lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231213101549.lioqfzjxcvmqxqu3@pop-os.localdomain>
Date:   Wed, 13 Dec 2023 11:15:49 +0100
From:   Joakim Bech <joakim.bech@...aro.org>
To:     Pekka Paalanen <ppaalanen@...il.com>
Cc:     Simon Ser <contact@...rsion.fr>, Yong Wu <yong.wu@...iatek.com>,
        Rob Herring <robh+dt@...nel.org>,
        Sumit Semwal <sumit.semwal@...aro.org>,
        christian.koenig@....com,
        Matthias Brugger <matthias.bgg@...il.com>,
        dri-devel@...ts.freedesktop.org, John Stultz <jstultz@...gle.com>,
        Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
        Jeffrey Kardatzke <jkardatzke@...gle.com>,
        Benjamin Gaignard <benjamin.gaignard@...labora.com>,
        Vijayanand Jitta <quic_vjitta@...cinc.com>,
        Nicolas Dufresne <nicolas@...fresne.ca>,
        jianjiao.zeng@...iatek.com, linux-media@...r.kernel.org,
        devicetree@...r.kernel.org, Conor Dooley <conor+dt@...nel.org>,
        ckoenig.leichtzumerken@...il.com, linaro-mm-sig@...ts.linaro.org,
        linux-mediatek@...ts.infradead.org, tjmercier@...gle.com,
        linux-arm-kernel@...ts.infradead.org,
        AngeloGioacchino Del Regno 
        <angelogioacchino.delregno@...labora.com>,
        kuohong.wang@...iatek.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 0/7] dma-buf: heaps: Add secure heap

On Wed, Dec 13, 2023 at 11:05:17AM +0200, Pekka Paalanen wrote:
> On Tue, 12 Dec 2023 16:36:35 +0000
> Simon Ser <contact@...rsion.fr> wrote:
> 
> > Is there a chance to pick a better name than "secure" here?
> > 
> > "Secure" is super overloaded, it's not clear at all what it means from
> > just the name. Something like "restricted" would be an improvement.
> > 
> 
> My thoughts exactly. Every time I see "secure" used for something that
> either gives you garbage, refuses to work, or crashes your whole machine
> *intentionally* when you try to do normal usual things to it in
> userspace (like use it for GL texturing, or try to use KMS writeback), I
> get an unscratchable itch.
> 
> There is nothing "secure" from security perspective there for end users
> and developers. It's just inaccessible buffers.
> 
> I've been biting my lip until now, thinking it's too late.
> 
The characteristics we're looking for here is a buffer where the content
is inaccessible to the normal OS and user space, i.e., Non-secure EL0 to
EL2. I.e, the content of the buffer is meant to be used and accessible
primarily by the secure side and other devices that has been granted
access to it (for example decoders, display controllers if we're talking
about video use cases). However, since the use cases for this exercises
the whole stack, from non-secure user space (EL0) all the way to secure
user space (S-EL0), with various devices needing access to the buffer at
various times, it makes sense to let Linux manage the buffers, although
it still cannot access the content. That's the overall context.

As for the name, it's always difficult to find a name suitable precisely
describing what it is. "Secure" is perhaps vague, but it might still a
good choice, if you carefully describe what secure means for this
particular heap (in the source code and the documentation for it). For
example, the definition of "secure" for a secure heap as here could mean
that buffer content is inaccessible to the host OS and user space
running in normal world (using Arm nomenclature). I wouldn't have any
problems with calling it secure if, as said it's defined what we mean by
saying so. But I'm all ears for other suggestions as well.

Safe, protected, shielded, unreachable, isolated, inaccessible,
unaccessible, fortified, ... would any of these make more sense?

> 
> Thanks,
> pq

-- 
// Regards
Joakim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