The relationship between FSP/SEC2 and FALCON？ (original) (raw)

According to the description in NVIDIA/open-gpu-kernel-modules, FSP, SEC2, and FALCON are all micro-architecture modules used in CC mode. I previously believed that FSP served as the RoT(root of trust) in device attestation, FALCON acted as the task scheduling module for the bootloader, and SEC2 was responsible for encryption/decryption tasks during workload launch. However, while reading the code at gpu-admin-tools, I became confused. It seemed that FALCON is a conceptual role, while FSP could take on this role? I would like to inquire about how these three components are divided in terms of responsibilities within confidential computing.

See Are the On-Die Root of Trust and SEC2 security microcontroller physically the same thing? and see if that answers your question. The Falcon microcontrollers have all been replaced by RISC-V microcontrollers, but some terminology still remains.

Thank you for your reply！
So, can I consider Falcon as a physical module with functions similar to RISC-V? Does it handle encryption/decryption tasks, or only manage task scheduling?
Additionally, I watched the video linked in the previous message, where FMC and SMC were mentioned in the context of deriving attestation key. Could you clarify the full names of FMC and SMC?

See https://www.youtube.com/watch?v=gg1lISJfJI0 for information on Falcon, but they have no bearing on confidential compute or any recent hardware.

FMC = First Mutable Code
SMC = Second Mutable Code

Thank you very much for your explanation. I have reviewed the content in the video link you provided. According to the video description, in older GPU architectures, Falcon included crypto accelerators and performed the role of the current FSP (e.g., verifying ucode signatures). Now, Falcon is integrated as an interface within the RISC-V core and continues to handle security-related functions. This seems to contradict your earlier statement that “they have no bearing on confidential compute or any recent hardware.” Could you Provide a more detailed explanation about this?

Additionally, I’m curious whether all the security tasks previously handled by Falcon have now been offloaded to FSP?