Hacker News new | ask | show | jobs
by bri3d 550 days ago
> You can't lol. How do you wanna restore a blown fuse on nanometer level INSIDE the GPU die. Its simply not possible.

I wouldn't dismiss this so aggressively.

Frequently (more frequently than not), efuses are simply used as configuration fields checked by firmware. If that firmware can be modified, the value of the efuse can be ignored. It's substantially easier to implement a fused feature as a bit in a big bitfield of "chicken bits" in one-time programmable memory than to try to physically fuse off an entire power or clock domain, which would border on physically irreversible (this is done sometimes, but only where strictly necessary and not often).
2 comments
Kirby64 550 days ago
NVidia is smarter than this - they sign all their firmware, so you can't just modify the firmware and bypass this. No signed firmware means no functioning card. The famous example of this was the 'reduced hash functionality' RTX 3060 cards that accidentally had the 'reduced hash' feature disabled in a signed copy of firmware that Nvidia released. If they hadn't accidently released this firmware, the reduced hash stuff would have worked forever.
link
bri3d 550 days ago
I am indeed well aware of how firmware validation works. Finding a vulnerability in firmware validation is however much more likely than reversing OTP for almost all varieties of OTP, even NVidia’s firmware validation which is generally regarded as pretty strong.
link
nixosbestos 550 days ago
This reminds me of when Motorola introduced the first carrier-enforced, signature lock on Android with no "OEM Unlock" option and a bunch of ... questionably informed... people insisted it was by passable. (To my knowledge, it has not been bypassed, and jesus that was 15 years ago probably)

Granted, it's Nvidia, and they've been featured in devices that were notoriously hackable, but also, it's not 2018 anymore.

Needless to say, people should understand when they buy an Nvidia card, they should fully expect to use Nvidia firmware, with whatever that entails.

EDIT: I'd really like to remember the name of this device. It was the same era as Blackberry releasing... the Storm? Some resistitive-touch device with a physically clickable screen. Motorola Storm? I really wish I could recall. (sub-edit: I think the Storm was the Blackberry device. So something else...)

link
bri3d 549 days ago
Maybe the Fire? It looks like a Storm. I don't think they made any resistive Android devices though, even the original Droid was capacitive.

I think there might have been one or two OMX devices in this era with locked bootloaders that weren't bypassed due to a lack of research, but I actually find this example a bit amusing: early Qualcomm Motorola Android phones were touted as "unhackable" due to their use of fuses (Qualcomm even went on a marketing pitch calling them "Q-Fuses"), but were extremely quickly unlocked using trivial TrustZone supervisor vulnerabilities (iirc, there was an SMC that literally had a write-what-where primitive in it).

link
wmf 550 days ago
This is true but that's why the firmware is signed so you can't patch it.
link