1 // SPDX-License-Identifier: GPL-2.0 2 // SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 4 //! FSP is a hardware unit that runs FMC firmware. 5 6 use kernel::{ 7 device, 8 dma::Coherent, 9 firmware::Firmware, 10 prelude::*, // 11 }; 12 13 use crate::{ 14 firmware::elf, 15 gpu::Chipset, // 16 }; 17 18 /// Size of the FSP SHA-384 hash, in bytes. 19 const FSP_HASH_SIZE: usize = 48; 20 /// Maximum size of the FSP public key (RSA-3072), in bytes. 21 /// 22 /// The FMC ELF `publickey` section may be shorter, so the remaining bytes are zero-padded. 23 const FSP_PKEY_SIZE: usize = 384; 24 /// Maximum size of the FSP signature (RSA-3072), in bytes. 25 /// 26 /// The FMC ELF `signature` section may be shorter, so the remaining bytes are zero-padded. 27 const FSP_SIG_SIZE: usize = 384; 28 29 /// Structure to hold FMC signatures. 30 /// 31 /// C representation is used because this type is used for communication with the FSP. 32 #[derive(Debug, Clone, Copy, Zeroable)] 33 #[repr(C)] 34 pub(crate) struct FmcSignatures { 35 pub(crate) hash384: [u8; FSP_HASH_SIZE], 36 pub(crate) public_key: [u8; FSP_PKEY_SIZE], 37 pub(crate) signature: [u8; FSP_SIG_SIZE], 38 } 39 40 pub(crate) struct FspFirmware { 41 /// FMC firmware image data (only the "image" ELF section). 42 pub(crate) fmc_image: Coherent<[u8]>, 43 /// FMC firmware signatures. 44 pub(crate) fmc_sigs: KBox<FmcSignatures>, 45 } 46 47 impl FspFirmware { 48 pub(crate) fn new( 49 dev: &device::Device<device::Bound>, 50 chipset: Chipset, 51 ver: &str, 52 ) -> Result<Self> { 53 let fw = super::request_firmware(dev, chipset, "fmc", ver)?; 54 55 // FSP expects only the "image" section, not the entire ELF file. 56 let fmc_image_data = elf::elf_section(fw.data(), "image").ok_or_else(|| { 57 dev_err!(dev, "FMC ELF file missing 'image' section\n"); 58 EINVAL 59 })?; 60 let fmc_image = Coherent::from_slice(dev, fmc_image_data, GFP_KERNEL)?; 61 62 Ok(Self { 63 fmc_image, 64 fmc_sigs: Self::extract_fmc_signatures(&fw, dev)?, 65 }) 66 } 67 68 /// Extract FMC firmware signatures for Chain of Trust verification. 69 /// 70 /// Extracts real cryptographic signatures from FMC ELF32 firmware sections. 71 /// Returns signatures in a heap-allocated structure to prevent stack overflow. 72 fn extract_fmc_signatures( 73 fmc_fw: &Firmware, 74 dev: &device::Device, 75 ) -> Result<KBox<FmcSignatures>> { 76 let get_section = |name: &str, max_len: usize| { 77 elf::elf_section(fmc_fw.data(), name) 78 .ok_or(EINVAL) 79 .inspect_err(|_| dev_err!(dev, "FMC firmware missing '{}' section\n", name)) 80 .and_then(|section| { 81 if section.len() > max_len { 82 dev_err!( 83 dev, 84 "FMC {} section size {} > maximum {}\n", 85 name, 86 section.len(), 87 max_len 88 ); 89 Err(EINVAL) 90 } else { 91 Ok(section) 92 } 93 }) 94 }; 95 96 let hash_section = get_section("hash", FSP_HASH_SIZE)?; 97 let pkey_section = get_section("publickey", FSP_PKEY_SIZE)?; 98 let sig_section = get_section("signature", FSP_SIG_SIZE)?; 99 100 // The hash section is a SHA-384 output: it must be exactly FSP_HASH_SIZE bytes. 101 if hash_section.len() != FSP_HASH_SIZE { 102 dev_err!( 103 dev, 104 "FMC hash section size {} != expected {}\n", 105 hash_section.len(), 106 FSP_HASH_SIZE 107 ); 108 return Err(EINVAL); 109 } 110 111 // Initialize the signatures in place to avoid building the large `FmcSignatures` on the 112 // stack, then fill each section from the firmware. 113 let signatures = KBox::init( 114 pin_init::init_zeroed::<FmcSignatures>().chain(|sigs| { 115 // PANIC: src and dst lengths are both FSP_HASH_SIZE (verified above). 116 sigs.hash384.copy_from_slice(hash_section); 117 // PANIC: dst is sliced to src.len(); src.len() <= FSP_PKEY_SIZE per `get_section`. 118 sigs.public_key[..pkey_section.len()].copy_from_slice(pkey_section); 119 // PANIC: dst is sliced to src.len(); src.len() <= FSP_SIG_SIZE per `get_section`. 120 sigs.signature[..sig_section.len()].copy_from_slice(sig_section); 121 Ok(()) 122 }), 123 GFP_KERNEL, 124 )?; 125 126 Ok(signatures) 127 } 128 } 129