[PATCH RESEND,v6 8/8] soc: mediatek: mtk-cmdq: Add secure cmdq_pkt APIs

Jason-JH Lin (林睿祥) Jason-JH.Lin at mediatek.com
Tue May 28 08:33:00 PDT 2024


Hi CK,

On Tue, 2024-05-28 at 03:01 +0000, CK Hu (胡俊光) wrote:
> Hi, Jason:
> 
> On Sun, 2024-05-26 at 22:44 +0800, Jason-JH.Lin wrote:
> > Open secure cmdq_pkt APIs to support executing commands in secure
> > world.
> > 
> > 1. Add cmdq_sec_pkt_alloc_sec_data(), cmdq_sec_pkt_free_sec_data()
> > and
> >    cmdq_sec_pkt_set_data() to prepare the sec_data in cmdq_pkt that
> > will
> >    be referenced in the secure world.
> > 
> > 2. Add cmdq_sec_insert_backup_cookie() and cmdq_sec_pkt_write() to
> >    generate commands that need to be executed in the secure world.
> >    In cmdq_sec_pkt_write(), we need to prepare the metadata to
> > store
> >    buffer offset of the secure buffer handle because secure world
> > can
> >    only translate the start address of secure buffer by secure
> > handle.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin at mediatek.com>
> > Signed-off-by: Hsiao Chien Sung <shawn.sung at mediatek.com>
> > ---
> 
> [snip]
> 
> > +
> > +int cmdq_sec_pkt_set_data(struct cmdq_pkt *pkt, enum
> > cmdq_sec_scenario scenario)
> > +{
> > +	struct cmdq_sec_data *sec_data;
> > +	int ret;
> > +
> > +	if (!pkt) {
> > +		pr_err("invalid pkt:%p", pkt);
> > +		return -EINVAL;
> > +	}
> > +
> > +	ret = cmdq_sec_pkt_alloc_sec_data(pkt);
> > +	if (ret < 0)
> > +		return ret;
> > +
> > +	pr_debug("[%s %d] pkt:%p sec_data:%p scen:%u",
> > +		 __func__, __LINE__, pkt, pkt->sec_data, scenario);
> > +
> > +	sec_data = (struct cmdq_sec_data *)pkt->sec_data;
> > +	sec_data->scenario = scenario;
> > +
> > +	return 0;
> > +}
> 
> What does cmdq_sec_pkt_set_data() exactly do? It seems to
> enable/disable protection on hardware of certain pipeline.
> In future, you would use secure GCE for normal video and secure
> video.
> Would you also use secure display pipeline for both normal video and
> secure video?

I think I won't do that.

> If so, I think we could drop this function because the hardware is
> always protected.
> 
But we will use ENABLE and DISABLE scenario to notify secure world to
enable/disable the protection of secure buffer and register by setting
larb port and DAPC.

If there is secure memory output scenario (WiFi Display scenario) in
the same display pipeline as main display scenario, we will need to use
this scenario to differentiate them.

Regards,
Jason-JH.Lin

> Regards,
> CK
> 
> > +EXPORT_SYMBOL_GPL(cmdq_sec_pkt_set_data);
> > +


More information about the linux-arm-kernel mailing list