From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8E9C6CDB47E for ; Fri, 13 Oct 2023 19:10:12 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 8E21A10E4F9; Fri, 13 Oct 2023 19:10:11 +0000 (UTC) Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by gabe.freedesktop.org (Postfix) with ESMTPS id BA9F310E639 for ; Fri, 13 Oct 2023 19:10:08 +0000 (UTC) Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1c9c496c114so26745ad.0 for ; Fri, 13 Oct 2023 12:10:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697224208; x=1697829008; darn=lists.freedesktop.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4kEcF0Pcfb3BOdaB7b/Xf8KkE2huQcs4DQyBywMHROs=; b=Cv2XvP4et+tvoGWpfimu/0N6G4YJBoAzmIvbnJXVvcPe+JYiwhUDP+lzThju6I+QYJ 4p5UU4RRUOOecIHVVr0ch1swItbb/KMuar+hwITOZu9tejKHZXWxix/YrtLf6GmItEIK WweTLLjtu1ixuKQ2yhDu3eYqYShi/j83x7OYt/n2Jbqn0/xNKXPelx15VKdsq2UVqcME gpNCOr7tJDh4SCq8yKriOFxzgE+DEWVwwALcZekojgP1IqTYi7yZy02scqvwhXlWn9VW A1un4IY/djRrRylQ0UjbAWbnCw42tPdcVs8fkSL1nCr8TvCCJ2mATdTjvd2g383Kfc1U AKLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697224208; x=1697829008; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4kEcF0Pcfb3BOdaB7b/Xf8KkE2huQcs4DQyBywMHROs=; b=MCgzQt7dMSuaegOP26e4fnaroLqQccdDcIVx+HLsjP0kmZSs3Q7Y0UHljmVwKyC05F QRJGFCN+W3H9ZHn5/koOLuX/3yv7t9Gz+NZIFPMkav3wajcowqh5/E5/Rd50zjtzAPr8 ZwmfBPo2vTA88XKscHSQitHXr0L7W/5cSGsstgvQhkpVk4PoFW3lcyTqjXPDx9s4enXd D8EcQKxsAOfaoAC38UUUnNf6ab2OMFD/6qcdGfdCPOW0TUvfqO1vzSzq8KqU7Q8mwSAN 7WTm4ybjFt38utuuINNATFZFGv1c4DQ8iTPJIGhWn74fdSQo1JeXYV+rmKzMInBVM7/J R3Ww== X-Gm-Message-State: AOJu0YysfNBcmJXevN3RLwAGAJNnJmljOhjD6gyZVc7o+j3ffzNsv2Q5 e5QQedlbvp+GFr7EgjgD+wmKK56l7fRZm3aNC7Np X-Google-Smtp-Source: AGHT+IGKN9LKa4pnWHe0J9IrDAa7S+BFquvJdvp9aBRfEmdsXiquMXBH6qQLs2Vcpz7mcrbh+QMIDresmbS3cWwl4OI= X-Received: by 2002:a17:903:1344:b0:1c5:59ea:84c3 with SMTP id jl4-20020a170903134400b001c559ea84c3mr5340plb.21.1697224207613; Fri, 13 Oct 2023 12:10:07 -0700 (PDT) MIME-Version: 1.0 References: <20230911023038.30649-1-yong.wu@mediatek.com> <20230911023038.30649-6-yong.wu@mediatek.com> <20230927134614.kp27moxdw72jiu4y@pop-os.localdomain> <3aaafe47-3733-a4d5-038d-a7e439309282@collabora.com> <80695726-1a98-12d4-ad7d-d731f2f3caeb@collabora.com> <32e515e1-b7a2-de3c-723b-ade3ec760b4d@collabora.com> In-Reply-To: <32e515e1-b7a2-de3c-723b-ade3ec760b4d@collabora.com> From: Jeffrey Kardatzke Date: Fri, 13 Oct 2023 12:09:55 -0700 Message-ID: Subject: Re: [PATCH 5/9] dma-buf: heaps: mtk_sec_heap: Initialise tee session To: Benjamin Gaignard Content-Type: multipart/alternative; boundary="00000000000000653a06079dce36" X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "linux-arm-kernel@lists.infradead.org" , "devicetree@vger.kernel.org" , "conor+dt@kernel.org" , "krzysztof.kozlowski+dt@linaro.org" , =?UTF-8?B?S3VvaG9uZyBXYW5nICjnjovlnIvptLsp?= , "linux-kernel@vger.kernel.org" , "dri-devel@lists.freedesktop.org" , "sumit.semwal@linaro.org" , "linaro-mm-sig@lists.linaro.org" , "robh+dt@kernel.org" , "linux-mediatek@lists.infradead.org" , =?UTF-8?B?SmlhbmppYW8gWmVuZyAo5pu+5YGl5aejKQ==?= , "tjmercier@google.com" , "matthias.bgg@gmail.com" , "jstultz@google.com" , Joakim Bech , "linux-media@vger.kernel.org" , "christian.koenig@amd.com" , =?UTF-8?B?WW9uZyBXdSAo5ZC05YuHKQ==?