| |
| ▲ | mjg59 5 days ago | parent | next [-] | | The driver that initialises your plug-in GPU is shipped in flash on the card, is signed by Microsoft, and won't run unless that signature validates. | | |
| ▲ | ThePowerOfFuet 3 days ago | parent | next [-] | | I am reticent to argue with someone of your reputation, but AFAIK UEFI can initialize a basic framebuffer (and write to it) in a standardized manner without needing any ROM on the card. https://wiki.osdev.org/GOP | | |
| ▲ | mjg59 3 days ago | parent [-] | | The GOP driver is provided by the card, and then exposes a standardised interface to the firmware. |
| |
| ▲ | tsimionescu 4 days ago | parent | prev [-] | | Doesn't that happen only after UEFI starts the boot process, and only if Secure Boot is enabled? | | |
| ▲ | mjg59 4 days ago | parent [-] | | I don't understand what "UEFI starts the boot process" means? The firmware is what initialises the hardware. If the code needed to initialise your GPU doesn't have a trusted signature then it won't be executed, and you won't have any working graphics, so you won't have a UI to let you disable secure boot. If secure boot isn't enabled in the first place then yes this isn't a problem. |
|
| |
| ▲ | tux3 4 days ago | parent | prev [-] | | The GPU is initialized earlier, so that the screen turns on. The GPU driver can access main memory through the bus. If you let arbitrary code run before you start checking, you don't have a secure boot chain. |
|
