1
I would like to prevent users from having the ability to flash the GPU bios, while still giving them the ability to run software on their workstation's GPU.
I'm open to a wide range of potential solutions (whatever works) including restricting user privileges, restricting users to a virtual machine, etc, again as long as they have access to run software on the GPU. It looks like the flashrom utility typically requires sudo access which is promising, but I don't know if that is a fundamental restriction on GPU flashing utilities or just a protection of that particular tool.
One reason I'm concerned about this issue is that apparently flashing the GPU bios can potentially damage the physical GPU
Andy
Posted 2016-10-21T04:05:55.670
Reputation: 11
3As far as I can tell, a user can't actually interface directly with the hardware without root access. A normal non-root user shouldn't be able to flash the VBIOS. – bwDraco – 2016-10-21T04:07:28.353
Thanks. However, I am able to run cuda code on the GPU (which is required for my use-case) without sudo/root access, so doesn't that constitute interfacing with the hardware? – Andy – 2016-10-21T04:10:15.240
3Running CUDA code goes through the graphics driver and therefore can be done in user mode (the driver, which is in kernel mode, handles the actual communication with the GPU). On the other hand, flashing the VBIOS requires direct access to the hardware and can't be done without root. – bwDraco – 2016-10-21T04:11:09.690
That sounds promising. It would be helpful if you have a link to further info or confirmation of this? Thanks! – Andy – 2016-10-21T04:13:55.317
BTW, the link you gave is about the BIOS of the video card (which is part of the BIOS that you see during boot), not the GPU. Changing the GPU microcode or something similar would be quite interesting, and I'd love to find out how to do that. :-) And yes, you need to be root to access any I2C EPROMS (no matter of VBIOS or main BIOS) etc. directly. – dirkt – 2016-10-21T06:27:58.433