[PATCH v2 6/8] dt-bindings: reserved-memory: Add secure CMA reserved memory range
Jeffrey Kardatzke
jkardatzke at google.com
Wed Nov 15 15:35:09 PST 2023
May I suggest the following for the device tree binding? (I'm not very
familiar w/ device trees, so apologies for any oversights, but trying
to process the feedback here and help move Mediatek along). This
should align with my other suggestions for having an MTK specific
portion to their secure heap implementation; which also means there
should be an MTK specific device tree binding.
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
%YAML 1.2
---
$id: http://devicetree.org/schemas/reserved-memory/mediatek,dynamic-secure-region.yaml#
$schema: http://devicetree.org/meta-schemas/core.yaml#
title: Mediatek Dynamic Reserved Region
description:
A memory region that can dynamically transition as a whole between
secure and non-secure states. This memory will be protected by OP-TEE
when allocations are active and unprotected otherwise.
maintainers:
- Yong Wu <yong.wu at mediatek.com>
allOf:
- $ref: reserved-memory.yaml
properties:
compatible:
const: mediatek,dynamic-secure-region
required:
- compatible
- reg
- reusable
unevaluatedProperties: false
examples:
- |
reserved-memory {
#address-cells = <1>;
#size-cells = <1>;
ranges;
reserved-memory at 80000000 {
compatible = "mediatek,dynamic-secure-region";
reusable;
reg = <0x80000000 0x18000000>;
};
};
On Tue, Nov 14, 2023 at 5:18 AM Robin Murphy <robin.murphy at arm.com> wrote:
>
> On 13/11/2023 6:37 am, Yong Wu (吴勇) wrote:
> [...]
> >>> +properties:
> >>> + compatible:
> >>> + const: secure_cma_region
> >>
> >> Still wrong compatible. Look at other bindings - there is nowhere
> >> underscore. Look at other reserved memory bindings especially.
> >>
> >> Also, CMA is a Linux thingy, so either not suitable for bindings at
> >> all,
> >> or you need Linux specific compatible. I don't quite get why do you
> >> evennot
> >> put CMA there - adding Linux specific stuff will get obvious
> >> pushback...
> >
> > Thanks. I will change to: secure-region. Is this ok?
>
> No, the previous discussion went off in entirely the wrong direction. To
> reiterate, the point of the binding is not to describe the expected
> usage of the thing nor the general concept of the thing, but to describe
> the actual thing itself. There are any number of different ways software
> may interact with a "secure region", so that is meaningless as a
> compatible. It needs to describe *this* secure memory interface offered
> by *this* TEE, so that software knows that to use it requires making
> those particular SiP calls with that particular UUID etc.
>
> Thanks,
> Robin.
More information about the Linux-mediatek
mailing list