From: "Yong Wu (吴勇)" <Yong.Wu@mediatek.com>
To: "ckoenig.leichtzumerken@gmail.com"
<ckoenig.leichtzumerken@gmail.com>,
"jkardatzke@google.com" <jkardatzke@google.com>,
"contact@emersion.fr" <contact@emersion.fr>
Cc: "sumit.semwal@linaro.org" <sumit.semwal@linaro.org>,
"nicolas@ndufresne.ca" <nicolas@ndufresne.ca>,
"robh+dt@kernel.org" <robh+dt@kernel.org>,
"jstultz@google.com" <jstultz@google.com>,
"linux-mediatek@lists.infradead.org"
<linux-mediatek@lists.infradead.org>,
"quic_vjitta@quicinc.com" <quic_vjitta@quicinc.com>,
"christian.koenig@amd.com" <christian.koenig@amd.com>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>,
"Jianjiao Zeng (曾健姣)" <Jianjiao.Zeng@mediatek.com>,
"Kuohong Wang (王國鴻)" <kuohong.wang@mediatek.com>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"linaro-mm-sig@lists.linaro.org" <linaro-mm-sig@lists.linaro.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
"conor+dt@kernel.org" <conor+dt@kernel.org>,
"benjamin.gaignard@collabora.com"
<benjamin.gaignard@collabora.com>,
"tjmercier@google.com" <tjmercier@google.com>,
"krzysztof.kozlowski+dt@linaro.org"
<krzysztof.kozlowski+dt@linaro.org>,
"matthias.bgg@gmail.com" <matthias.bgg@gmail.com>,
"joakim.bech@linaro.org" <joakim.bech@linaro.org>,
"ppaalanen@gmail.com" <ppaalanen@gmail.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"angelogioacchino.delregno@collabora.com"
<angelogioacchino.delregno@collabora.com>
Subject: Re: [PATCH v3 0/7] dma-buf: heaps: Add secure heap
Date: Tue, 9 Jan 2024 03:07:21 +0000 [thread overview]
Message-ID: <ac8107b8608de25a8d680863b28b075c4cd17140.camel@mediatek.com> (raw)
In-Reply-To: <160df81d-e5fa-4798-96d4-5ab1809a9680@gmail.com>
On Fri, 2024-01-05 at 10:35 +0100, Christian König wrote:
>
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
> Am 04.01.24 um 20:50 schrieb Jeffrey Kardatzke:
> > Any feedback from maintainers on what their preference is? I'm
> fine
> > with 'restricted' as well, but the main reason we chose secure was
> > because of its use in ARM nomenclature and this is more for ARM
> usage
> > than x86.
>
> Well AMD calls this "trusted", but I think that's just slightly
> better
> than "secure".
>
> +1 for using "restricted" cause that seems to match the technical
> consequences.
Thanks you all for the discussion and the conclusion. I will send v4 in
this week with "restricted".
>
> Regards,
> Christian.
>
> >
> > The main difference with similar buffers on AMD/Intel is that with
> > AMD/Intel the buffers are mappable and readable by the CPU in the
> > kernel. The problem is their contents are encrypted so you get junk
> > back if you do that. On ARM, the buffers are completely
> inaccessible
> > by the kernel and the memory controller prevents access to them
> > completely from the kernel.
> >
> > There are also other use cases for this where the hypervisor is
> what
> > is controlling access (second stage in the MMU is providing
> > isolation)....and in that case I do agree that 'secure' would not
> be
> > the right terminology for those types of buffers. So I do agree
> > something other than 'secure' is probably a better option overall.
> >
> >
> > On Fri, Dec 22, 2023 at 1:40 AM Simon Ser <contact@emersion.fr>
> wrote:
> >> On Wednesday, December 13th, 2023 at 15:16, Pekka Paalanen <
> ppaalanen@gmail.com> wrote:
> >>
> >>>>> It is protected/shielded/fortified from all the kernel and
> userspace,
> >>>>> but a more familiar word to describe that is inaccessible.
