So, graphics cards have a ROM that you can export in GPU-Z (GPU-Z: An example of an application that will perform this task). Is it at all possible to find out what the specification is for a GPU ROM? I have an issue with one of my cards and would like to add a GOP partition to it in order to enable secure boot and remove the annoying watermark in Windows 8.1 about secure boot not being configured correctly.
Asked
Active
Viewed 808 times
1 Answers
1
Secure Boot, atleast as far as Windows is concerned, requires all Option ROMs to be signed by a recognised authority:
On a PC with Secure Boot enabled, option ROM drivers pose a security threat if they are not signed or not validated. Signature validation for option ROMs is a WHCK requirement.
There is also some ambiguity as to whether this is a part of the UEFI Secure Boot requirements, as documented in this GitHub issue.
It just so happens that the UEFI firmware defines and recognises its own format for OpROMs, as well as the manner of signing and verifying the OpROMs (Check the UEFI specification Section 14.4.2 of the UEFI Specification 2.7 A). That is the true origin of the support required from graphics card for secure boot.
VGA is a BIOS mechanism for software to use the display. GOP is a new graphics protocol defined by the UEFI specification, which would be loaded in the form of a UEFI driver (Ref). GOP support by the video card is needed for "Ultra Fast Boot" or "Super Fast Boot", and in general for "Pure" UEFI Boot without Legacy VGA Int 10h support. This is called UEFI Class 3, as opposed to Class 2 which also allows BIOS-ways of doing this. Notably, Windows 7 does not support GOP and hence UEFI Class 3.
The requirement for an EFI graphics card Option ROM seems to only coincidentally connect to GOP-compliance of graphics card Option ROM, seems coincidental, with only this document making the connection.
Milind R
- 907
- 1
- 12
- 29