Re: [PATCH 5/9] gpu: nova-core: add FSP and PRC protocol documentation

[Zhi Wang]

On Tue, 16 Jun 2026 17:17:34 +0900
"Alexandre Courbot" <acourbot@xxxxxxxxxx> wrote:

> On Thu Jun 4, 2026 at 8:43 PM JST, Zhi Wang wrote:
> > Add documentation for the Foundation Security Processor (FSP)
> > interface covering the simplified Hopper/Blackwell boot flow, the
> > Chain of Trust (COT) message protocol, the MCTP/NVDM message
> > format, and the Product Reconfiguration Control (PRC) protocol used
> > to query device configuration knobs such as vGPU mode.
> >
> > Signed-off-by: Zhi Wang <zhiw@xxxxxxxxxx>  
> 
> This is super useful, thanks! One question below:
> 
> > ---
> >  Documentation/gpu/nova/core/fsp.rst | 142
> > ++++++++++++++++++++++++++++ Documentation/gpu/nova/index.rst    |
> >  1 + 2 files changed, 143 insertions(+)
> >  create mode 100644 Documentation/gpu/nova/core/fsp.rst
> >
> > diff --git a/Documentation/gpu/nova/core/fsp.rst
> > b/Documentation/gpu/nova/core/fsp.rst new file mode 100644
> > index 000000000000..52d618d22bb8
> > --- /dev/null
> > +++ b/Documentation/gpu/nova/core/fsp.rst
> > @@ -0,0 +1,142 @@
> > +.. SPDX-License-Identifier: GPL-2.0
> > +
> > +===================================================
> > +FSP (Foundation Security Processor) and Secure Boot
> > +===================================================
> > +This document describes the role of the FSP in the GPU boot
> > sequence on +Hopper and Blackwell GPUs, and how it differs from the
> > earlier Ampere boot +flow. It also provides a brief overview of the
> > PRC (Product Reconfiguration +Control) protocol used to query
> > device configuration through FSP. As with +other documents in this
> > directory, the information is subject to change and +is intended to
> > help developers understand the corresponding kernel code. +
> > +What is FSP?
> > +============
> > +The Foundation Security Processor (FSP) is the GPU's Internal Root
> > of Trust +(IROT). It is a dedicated security processor that boots
> > from immutable ROM +(Boot ROM) inside the GPU and is responsible
> > for establishing the Chain of +Trust before any other firmware is
> > allowed to run. +
> > +FSP runs independently of the host CPU and starts executing as
> > soon as the +GPU is powered on. By the time the nova-core driver is
> > loaded, FSP has +already completed its own secure boot and is ready
> > to accept commands from +the driver.
> > +
> > +Simplified boot flow (Hopper/Blackwell)
> > +=======================================
> > +Starting with Hopper, the boot flow is significantly simplified
> > compared to +earlier GPU generations like Ampere.
> > +
> > +On an **Ampere** GPU, the boot verification chain involves
> > multiple Falcon +engines and multiple ucode stages (see falcon.rst
> > for details):: +
> > +     Hardware BROM (SEC2)  
> 
> Is this referring to FWSEC-FRTS? If so, should this be `GSP` instead
> of `SEC2`?

Hi Alex:

This refers to the BootROM in the SEC2 Peregrine. From the timeline
perspective, FWSEC-FRTS should be positioned as below. I was thinking to
show the brief differences of relationship between internal processors
so I omit the FWSEC-FRTS in the sequence. Do you think we should add it?

+     Hardware BROM (SEC2)
                    here  < ----- FWSEC-FRTS (GSP)
+          -> HS Booter (SEC2)
+               -> LS GSP-RM (GSP)

Z.