= , "angelogioacchino.delregno@collabora.com" Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" --00000000000000653a06079dce36 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sorry for the delayed reply, needed to get some more info. This really wouldn't be possible due to the limitation on the number of regions...for example only 32 regions can be defined on some SoCs, and you'd run out of regions really fast trying to do this. That's why this is creating heaps for those regions and then allocations are performed within the defined region is the preferred strategy. On Thu, Sep 28, 2023 at 11:54=E2=80=AFPM Benjamin Gaignard < benjamin.gaignard@collabora.com> wrote: > > Le 28/09/2023 =C3=A0 19:48, Jeffrey Kardatzke a =C3=A9crit : > > On Thu, Sep 28, 2023 at 1:30=E2=80=AFAM Benjamin Gaignard > > wrote: > >> > >> Le 27/09/2023 =C3=A0 20:56, Jeffrey Kardatzke a =C3=A9crit : > >>> On Wed, Sep 27, 2023 at 8:18=E2=80=AFAM Benjamin Gaignard > >>> wrote: > >>>> Le 27/09/2023 =C3=A0 15:46, Joakim Bech a =C3=A9crit : > >>>>> On Mon, Sep 25, 2023 at 12:49:50PM +0000, Yong Wu (=E5=90=B4=E5=8B= =87) wrote: > >>>>>> On Tue, 2023-09-12 at 11:32 +0200, AngeloGioacchino Del Regno wrot= e: > >>>>>>> Il 12/09/23 08:17, Yong Wu (=E5=90=B4=E5=8B=87) ha scritto: > >>>>>>>> On Mon, 2023-09-11 at 11:29 +0200, AngeloGioacchino Del Regno > >>>>>>>> wrote: > >>>>>>>>> Il 11/09/23 04:30, Yong Wu ha scritto: > >>>>>>>>>> The TEE probe later than dma-buf heap, and PROBE_DEDER doesn't > >>>>>>>>>> work > >>>>>>>>>> here since this is not a platform driver, therefore initialise > >>>>>>>>>> the > >>>>>>>>>> TEE > >>>>>>>>>> context/session while we allocate the first secure buffer. > >>>>>>>>>> > >>>>>>>>>> Signed-off-by: Yong Wu > >>>>>>>>>> --- > >>>>>>>>>> drivers/dma-buf/heaps/mtk_secure_heap.c | 61 > >>>>>>>>>> +++++++++++++++++++++++++ > >>>>>>>>>> 1 file changed, 61 insertions(+) > >>>>>>>>>> > >>>>>>>>>> diff --git a/drivers/dma-buf/heaps/mtk_secure_heap.c > >>>>>>>>>> b/drivers/dma- > >>>>>>>>>> buf/heaps/mtk_secure_heap.c > >>>>>>>>>> index bbf1c8dce23e..e3da33a3d083 100644 > >>>>>>>>>> --- a/drivers/dma-buf/heaps/mtk_secure_heap.c > >>>>>>>>>> +++ b/drivers/dma-buf/heaps/mtk_secure_heap.c > >>>>>>>>>> @@ -10,6 +10,12 @@ > >>>>>>>>>> #include > >>>>>>>>>> #include > >>>>>>>>>> #include > >>>>>>>>>> +#include > >>>>>>>>>> +#include > >>>>>>>>>> + > >>>>>>>>>> +#define TZ_TA_MEM_UUID "4477588a-8476-11e2-ad15- > >>>>>>>>>> e41f1390d676" > >>>>>>>>>> + > >>>>>>>>> Is this UUID the same for all SoCs and all TZ versions? > >>>>>>>> Yes. It is the same for all SoCs and all TZ versions currently. > >>>>>>>> > >>>>>>> That's good news! > >>>>>>> > >>>>>>> Is this UUID used in any userspace component? (example: Android > >>>>>>> HALs?) > >>>>>> No. Userspace never use it. If userspace would like to allocate th= is > >>>>>> secure buffer, it can achieve through the existing dmabuf IOCTL vi= a > >>>>>> /dev/dma_heap/mtk_svp node. > >>>>>> > >>>>> In general I think as mentioned elsewhere in comments, that there > isn't > >>>>> that much here that seems to be unique for MediaTek in this patch > >>>>> series, so I think it worth to see whether this whole patch set can > be > >>>>> made more generic. Having said that, the UUID is always unique for = a > >>>>> certain Trusted Application. So, it's not entirely true saying that > the > >>>>> UUID is the same for all SoCs and all TrustZone versions. It might = be > >>>>> true for a family of MediaTek devices and the TEE in use, but not > >>>>> generically. > >>>>> > >>>>> So, if we need to differentiate between different TA implementation= s, > >>>>> then we need different UUIDs. If it would be possible to make this > patch > >>>>> set generic, then it sounds like a single UUID would be sufficient, > but > >>>>> that would imply that all TA's supporting such a generic UUID would > be > >>>>> implemented the same from an API point of view. Which also means th= at > >>>>> for example Trusted Application function ID's needs to be the same > etc. > >>>>> Not impossible to achieve, but still not easy (different TEE follow= s > >>>>> different specifications) and it's not typically something we've > done in > >>>>> the past. > >>>>> > >>>>> Unfortunately there is no standardized database of TA's describing > what > >>>>> they implement and support. > >>>>> > >>>>> As an alternative, we could implement a query call in the TEE > answering, > >>>>> "What UUID does your TA have that implements secure unmapped heap?"