On Mon, 2023-11-06 at 01:36 +0000, CK Hu (胡俊光) wrote:
> On Sun, 2023-11-05 at 13:35 +0000, Jason-JH Lin (林睿祥) wrote:
> > Hi CK,
> > 
> > On Thu, 2023-10-26 at 02:26 +0000, CK Hu (胡俊光) wrote:
> > > Hi, Jason:
> > > 
> > > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > > Add cmdq_insert_backup_cookie to append some commands before
> > > > EOC:
> > > > 1. Get GCE HW thread execute count from the GCE HW register.
> > > > 2. Add 1 to the execute count and then store into a shared
> > > > memory.
> > > 
> > > I think when cmdq driver handler interrupt, it could simply call
> > > into
> > > TEE with an API to query status. The status not only the execute
> > > count,
> > > but also other message including error information. So it's not
> > > necessary to use such non-tricky way to get execute count.
> > 
> > The reason why we use shared memory to record execute count here
> > is:
> > 1. normal world can not access the register of secure GCE thread in
> > normal world.
> > 2. calling TEE invoke cmd in the irq handler would be expensive and
> > not
> > stable. I've tested that a single TEE invloke cmd to CMDQ PTA costs
> > 19~53 us. Maybe it would cost more during the scenario that needs
> > more
> > CPU loading.
> 
> Add this to comment.
> 
OK, I'll add this to comment.

Regards,
Jason-JH.Lin

> > 
> > > 
> > > One more question. The command buffer is not secure. Does the GCE
> > > hardware execute this non-secure command buffer?
> > > 
> > 
> > GCE command buffer is generate in the normal world first. Then it
> > will
> > be copied to the shared memory and pass to the secure world. All
> > the
> > instruction in command buffer will be verified in secure world then
> > they will be copied to the secure command buffer and executed by
> > GCE
> > secure thread. I'll add this information to the cover letter at the
> > next version.
> > 
> > Regards
> > Jason-JH.Lin
> > 
> > > Regards,
> > > CK
> > >