QUOTE
GPU JTAG was reverse-engineered until a point where arbitrary PCI writes are
possible, up to a certain point. So that makes it possible to talk to each
PCI device in the system, including the NAND controller. So we can simply
use THAT instead of the SMC to start the DMA?
Right?
Well, not quite. The problem is that the "VM code", the code which does a
lot of system initialization, like the memory (that code is also responsible
for generating the 01xx "RROD"-Errors), sets a certain bit in some GPU
register, which disables the JTAG interface. The VM code is executed way
before the kernel is active. So this is fail, too.
possible, up to a certain point. So that makes it possible to talk to each
PCI device in the system, including the NAND controller. So we can simply
use THAT instead of the SMC to start the DMA?
Right?
Well, not quite. The problem is that the "VM code", the code which does a
lot of system initialization, like the memory (that code is also responsible
for generating the 01xx "RROD"-Errors), sets a certain bit in some GPU
register, which disables the JTAG interface. The VM code is executed way
before the kernel is active. So this is fail, too.
I have a nvidia geforce 9600. There have been tools to modify firmware fan speeds gpu speeds etc.
I was wondering if the cpu or VM code checks the gpu firmware with a hash?
If not couldn't one patch it to overlook "VM code" to disable jtag?
Or is jtag only access available to get to gpu and gpu firmware without software? What about J5C2?