= . > >>>>> I.e., something that reminds of a lookup table. Then we wouldn't > have to > >>>>> carry this in UAPI, DT or anywhere else. > >>>> Joakim does a TA could offer a generic API and hide the hardware > specific > >>>> details (like kernel uAPI does for drivers) ? > >>> It would have to go through another layer (like the tee driver) to be > >>> a generic API. The main issue with TAs is that they have UUIDs you > >>> need to connect to and specific codes for each function; so we should > >>> abstract at a layer above where those exist in the dma-heap code. > >>>> Aside that question I wonder what are the needs to perform a 'secure= ' > playback. > >>>> I have in mind 2 requirements: > >>>> - secure memory regions, which means configure the hardware to ensur= e > that only > >>>> dedicated hardware blocks and read or write into it. > >>>> - set hardware blocks in secure modes so they access to secure memor= y. > >>>> Do you see something else ? > >>> This is more or less what is required, but this is out of scope for > >>> the Linux kernel since it can't be trusted to do these things...this > >>> is all done in firmware or the TEE itself. > >> Yes kernel can't be trusted to do these things but know what we need > could help > >> to define a API for a generic TA. > >> > >> Just to brainstorm on mailing list: > >> What about a TA API like > >> TA_secure_memory_region() and TA_unsecure_memory_region() with > parameters like: > >> - device identifier (an ID or compatible string maybe) > >> - memory region (physical address, size, offset) > >> - requested access rights (read, write) > >> > >> and on kernel side a IOMMU driver because it basically have all this > information already > >> (device attachment, kernel map/unmap). > >> > >> In my mind it sound like a solution to limit the impact (new controls, > new memory type) > >> inside v4l2. Probably we won't need new heap either. > >> All hardware dedicated implementations could live inside the TA which > can offer a generic > >> API. > > The main problem with that type of design is the limitations of > > TrustZone memory protection. Usually there is a limit to the number of > > regions you can define for memory protection (and there is on > > Mediatek). So you can't pass an arbitrary memory region and mark it > > protected/unprotected at a given time. You need to establish these > > regions in the firmware instead and then configure those regions for > > protection in the firmware or the TEE. > > The TEE iommu could be aware of these limitations and merge the regions > when possible > plus we can define a CMA region for each device to limit the secured > memory fragmentation. > > > > >>>> Regards, > >>>> Benjamin > >>>> > --00000000000000653a06079dce36 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Sorry for the delayed reply, needed to get some more info.= This really wouldn't be possible due to the limitation on the number o= f regions...for example only 32 regions can be defined on some SoCs, and yo= u'd run out of regions really fast trying to do this. That's why th= is is creating heaps for those regions and then allocations are performed w= ithin the defined region is the preferred strategy.

