| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 May 2024 03:01:00 +0000
From: CK Hu (胡俊光) <ck.hu@...iatek.com>
To: "jassisinghbrar@...il.com" <jassisinghbrar@...il.com>,
"matthias.bgg@...il.com" <matthias.bgg@...il.com>,
Jason-JH Lin (林睿祥) <Jason-JH.Lin@...iatek.com>,
"chunkuang.hu@...nel.org" <chunkuang.hu@...nel.org>, "robh+dt@...nel.org"
<robh+dt@...nel.org>, "krzysztof.kozlowski+dt@...aro.org"
<krzysztof.kozlowski+dt@...aro.org>,
"angelogioacchino.delregno@...labora.com"
<angelogioacchino.delregno@...labora.com>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Singo Chang (張興國) <Singo.Chang@...iatek.com>,
"linux-mediatek@...ts.infradead.org" <linux-mediatek@...ts.infradead.org>,
Jason-ch Chen (陳建豪)
<Jason-ch.Chen@...iatek.com>, "devicetree@...r.kernel.org"
<devicetree@...r.kernel.org>, Shawn Sung (宋孝謙)
<Shawn.Sung@...iatek.com>, Nancy Lin (林欣螢)
<Nancy.Lin@...iatek.com>, "conor+dt@...nel.org" <conor+dt@...nel.org>,
"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
Project_Global_Chrome_Upstream_Group
<Project_Global_Chrome_Upstream_Group@...iatek.com>,
"linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH RESEND,v6 8/8] soc: mediatek: mtk-cmdq: Add secure
cmdq_pkt APIs
Hi, Jason:
On Sun, 2024-05-26 at 22:44 +0800, Jason-JH.Lin wrote:
> Open secure cmdq_pkt APIs to support executing commands in secure world.
>
> 1. Add cmdq_sec_pkt_alloc_sec_data(), cmdq_sec_pkt_free_sec_data() and
> cmdq_sec_pkt_set_data() to prepare the sec_data in cmdq_pkt that will
> be referenced in the secure world.
>
> 2. Add cmdq_sec_insert_backup_cookie() and cmdq_sec_pkt_write() to
> generate commands that need to be executed in the secure world.
> In cmdq_sec_pkt_write(), we need to prepare the metadata to store
> buffer offset of the secure buffer handle because secure world can
> only translate the start address of secure buffer by secure handle.
>
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@...iatek.com>
> Signed-off-by: Hsiao Chien Sung <shawn.sung@...iatek.com>
> ---
[snip]
> +
> +int cmdq_sec_pkt_set_data(struct cmdq_pkt *pkt, enum cmdq_sec_scenario scenario)
> +{
> + struct cmdq_sec_data *sec_data;
> + int ret;
> +
> + if (!pkt) {
> + pr_err("invalid pkt:%p", pkt);
> + return -EINVAL;
> + }
> +
> + ret = cmdq_sec_pkt_alloc_sec_data(pkt);
> + if (ret < 0)
> + return ret;
> +
> + pr_debug("[%s %d] pkt:%p sec_data:%p scen:%u",
> + __func__, __LINE__, pkt, pkt->sec_data, scenario);
> +
> + sec_data = (struct cmdq_sec_data *)pkt->sec_data;
> + sec_data->scenario = scenario;
> +
> + return 0;
> +}
What does cmdq_sec_pkt_set_data() exactly do? It seems to enable/disable protection on hardware of certain pipeline.
In future, you would use secure GCE for normal video and secure video.
Would you also use secure display pipeline for both normal video and secure video?
If so, I think we could drop this function because the hardware is always protected.
Regards,
CK
> +EXPORT_SYMBOL_GPL(cmdq_sec_pkt_set_data);
> +
Powered by blists - more mailing lists