From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
To: Jeffrey Kardatzke <jkardatzke@google.com>,
Hans Verkuil <hverkuil-cisco@xs4all.nl>
Cc: "Yunfei Dong (董云飞)" <Yunfei.Dong@mediatek.com>,
"nhebert@chromium.org" <nhebert@chromium.org>,
"benjamin.gaignard@collabora.com"
<benjamin.gaignard@collabora.com>,
"nfraprado@collabora.com" <nfraprado@collabora.com>,
"angelogioacchino.delregno@collabora.com"
<angelogioacchino.delregno@collabora.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mediatek@lists.infradead.org"
<linux-mediatek@lists.infradead.org>,
"frkoenig@chromium.org" <frkoenig@chromium.org>,
"stevecho@chromium.org" <stevecho@chromium.org>,
"wenst@chromium.org" <wenst@chromium.org>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"daniel@ffwll.ch" <daniel@ffwll.ch>,
Project_Global_Chrome_Upstream_Group
<Project_Global_Chrome_Upstream_Group@mediatek.com>,
"hsinyi@chromium.org" <hsinyi@chromium.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH 12/14] media: medkatek: vcodec: set secure mode to decoder driver
Date: Thu, 21 Sep 2023 11:46:40 -0400 [thread overview]
Message-ID: <c7cd83c49a9226e72c272365653dc8b998b6adcb.camel@collabora.com> (raw)
In-Reply-To: <CA+ddPcPbox=mknpmDkwfYTfDMca49wU10SNF3mJspYu=5T64FQ@mail.gmail.com>
Le mercredi 20 septembre 2023 à 11:20 -0700, Jeffrey Kardatzke a écrit :
> > >
> > > Also, regarding MTK, these are stateless decoders. I think it would be nice to
> > > show use example code that can properly parse the un-encrypted header, pass the
> > > data to the decryptor and decode. There is a bit of mechanic in there that lacks
> > > clarification, a reference implementation would clearly help. Finally, does this
> > > platform offers some clearkey implementation (or other alternative) so we can do
> > > validation and regression testing? It would be very unfortunate to add feature
> > > upstream that can only be tested by proprietary CDM software.
> >
>
> It would be possible to use this with clearkey w/ some additional work
> on our end. If this is then part of the public ChromiumOS build, would
> that be satisfactory? (the TEE would have some binary blob components
> like firmware does though)
From my point of view, this would fully cover my concern. To clarify this
concern, the decryption into secure memory currently only ever take place in
proprietary code that implements the protection (Widewine CDM). With clear key,
we can have an open source CDM (made for testing purpose) so that we don't have
to have hidden code to test the entire pipeline. So appart from the TEE
firmware, which is just a firmware like all the others, we could have open
source tests in kernelCI and other CI, and we could extend these test to
eventually support other vendors.
Note that currently, with other proposal, one could allocate and fill a normal
buffer, and "secure" that buffer to test the CODECs and display, but on this
specific architecture, with the limitation on the number of secure regions, this
feature isn't available.
Alternatives to this end-to-end solution, we could consider a TA (Trusted
Application) that simply copy data from a untrusted chunk of memory into a
trusted chunk of memory. That seems like a cross-platform solution. It would be
even better if this get standardized in TEEs for course (or at least required
with all secure memory implementation). Then copying from untrusted to trusted
could easily become an ioctl generic to all TEE drivers. That to me would be
equally acceptable, and perhaps easier to use.