> >>>>> "Inaccessible buffer" per se OTOH sounds like a useless
> concept.
> >>>>>
> >>>>> It is not secure, because it does not involve security in any
> way. In
> >>>>> fact, given it's so fragile, I'd classify it as mildly opposite
> of
> >>>>> secure, as e.g. clients of a Wayland compositor can potentially
> DoS the
> >>>>> compositor with it by simply sending such a dmabuf. Or DoS the
> whole
> >>>>> system.
> >>>> I hear what you are saying and DoS is a known problem and attack
> vector,
> >>>> but regardless, we have use cases where we don't want to expose
> >>>> information in the clear and where we also would like to have
> some
> >>>> guarantees about correctness. That is where various secure
> elements and
> >>>> more generally security is needed.
> >>>>
> >>>> So, it sounds like we have two things here, the first is the
> naming and
> >>>> the meaning behind it. I'm pretty sure the people following and
> >>>> contributing to this thread can agree on a name that makes
> sense. Would
> >>>> you personally be OK with "restricted" as the name? It sounds
> like that.
> >>> I would. I'm also just a by-stander, not a maintainer of kernel
> >>> anything. I have no power to accept nor reject anything here.
> >> I'd also personally be OK with "restricted", I think it's a lot
> better
> >> than "secure".
> >>
> >> In general I agree with everything Pekka said.
>
prev parent reply other threads:[~2024-01-09 3:08 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-12 2:46 [PATCH v3 0/7] dma-buf: heaps: Add secure heap Yong Wu
2023-12-12 2:46 ` [PATCH v3 1/7] dt-bindings: reserved-memory: Add mediatek,dynamic-secure-region Yong Wu
2023-12-12 2:46 ` [PATCH v3 2/7] dma-buf: heaps: Initialize a secure heap Yong Wu
2023-12-12 2:46 ` [PATCH v3 3/7] dma-buf: heaps: secure_heap: Add private heap ops Yong Wu
2023-12-12 2:46 ` [PATCH v3 4/7] dma-buf: heaps: secure_heap: Add dma_ops Yong Wu
2023-12-12 2:46 ` [PATCH v3 5/7] dma-buf: heaps: secure_heap: Add MediaTek secure heap and heap_init Yong Wu
2023-12-12 2:46 ` [PATCH v3 6/7] dma-buf: heaps: secure_heap_mtk: Add tee memory service call Yong Wu
2023-12-12 2:46 ` [PATCH v3 7/7] dma_buf: heaps: secure_heap_mtk: Add a new CMA heap Yong Wu
2023-12-12 16:36 ` [PATCH v3 0/7] dma-buf: heaps: Add secure heap Simon Ser
2023-12-13 9:05 ` Pekka Paalanen
2023-12-13 10:15 ` Joakim Bech
2023-12-13 11:38 ` Pekka Paalanen
2023-12-13 13:22 ` Joakim Bech
2023-12-13 13:59 ` Christian König
2023-12-13 14:16 ` Pekka Paalanen
2023-12-22 9:40 ` Simon Ser
2024-01-04 19:50 ` Jeffrey Kardatzke
2024-01-05 9:35 ` Christian König
2024-01-09 3:07 ` Yong Wu (吴勇) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac8107b8608de25a8d680863b28b075c4cd17140.camel@mediatek.com \
--to=yong.wu@mediatek.com \
--cc=Jianjiao.Zeng@mediatek.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=christian.koenig@amd.com \
--cc=ckoenig.leichtzumerken@gmail.com \
--cc=conor+dt@kernel.org \
--cc=contact@emersion.fr \
--cc=devicetree@vger.kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=jkardatzke@google.com \
--cc=joakim.bech@linaro.org \
--cc=jstultz@google.com \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=kuohong.wang@mediatek.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=matthias.bgg@gmail.com \
--cc=nicolas@ndufresne.ca \
--cc=ppaalanen@gmail.com \
--cc=quic_vjitta@quicinc.com \
--cc=robh+dt@kernel.org \
--cc=sumit.semwal@linaro.org \
--cc=tjmercier@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox