Hacker News new | ask | show | jobs
by Kirby64 544 days ago
NVidia is smarter than this - they sign all their firmware, so you can't just modify the firmware and bypass this. No signed firmware means no functioning card. The famous example of this was the 'reduced hash functionality' RTX 3060 cards that accidentally had the 'reduced hash' feature disabled in a signed copy of firmware that Nvidia released. If they hadn't accidently released this firmware, the reduced hash stuff would have worked forever.
1 comments
bri3d 544 days ago
I am indeed well aware of how firmware validation works. Finding a vulnerability in firmware validation is however much more likely than reversing OTP for almost all varieties of OTP, even NVidia’s firmware validation which is generally regarded as pretty strong.
link
nixosbestos 544 days ago
This reminds me of when Motorola introduced the first carrier-enforced, signature lock on Android with no "OEM Unlock" option and a bunch of ... questionably informed... people insisted it was by passable. (To my knowledge, it has not been bypassed, and jesus that was 15 years ago probably)

Granted, it's Nvidia, and they've been featured in devices that were notoriously hackable, but also, it's not 2018 anymore.

Needless to say, people should understand when they buy an Nvidia card, they should fully expect to use Nvidia firmware, with whatever that entails.

EDIT: I'd really like to remember the name of this device. It was the same era as Blackberry releasing... the Storm? Some resistitive-touch device with a physically clickable screen. Motorola Storm? I really wish I could recall. (sub-edit: I think the Storm was the Blackberry device. So something else...)

link
bri3d 543 days ago
Maybe the Fire? It looks like a Storm. I don't think they made any resistive Android devices though, even the original Droid was capacitive.

I think there might have been one or two OMX devices in this era with locked bootloaders that weren't bypassed due to a lack of research, but I actually find this example a bit amusing: early Qualcomm Motorola Android phones were touted as "unhackable" due to their use of fuses (Qualcomm even went on a marketing pitch calling them "Q-Fuses"), but were extremely quickly unlocked using trivial TrustZone supervisor vulnerabilities (iirc, there was an SMC that literally had a write-what-where primitive in it).

link