[Cerowrt-devel] [Make-wifi-fast] [bufferbloat-fcc-discuss] arstechnica confirmstp-link router lockdown

Jonathan Morton chromatix99 at gmail.com
Tue Mar 15 05:38:42 EDT 2016

> On 15 Mar, 2016, at 05:47, dpreed at reed.com wrote:
> SoCs often have multiple functional units on the same die. For radios that allows for a pipeline. You can limit what an EPROM will accept with a crypto signature.
> This is common stuff.

As an example of this, AMD’s APUs and GPUs require several different firmware blobs to bring up their 3D capabilities.  The on-board BIOS supplies only what is necessary for basic SVGA framebuffer mode, which the operating system can use as a stopgap until the drivers are installed.

In Linux, these firmware blobs are identified by the IP block’s codename.  Most APUs and GPUs require a SUMO or SUMO2 blob to bring up the RAMDACs, and a separate GPU-specific blob (VERDE for my 7770) for the graphics engine itself, which takes up a much larger portion of the die.

I’m not sure whether these blobs are signed in AMD’s system, but they could be.  Their APUs have a Cortex-A5 based “secure processor” which could in principle be tied into the firmware-loading process, and probably has its own secure ROM.  A Cortex-M microcontroller core and ROM to do the job on a GPU would be tiny.

 - Jonathan Morton

More information about the Cerowrt-devel mailing list