| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a0c9d84f8a2d6efdfd7502f796e5629a8471c9eb.camel@mediatek.com>
Date: Tue, 26 Dec 2023 08:28:03 +0000
From: CK Hu (胡俊光) <ck.hu@...iatek.com>
To: "jassisinghbrar@...il.com" <jassisinghbrar@...il.com>,
"matthias.bgg@...il.com" <matthias.bgg@...il.com>,
Jason-JH Lin (林睿祥) <Jason-JH.Lin@...iatek.com>,
"angelogioacchino.delregno@...labora.com"
<angelogioacchino.delregno@...labora.com>, "robh+dt@...nel.org"
<robh+dt@...nel.org>, "krzysztof.kozlowski+dt@...aro.org"
<krzysztof.kozlowski+dt@...aro.org>, "chunkuang.hu@...nel.org"
<chunkuang.hu@...nel.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mediatek@...ts.infradead.org" <linux-mediatek@...ts.infradead.org>,
Singo Chang (張興國) <Singo.Chang@...iatek.com>,
Johnson Wang (王聖鑫) <Johnson.Wang@...iatek.com>,
"linux-media@...r.kernel.org" <linux-media@...r.kernel.org>,
"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
Jason-ch Chen (陳建豪)
<Jason-ch.Chen@...iatek.com>, Shawn Sung (宋孝謙)
<Shawn.Sung@...iatek.com>, "mchehab@...nel.org" <mchehab@...nel.org>,
Nancy Lin (林欣螢) <Nancy.Lin@...iatek.com>,
"conor+dt@...nel.org" <conor+dt@...nel.org>,
Project_Global_Chrome_Upstream_Group
<Project_Global_Chrome_Upstream_Group@...iatek.com>,
"linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH v3 8/9] mailbox: mediatek: Add CMDQ secure mailbox driver
Hi, Jason:
On Fri, 2023-12-22 at 12:52 +0800, Jason-JH.Lin wrote:
> To support secure video path feature, GCE have to read/write
> registgers
> in the secure world. GCE will enable the secure access permission to
> the
> HW who wants to access the secure content buffer.
>
> Add CMDQ secure mailbox driver to make CMDQ client user is able to
> sending their HW settings to the secure world. So that GCE can
> execute
> all instructions to configure HW in the secure world.
>
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@...iatek.com>
> ---
[snip]
> +
> +int cmdq_sec_pkt_write(struct cmdq_pkt *pkt, u32 addr, u64 base,
> + const enum cmdq_iwc_addr_metadata_type type,
> + const u32 offset, const u32 size, const u32
> port)
> +{
> + int ret;
> +
> + ret = cmdq_pkt_assign(pkt, CMDQ_THR_SPR_IDX0, addr);
> + if (ret)
> + return ret;
> +
> + ret = cmdq_pkt_write_s_reg_value(pkt, CMDQ_THR_SPR_IDX0,
> (u32)base);
> + if (ret)
> + return ret;
> +
> + return cmdq_sec_append_metadata(pkt, type, base, offset, size,
> port);
Why do you append this metadata? It looks like TEE would use this meta
data to check command is secure or not. But this meta data is in normal
world, so it may be modified by hacker. I think TEE should check
command buffer directly not by the meta data.
Regards,
CK
> +}
> +EXPORT_SYMBOL_GPL(cmdq_sec_pkt_write);
> +
Powered by blists - more mailing lists