| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Oct 2023 10:01:19 +0000
From: Yong Wu (吴勇) <Yong.Wu@...iatek.com>
To: "matthias.bgg@...il.com" <matthias.bgg@...il.com>,
"christian.koenig@....com" <christian.koenig@....com>,
"quic_vjitta@...cinc.com" <quic_vjitta@...cinc.com>,
"robh+dt@...nel.org" <robh+dt@...nel.org>,
"sumit.semwal@...aro.org" <sumit.semwal@...aro.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mediatek@...ts.infradead.org"
<linux-mediatek@...ts.infradead.org>,
"jstultz@...gle.com" <jstultz@...gle.com>,
"linaro-mm-sig@...ts.linaro.org" <linaro-mm-sig@...ts.linaro.org>,
"linux-media@...r.kernel.org" <linux-media@...r.kernel.org>,
"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
Jianjiao Zeng (曾健姣)
<Jianjiao.Zeng@...iatek.com>,
Kuohong Wang (王國鴻)
<kuohong.wang@...iatek.com>,
Anan Sun (孙安安) <Anan.Sun@...iatek.com>,
"conor+dt@...nel.org" <conor+dt@...nel.org>,
"Brian.Starkey@....com" <Brian.Starkey@....com>,
"benjamin.gaignard@...labora.com" <benjamin.gaignard@...labora.com>,
"tjmercier@...gle.com" <tjmercier@...gle.com>,
"krzysztof.kozlowski+dt@...aro.org"
<krzysztof.kozlowski+dt@...aro.org>,
"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"angelogioacchino.delregno@...labora.com"
<angelogioacchino.delregno@...labora.com>
Subject: Re: [PATCH 6/9] dma-buf: heaps: mtk_sec_heap: Add tee service call
for buffer allocating/freeing
Hi Vijayanand,
Thanks very much for your review.
On Thu, 2023-10-19 at 10:15 +0530, Vijayanand Jitta wrote:
>
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
>
>
> On 9/11/2023 8:00 AM, Yong Wu wrote:
> > Add TEE service call for secure memory allocating/freeing.
> >
> > Signed-off-by: Anan Sun <anan.sun@...iatek.com>
> > Signed-off-by: Yong Wu <yong.wu@...iatek.com>
> > ---
> > drivers/dma-buf/heaps/mtk_secure_heap.c | 69
> ++++++++++++++++++++++++-
> > 1 file changed, 68 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/dma-buf/heaps/mtk_secure_heap.c b/drivers/dma-
> buf/heaps/mtk_secure_heap.c
> > index e3da33a3d083..14c2a16a7164 100644
> > --- a/drivers/dma-buf/heaps/mtk_secure_heap.c
> > +++ b/drivers/dma-buf/heaps/mtk_secure_heap.c
> > @@ -17,6 +17,9 @@
> >
> > #define MTK_TEE_PARAM_NUM4
> >
> > +#define TZCMD_MEM_SECURECM_UNREF7
> > +#define TZCMD_MEM_SECURECM_ZALLOC15
> > +
> > /*
> > * MediaTek secure (chunk) memory type
> > *
> > @@ -29,6 +32,8 @@ enum kree_mem_type {
> > struct mtk_secure_heap_buffer {
> > struct dma_heap*heap;
> > size_tsize;
> > +
> > +u32sec_handle;
> > };
> >
> > struct mtk_secure_heap {
> > @@ -80,6 +85,63 @@ static int mtk_kree_secure_session_init(struct
> mtk_secure_heap *sec_heap)
> > return ret;
> > }
> >
> > +static int
> > +mtk_sec_mem_tee_service_call(struct tee_context *tee_ctx, u32
> session,
> > + unsigned int command, struct tee_param *params)
> > +{
> > +struct tee_ioctl_invoke_arg arg = {0};
> > +int ret;
> > +
> > +arg.num_params = MTK_TEE_PARAM_NUM;
> > +arg.session = session;
> > +arg.func = command;
> > +
> > +ret = tee_client_invoke_func(tee_ctx, &arg, params);
> > +if (ret < 0 || arg.ret) {
> > +pr_err("%s: cmd %d ret %d:%x.\n", __func__, command, ret,
> arg.ret);
> > +ret = -EOPNOTSUPP;
> > +}
> > +return ret;
> > +}
> > +
> > +static int mtk_sec_mem_allocate(struct mtk_secure_heap *sec_heap,
> > +struct mtk_secure_heap_buffer *sec_buf)
> > +{
> > +struct tee_param params[MTK_TEE_PARAM_NUM] = {0};
> > +u32 mem_session = sec_heap->mem_session;
> > +int ret;
> > +
> > +params[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT;
> > +params[0].u.value.a = SZ_4K;/* alignment */
> > +params[0].u.value.b = sec_heap->mem_type;/* memory type */
> > +params[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT;
> > +params[1].u.value.a = sec_buf->size;
> > +params[2].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT;
> > +
> > +/* Always request zeroed buffer */
> > +ret = mtk_sec_mem_tee_service_call(sec_heap->tee_ctx, mem_session,
> > + TZCMD_MEM_SECURECM_ZALLOC, params);
>
> I see here optee calls are being used to secure memory.
>
> For a secure heap, there can be multiple ways on how we want to
> secure memory,
> for eg : by using qcom_scm_assign_mem.
>
> This interface restricts securing memory to only optee calls.
> can we have a way to choose ops that we want to secure memory ?
Thanks for this suggestion. So it looks like there are four operations
in the abstract ops. Something like this?
struct sec_memory_ops {
int (*sec_memory_init)() //we need initialise tee session here.
int (*sec_memory_alloc)()
int (*sec_memory_free)()
void (*sec_memory_uninit)()
}
Do you also need tee operation like tee_client_open_session and
tee_client_invoke_func?
if so, your UUID and TEE command ID value are also different, right?
We may also need new macros on how to choose different sec_memory_ops
since we don't have different bindings.
>
> Thanks,
> Vijay
Powered by blists - more mailing lists