On Sun, 2023-11-05 at 13:04 +0000, Jason-JH Lin (林睿祥) wrote: > On Tue, 2023-10-31 at 06:01 +0000, CK Hu (胡俊光) wrote: > > Hi, Jason: > > > > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote: > > > To add secure flow support for mediatek-drm, each crtc have to > > > create a secure cmdq mailbox channel. Then cmdq packets with > > > display HW configuration will be sent to secure cmdq mailbox > > > channel > > > and configured in the secure world. > > > > > > Each crtc have to use secure cmdq interface to configure some > > > secure > > > settings for display HW before sending cmdq packets to secure > > > cmdq > > > mailbox channel. > > > > > > If any of fb get from current drm_atomic_state is secure, then > > > crtc > > > will switch to the secure flow to configure display HW. > > > If all fbs are not secure in current drm_atomic_state, then crtc > > > will > > > switch to the normal flow. > > > > > > Signed-off-by: Jason-JH.Lin > > > --- > > > drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 272 > > > ++++++++++++++++++++++- > > > drivers/gpu/drm/mediatek/mtk_drm_crtc.h | 1 + > > > drivers/gpu/drm/mediatek/mtk_drm_plane.c | 7 + > > > 3 files changed, 269 insertions(+), 11 deletions(-) > > > [snip] > > > + > > > +#if IS_REACHABLE(CONFIG_MTK_CMDQ) > > > +static void mtk_crtc_enable_secure_state(struct drm_crtc *crtc) > > > +{ > > > + enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT; > > > + int i; > > > + struct mtk_ddp_comp *ddp_first_comp; > > > + struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc); > > > + u64 sec_engine = 0; /* for hw engine write output secure fb */ > > > + u64 sec_port = 0; /* for larb port read input secure fb */ > > > + > > > + cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event, > > > false); > > > + > > > + ddp_first_comp = mtk_crtc->ddp_comp[0]; > > > + for (i = 0; i < mtk_crtc->layer_nr; i++) > > > + if (mtk_crtc->planes[i].type == DRM_PLANE_TYPE_CURSOR) > > > + sec_port |= > > > mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i); > > > + > > > + if (drm_crtc_index(crtc) == 0) > > > + sec_scn = CMDQ_SEC_PRIMARY_DISP; > > > + else if (drm_crtc_index(crtc) == 1) > > > + sec_scn = CMDQ_SEC_SUB_DISP; > > > + > > > + cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine, > > > sec_port, sec_scn); > > > > In cmdq driver, sec_engine means engine which need dapc. You set 0 > > to > > sec_engine, does it mean that no engine is protected by dapc? If > > OVL > > is > > not protected by dapc, I think we could use cmdq normal thread to > > write > > OVL register instead of cmdq secure thread. > > > > We enable DPAC protection for the engine that is able to write data > to > the DRAM address set on their register, such as WDMA and WROT, to > avoid > their register being set to the normal DRAM address. > > We enable larb port protection for the engine that is able to read > data > from the DRAM address, such as OVL, RDMA and MDP_RDMA, to avoid > secure > DRAM being read by the non-secure larb port. So we don't need > toenable > DAPC for these engines. > > No mater DAPC protection or larb port protection, they both need to > use > sec_engine to tell TEE which engines need to be protected. > > But OVL is a special HW engine, it can only set its > DISP_REG_OVL_SECURE > register in [PATCH v2 07/11] to enable its larb port protection, so > OVL > no need to set the sec_engine. But we'll move that part to the TEE > secure world, so that means OVL sec_engine will be set here in the > next > version. > > > It's weird that normal world could decide which engine is protected > > by > > dapc. If hacker set 0 for output engine, then outout engine would > > not > > be protected? > > > > If hacker set 0 for output engine, TEE world will check that output > engine didn't set sec_engine from normal world by verifying > instruction > where the output engine instruction set the secure handle. > > We still need to set sec_engine to check that all the sec_engine fags > are matched to the scenario and instruction verification in the > secure > world. So after secure scenario is set, TEE already have a sec_engine list. Let's call it TEE sec_engine list. And normal world has another sec_engine list, let's call it normal sec_engine list. Normal world pass normal sec_engine list to TEE by cmdq_sec_pkt_set_data() and TEE would check normal sec_engine list is identical to TEE sec_engine list or not. If TEE already have a TEE sec_engine list, I think it's not necessary that normal world have another normal sec_engine list. So drop this normal sec_engine list parameter. Regards, CK > > Regards, > Jason-JH.Lin > > > Regards, > > CK > > > > > + > > > + pr_debug("crtc-%d enable secure plane!\n", > > > drm_crtc_index(crtc)); > > > +} > > > +#endif > > >