified compared to
> +earlier GPU generations like Ampere.
> +
> +On an **Ampere** GPU, the boot verification chain involves multiple Falcon
> +engines and multiple ucode stages (see falcon.rst for details)::
> +
> + Hardware BROM (SEC2)
Is this referring to FWSEC-FRTS? If so, should this be `GSP` instead of
`SEC2`?