On Thu, Sep 28, 2023 at = 11:54=E2=80=AFPM Benjamin Gaignard <benjamin.gaignard@collabora.com> wrote:

Le 28/09/2023 =C3=A0 19:48, Jeffrey Kardatzke a =C3=A9crit=C2=A0:
> On Thu, Sep 28, 2023 at 1:30=E2=80=AFAM Benjamin Gaignard
> <benjamin.gaignard@collabora.com> wrote:
>>
>> Le 27/09/2023 =C3=A0 20:56, Jeffrey Kardatzke a =C3=A9crit :
>>> On Wed, Sep 27, 2023 at 8:18=E2=80=AFAM Benjamin Gaignard
>>> <benjamin.gaignard@collabora.com> wrote:
>>>> Le 27/09/2023 =C3=A0 15:46, Joakim Bech a =C3=A9crit :
>>>>> On Mon, Sep 25, 2023 at 12:49:50PM +0000, Yong Wu (=E5= =90=B4=E5=8B=87) wrote:
>>>>>> On Tue, 2023-09-12 at 11:32 +0200, AngeloGioacchin= o Del Regno wrote:
>>>>>>> Il 12/09/23 08:17, Yong Wu (=E5=90=B4=E5=8B=87= ) ha scritto:
>>>>>>>> On Mon, 2023-09-11 at 11:29 +0200, AngeloG= ioacchino Del Regno
>>>>>>>> wrote:
>>>>>>>>> Il 11/09/23 04:30, Yong Wu ha scritto:=
>>>>>>>>>> The TEE probe later than dma-buf h= eap, and PROBE_DEDER doesn't
>>>>>>>>>> work
>>>>>>>>>> here since this is not a platform = driver, therefore initialise
>>>>>>>>>> the
>>>>>>>>>> TEE
>>>>>>>>>> context/session while we allocate = the first secure buffer.
>>>>>>>>>>
>>>>>>>>>> Signed-off-by: Yong Wu <yong.wu@mediatek.com= >
>>>>>>>>>> ---
>>>>>>>>>>=C2=A0 =C2=A0 =C2=A0 =C2=A0drivers/= dma-buf/heaps/mtk_secure_heap.c | 61
>>>>>>>>>> +++++++++++++++++++++++++
>>>>>>>>>>=C2=A0 =C2=A0 =C2=A0 =C2=A01 file c= hanged, 61 insertions(+)
>>>>>>>>>>
>>>>>>>>>> diff --git a/drivers/dma-buf/heaps= /mtk_secure_heap.c
>>>>>>>>>> b/drivers/dma-
>>>>>>>>>> buf/heaps/mtk_secure_heap.c
>>>>>>>>>> index bbf1c8dce23e..e3da33a3d083 1= 00644
>>>>>>>>>> --- a/drivers/dma-buf/heaps/mtk_se= cure_heap.c
>>>>>>>>>> +++ b/drivers/dma-buf/heaps/mtk_se= cure_heap.c
>>>>>>>>>> @@ -10,6 +10,12 @@
>>>>>>>>>>=C2=A0 =C2=A0 =C2=A0 =C2=A0#include= <linux/err.h>
>>>>>>>>>>=C2=A0 =C2=A0 =C2=A0 =C2=A0#include= <linux/module.h>
>>>>>>>>>>=C2=A0 =C2=A0 =C2=A0 =C2=A0#include= <linux/slab.h>
>>>>>>>>>> +#include <linux/tee_drv.h><= br> >>>>>>>>>> +#include <linux/uuid.h>
>>>>>>>>>> +
>>>>>>>>>> +#define TZ_TA_MEM_UUID=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 "4477588a-8476-11e2-ad15-
>>>>>>>>>> e41f1390d676"
>>>>>>>>>> +
>>>>>>>>> Is this UUID the same for all SoCs and= all TZ versions?
>>>>>>>> Yes. It is the same for all SoCs and all T= Z versions currently.
