[PATCH v5 2/9] drm/mediatek: Add secure buffer control flow to mtk_drm_gem
Jason-JH Lin (林睿祥)
Jason-JH.Lin at mediatek.com
Tue May 28 00:06:40 PDT 2024
Hi Maxime,
[snip]
I'm sorry for losing your previous comment mail.
I finally found a way to import this mail back so I can reply to you.
> > - mtk_gem = mtk_gem_create(dev, args->size, false);
> > + if (args->flags & DRM_MTK_GEM_CREATE_ENCRYPTED)
> > + mtk_gem = mtk_gem_create_from_heap(dev, "mtk_svp_cma",
> > args->size);
>
> That heap doesn't exist upstream either. Also, I'm wondering if it's
> the
> right solution there.
>
Yes, I found that its name changed to "restricted_mtk_cma" in the
latest patch:
https://patchwork.kernel.org/project/linux-mediatek/patch/20240515112308.10171-10-yong.wu@mediatek.com/
> From what I can tell, you want to allow to create encrypted buffers
> from
> the TEE. Why do we need this as a DRM ioctl at all? A heap seems like
> the perfect solution to do so, and then you just have to import it
> into
> DRM.
>
OK, I'll try to change the userspace's ioctl from
DRM_IOCTL_MTK_GEM_CREATE to DMA_HEAP_IOCTL_ALLOC to get the buffer fd,
then import to DRM.
> I'm also not entirely sure that not having a SG list is enough to
> consider the buffer secure. Wouldn't a buffer allocated without a
> kernel
> mapping also be in that situation?
>
I have confirmed to Yong.Wu that secure buffer also have sg list, so
the secure checking method "!sg_page(sg->sgl)" will be deprecated.
Regards,
Jason-JH.Lin
> Maxime
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>
More information about the linux-arm-kernel
mailing list