Nicolas
next prev parent reply other threads:[~2023-09-21 17:08 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-11 12:59 [PATCH 00/14] add driver to support secure video decoder Yunfei Dong
2023-09-11 12:59 ` [PATCH 01/14] media: mediatek: vcodec: add tee client interface to communiate with optee-os Yunfei Dong
2023-09-12 8:04 ` AngeloGioacchino Del Regno
2023-09-11 12:59 ` [PATCH 02/14] media: mediatek: vcodec: allocate tee share memory Yunfei Dong
2023-09-12 8:04 ` AngeloGioacchino Del Regno
2023-09-11 12:59 ` [PATCH 03/14] media: mediatek: vcodec: send share memory data to optee Yunfei Dong
2023-09-12 8:07 ` AngeloGioacchino Del Regno
2023-09-11 12:59 ` [PATCH 04/14] media: mediatek: vcodec: initialize msg and vsi information Yunfei Dong
2023-09-12 8:15 ` AngeloGioacchino Del Regno
2023-09-11 12:59 ` [PATCH 05/14] media: mediatek: vcodec: using encoder's device to alloc/free memory Yunfei Dong
2023-09-11 12:59 ` [PATCH 06/14] media: mediatek: vcodec: add interface to allocate/free secure memory Yunfei Dong
2023-09-11 12:59 ` [PATCH 07/14] media: mediatek: vcodec: using shared memory as vsi address Yunfei Dong
2023-09-11 12:59 ` [PATCH 08/14] media: medkatek: vcodec: support one plane capture buffer Yunfei Dong
2023-09-11 15:44 ` Nicolas Dufresne
2023-09-12 2:08 ` Yunfei Dong (董云飞)
2023-09-12 15:13 ` Nicolas Dufresne
2023-09-11 12:59 ` [PATCH 09/14] media: medkatek: vcodec: re-construct h264 driver to support svp mode Yunfei Dong
2023-09-11 12:59 ` [PATCH 10/14] media: medkatek: vcodec: remove parse nal_info in kernel Yunfei Dong
2023-09-11 12:59 ` [PATCH 11/14] media: medkatek: vcodec: covert secure fd to secure handle Yunfei Dong
2023-09-11 15:47 ` Nicolas Dufresne
2023-09-12 1:55 ` Yunfei Dong (董云飞)
2023-09-12 15:17 ` Nicolas Dufresne
2023-09-19 19:42 ` Nicolas Dufresne
2023-09-19 22:38 ` Jeffrey Kardatzke
2023-09-19 23:03 ` Nicolas Dufresne
2023-09-19 23:47 ` Jeffrey Kardatzke
2023-09-11 12:59 ` [PATCH 12/14] media: medkatek: vcodec: set secure mode to decoder driver Yunfei Dong
2023-09-11 15:54 ` Nicolas Dufresne
2023-09-12 1:48 ` Yunfei Dong (董云飞)
2023-09-12 15:19 ` Nicolas Dufresne
2023-09-12 9:30 ` Hans Verkuil
2023-09-15 8:25 ` Yunfei Dong (董云飞)
2023-09-15 8:54 ` Hans Verkuil
2023-09-18 9:06 ` Yunfei Dong (董云飞)
2023-09-18 20:57 ` Jeffrey Kardatzke
2023-09-19 8:53 ` Hans Verkuil
2023-09-19 18:51 ` Nicolas Dufresne
2023-09-19 19:49 ` Jeffrey Kardatzke
2023-09-20 7:10 ` Hans Verkuil
2023-09-20 18:13 ` Jeffrey Kardatzke
2023-09-20 18:25 ` Hans Verkuil
2023-09-20 7:20 ` Hans Verkuil
2023-09-20 18:20 ` Jeffrey Kardatzke
2023-09-21 15:46 ` Nicolas Dufresne [this message]
2023-09-21 17:58 ` Jeffrey Kardatzke
2023-09-22 3:28 ` Yunfei Dong (董云飞)
2023-09-22 8:44 ` Hans Verkuil
2023-09-22 19:17 ` Jeffrey Kardatzke
2023-09-25 9:00 ` Hans Verkuil
2023-09-25 16:51 ` Jeffrey Kardatzke
2023-09-26 20:59 ` Jeffrey Kardatzke
2023-09-27 7:26 ` Hans Verkuil
2023-09-27 18:30 ` Jeffrey Kardatzke
2023-09-19 19:39 ` Jeffrey Kardatzke
2023-09-18 5:51 ` Yunfei Dong (董云飞)
2023-09-11 12:59 ` [PATCH 13/14] media: medkatek: vcodec: disable wait interrupt for svp mode Yunfei Dong
2023-09-11 12:59 ` [PATCH 14/14] media: medkatek: vcodec: support tee decoder Yunfei Dong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c7cd83c49a9226e72c272365653dc8b998b6adcb.camel@collabora.com \
--to=nicolas.dufresne@collabora.com \
--cc=Project_Global_Chrome_Upstream_Group@mediatek.com \
--cc=Yunfei.Dong@mediatek.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=daniel@ffwll.ch \
--cc=devicetree@vger.kernel.org \
--cc=frkoenig@chromium.org \
--cc=hsinyi@chromium.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=jkardatzke@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=nfraprado@collabora.com \
--cc=nhebert@chromium.org \
--cc=stevecho@chromium.org \
--cc=wenst@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).