>>>>>>>>
>>>>>>> That's good news!
>>>>>>>
>>>>>>> Is this UUID used in any userspace component? = (example: Android
>>>>>>> HALs?)
>>>>>> No. Userspace never use it. If userspace would lik= e to allocate this
>>>>>> secure buffer, it can achieve through the existing= dmabuf IOCTL via
>>>>>> /dev/dma_heap/mtk_svp node.
>>>>>>
>>>>> In general I think as mentioned elsewhere in comments,= that there isn't
>>>>> that much here that seems to be unique for MediaTek in= this patch
>>>>> series, so I think it worth to see whether this whole = patch set can be
>>>>> made more generic. Having said that, the UUID is alway= s unique for a
>>>>> certain Trusted Application. So, it's not entirely= true saying that the
>>>>> UUID is the same for all SoCs and all TrustZone versio= ns. It might be
>>>>> true for a family of MediaTek devices and the TEE in u= se, but not
>>>>> generically.
>>>>>
>>>>> So, if we need to differentiate between different TA i= mplementations,
>>>>> then we need different UUIDs. If it would be possible = to make this patch
>>>>> set generic, then it sounds like a single UUID would b= e sufficient, but
>>>>> that would imply that all TA's supporting such a g= eneric UUID would be
>>>>> implemented the same from an API point of view. Which = also means that
>>>>> for example Trusted Application function ID's need= s to be the same etc.
>>>>> Not impossible to achieve, but still not easy (differe= nt TEE follows
>>>>> different specifications) and it's not typically s= omething we've done in
>>>>> the past.
>>>>>
>>>>> Unfortunately there is no standardized database of TA&= #39;s describing what
>>>>> they implement and support.
>>>>>
>>>>> As an alternative, we could implement a query call in = the TEE answering,
>>>>> "What UUID does your TA have that implements secu= re unmapped heap?".
>>>>> I.e., something that reminds of a lookup table. Then w= e wouldn't have to
>>>>> carry this in UAPI, DT or anywhere else.
>>>> Joakim does a TA could offer a generic API and hide the ha= rdware specific
>>>> details (like kernel uAPI does for drivers) ?
>>> It would have to go through another layer (like the tee driver= ) to be
>>> a generic API. The main issue with TAs is that they have UUIDs= you
>>> need to connect to and specific codes for each function; so we= should
>>> abstract at a layer above where those exist in the dma-heap co= de.
>>>> Aside that question I wonder what are the needs to perform= a 'secure' playback.
>>>> I have in mind 2 requirements:
>>>> - secure memory regions, which means configure the hardwar= e to ensure that only
>>>> dedicated hardware blocks and read or write into it.
>>>> - set hardware blocks in secure modes so they access to se= cure memory.
>>>> Do you see something else ?
>>> This is more or less what is required, but this is out of scop= e for
>>> the Linux kernel since it can't be trusted to do these thi= ngs...this
>>> is all done in firmware or the TEE itself.
>> Yes kernel can't be trusted to do these things but know what w= e need could help
>> to define a API for a generic TA.
>>
>> Just to brainstorm on mailing list:
>> What about a TA API like
>> TA_secure_memory_region() and TA_unsecure_memory_region() with par= ameters like:
>> - device identifier (an ID or compatible string maybe)
>> - memory region (physical address, size, offset)
>> - requested access rights (read, write)
>>
>> and on kernel side a IOMMU driver because it basically have all th= is information already
>> (device attachment, kernel map/unmap).
>>
>> In my mind it sound like a solution to limit the impact (new contr= ols, new memory type)
>> inside v4l2. Probably we won't need new heap either.
>> All hardware dedicated implementations could live inside the TA wh= ich can offer a generic
>> API.
> The main problem with that type of design is the limitations of
> TrustZone memory protection. Usually there is a limit to the number of=
> regions you can define for memory protection (and there is on
> Mediatek). So you can't pass an arbitrary memory region and mark i= t
> protected/unprotected at a given time. You need to establish these
> regions in the firmware instead and then configure those regions for > protection in the firmware or the TEE.

The TEE iommu could be aware of these limitations and merge the regions whe= n possible
plus we can define a CMA region for each device to limit the secured memory= fragmentation.

>
>>>> Regards,
>>>> Benjamin
>>>>
--00000000000000653a06079dce36--