From: Lukas Wunner <lukas@wunner.de>
To: Sumit Garg <sumit.garg@linaro.org>
Cc: simona.vetter@ffwll.ch,
"Jens Wiklander" <jens.wiklander@linaro.org>,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
op-tee@lists.trustedfirmware.org,
linux-arm-kernel@lists.infradead.org,
"Olivier Masse" <olivier.masse@nxp.com>,
"Thierry Reding" <thierry.reding@gmail.com>,
"Yong Wu" <yong.wu@mediatek.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Benjamin Gaignard" <benjamin.gaignard@collabora.com>,
"Brian Starkey" <Brian.Starkey@arm.com>,
"John Stultz" <jstultz@google.com>,
"T . J . Mercier" <tjmercier@google.com>,
"Christian König" <christian.koenig@amd.com>,
"Matthias Brugger" <matthias.bgg@gmail.com>,
"AngeloGioacchino Del Regno"
<angelogioacchino.delregno@collabora.com>,
azarrabi@qti.qualcomm.com
Subject: Re: [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations
Date: Thu, 26 Dec 2024 12:26:29 +0100 [thread overview]
Message-ID: <Z209ZegsmgN1xlNG@wunner.de> (raw)
In-Reply-To: <CAFA6WYMEjT5EAG3AL8NpbET6L=M86LBgnhLnWirvDZg9cUUiuA@mail.gmail.com>
On Thu, Dec 26, 2024 at 11:29:23AM +0530, Sumit Garg wrote:
> On Tue, 24 Dec 2024 at 14:58, Lukas Wunner <lukas@wunner.de> wrote:
> > However in the case of restricted memory, the situation is exactly
> > the opposite: The kernel may *not* be able to access the data,
> > but the crypto accelerator can access it just fine.
> >
> > I did raise a concern about this to the maintainer, but to no avail:
> > https://lore.kernel.org/r/Z1Kym1-9ka8kGHrM@wunner.de/
>
> Herbert's point is valid that there isn't any point for mapping
> restricted memory in the kernel virtual address space as any kernel
> access to that space can lead to platform specific hardware error
> scenarios. And for that reason we simply disallow dma_buf_mmap() and
> don't support dma_buf_vmap() for DMA-bufs holding TEE restricted
> memory.
The API for signature generation/verification (e.g. crypto_sig_sign(),
crypto_sig_verify()) no longer accepts scatterlists, only buffers in
virtual address space:
https://lore.kernel.org/all/ZIrnPcPj9Zbq51jK@gondor.apana.org.au/
Hence in order to use buffers in restricted memory for signature
generation/verification, you'd need to map them into virtual address
space first.
Thanks,
Lukas
next prev parent reply other threads:[~2024-12-26 11:26 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-17 10:07 [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations Jens Wiklander
2024-12-17 10:07 ` [PATCH v4 1/6] tee: add restricted memory allocation Jens Wiklander
2025-01-08 16:54 ` Simona Vetter
2025-01-09 7:17 ` Jens Wiklander
2025-02-13 8:44 ` Boris Brezillon
2024-12-17 10:07 ` [PATCH v4 2/6] optee: account for direction while converting parameters Jens Wiklander
2024-12-17 10:07 ` [PATCH v4 3/6] optee: sync secure world ABI headers Jens Wiklander
2024-12-17 10:07 ` [PATCH v4 4/6] optee: support restricted memory allocation Jens Wiklander
2024-12-17 10:07 ` [PATCH v4 5/6] optee: FF-A: dynamic " Jens Wiklander
2024-12-20 14:38 ` kernel test robot
2024-12-21 9:40 ` kernel test robot
2024-12-17 10:07 ` [PATCH v4 6/6] optee: smc abi: " Jens Wiklander
2024-12-18 11:06 ` [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations Simona Vetter
2024-12-24 6:35 ` Sumit Garg
2024-12-24 9:28 ` Lukas Wunner
2024-12-24 9:32 ` Lukas Wunner
2024-12-24 10:00 ` Dmitry Baryshkov
2024-12-26 5:59 ` Sumit Garg
2024-12-26 11:26 ` Lukas Wunner [this message]
2025-01-08 17:00 ` Simona Vetter
2025-01-08 16:57 ` Simona Vetter
2025-01-09 6:08 ` Sumit Garg
2025-02-12 19:56 ` Boris Brezillon
2025-02-13 6:41 ` Sumit Garg
2025-02-13 8:19 ` Jens Wiklander
2025-02-13 8:35 ` Boris Brezillon
2025-02-13 9:16 ` Sumit Garg
2025-02-13 12:40 ` Boris Brezillon
2025-02-13 14:05 ` Daniel Stone
2025-02-13 15:57 ` Jens Wiklander
2025-02-13 17:39 ` Daniel Stone
2025-02-14 10:07 ` Jens Wiklander
2025-02-14 13:07 ` Sumit Garg
2025-02-14 15:48 ` Boris Brezillon
2025-02-17 6:12 ` Sumit Garg
2025-02-18 16:22 ` Daniel Stone
2025-02-19 13:22 ` Simona Vetter
2025-02-21 11:24 ` Sumit Garg
2025-02-21 14:12 ` Daniel Stone
2025-03-04 7:17 ` Jens Wiklander
2025-03-04 7:45 ` Sumit Garg
2025-03-18 18:38 ` Nicolas Dufresne
2025-03-19 7:37 ` Jens Wiklander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z209ZegsmgN1xlNG@wunner.de \
--to=lukas@wunner.de \
--cc=Brian.Starkey@arm.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=azarrabi@qti.qualcomm.com \
--cc=benjamin.gaignard@collabora.com \
--cc=christian.koenig@amd.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=jens.wiklander@linaro.org \
--cc=jstultz@google.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=matthias.bgg@gmail.com \
--cc=olivier.masse@nxp.com \
--cc=op-tee@lists.trustedfirmware.org \
--cc=simona.vetter@ffwll.ch \
--cc=sumit.garg@linaro.org \
--cc=sumit.semwal@linaro.org \
--cc=thierry.reding@gmail.com \
--cc=tjmercier@google.com \
--cc=yong.wu@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox