Message ID | 20231111111559.8218-1-yong.wu@mediatek.com (mailing list archive) |
---|---|
Headers | show |
Series | dma-buf: heaps: Add secure heap | expand |
Hi! > This patchset adds three secure heaps: > 1) secure_mtk_cm: secure chunk memory for MediaTek SVP (Secure Video Path). > The buffer is reserved for the secure world after bootup and it is used > for vcodec's ES/working buffer; > 2) secure_mtk_cma: secure CMA memory for MediaTek SVP. This buffer is > dynamically reserved for the secure world and will be got when we start > playing secure videos, Once the security video playing is complete, the > CMA will be released. This heap is used for the vcodec's frame buffer. > 3) secure_cma: Use the kerne CMA ops as the allocation ops. > currently it is a draft version for Vijay and Jaskaran. Is there high-level description of what the security goals here are, somewhere? BR, Pavel
The main goal is for secure video playback, and to also enable other potential uses of this in the future. The 'secure dma-heap' will be used to allocate dma_buf objects that reference memory in the secure world that is inaccessible/unmappable by the non-secure (i.e. kernel/userspace) world. That memory will be used by the secure world to store secure information (i.e. decrypted media content). The dma_bufs allocated from the kernel will be passed to V4L2 for video decoding (as input and output). They will also be used by the drm system for rendering of the content. Hope that helps. Cheers, Jeff On Mon, Nov 13, 2023 at 3:38 AM Pavel Machek <pavel@ucw.cz> wrote: > > Hi! > > > This patchset adds three secure heaps: > > 1) secure_mtk_cm: secure chunk memory for MediaTek SVP (Secure Video Path). > > The buffer is reserved for the secure world after bootup and it is used > > for vcodec's ES/working buffer; > > 2) secure_mtk_cma: secure CMA memory for MediaTek SVP. This buffer is > > dynamically reserved for the secure world and will be got when we start > > playing secure videos, Once the security video playing is complete, the > > CMA will be released. This heap is used for the vcodec's frame buffer. > > 3) secure_cma: Use the kerne CMA ops as the allocation ops. > > currently it is a draft version for Vijay and Jaskaran. > > Is there high-level description of what the security goals here are, > somewhere? > > BR, > Pavel > -- > People of Russia, stop Putin before his war on Ukraine escalates.
Hi We have sent a patch series at [1] using this series to add support for Qualcomm secure heaps. Instead of TEE calls, it uses qcom_scm_assign_mem() to secure the memory. Thanks, Pratyush [1] https://lore.kernel.org/lkml/cover.1700544802.git.quic_vjitta@quicinc.com/