Re: [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations

public inbox for op-tee@lists.trustedfirmware.org
 help / color / mirror / Atom feed

From: Lukas Wunner <lukas@wunner.de>
To: op-tee@lists.trustedfirmware.org
Subject: Re: [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations
Date: Thu, 26 Dec 2024 11:26:32 +0000	[thread overview]
Message-ID: <Z209ZegsmgN1xlNG@wunner.de> (raw)
In-Reply-To: < <CAFA6WYMEjT5EAG3AL8NpbET6L=M86LBgnhLnWirvDZg9cUUiuA@mail.gmail.com>>

[-- Attachment #1: Type: text/plain, Size: 1214 bytes --]

On Thu, Dec 26, 2024 at 11:29:23AM +0530, Sumit Garg wrote:
> On Tue, 24 Dec 2024 at 14:58, Lukas Wunner <lukas@wunner.de> wrote:
> > However in the case of restricted memory, the situation is exactly
> > the opposite:  The kernel may *not* be able to access the data,
> > but the crypto accelerator can access it just fine.
> >
> > I did raise a concern about this to the maintainer, but to no avail:
> > https://lore.kernel.org/r/Z1Kym1-9ka8kGHrM(a)wunner.de/
> 
> Herbert's point is valid that there isn't any point for mapping
> restricted memory in the kernel virtual address space as any kernel
> access to that space can lead to platform specific hardware error
> scenarios. And for that reason we simply disallow dma_buf_mmap() and
> don't support dma_buf_vmap() for DMA-bufs holding TEE restricted
> memory.

The API for signature generation/verification (e.g. crypto_sig_sign(),
crypto_sig_verify()) no longer accepts scatterlists, only buffers in
virtual address space:

https://lore.kernel.org/all/ZIrnPcPj9Zbq51jK(a)gondor.apana.org.au/

Hence in order to use buffers in restricted memory for signature
generation/verification, you'd need to map them into virtual address
space first.

Thanks,

Lukas

next      parent reply	other threads:[~2024-12-26 11:26 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] < <CAFA6WYMEjT5EAG3AL8NpbET6L=M86LBgnhLnWirvDZg9cUUiuA@mail.gmail.com>
2024-12-26 11:26 ` Lukas Wunner [this message]
2025-01-08 17:00   ` [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations Simona Vetter
     [not found] < <CAHUa44FkG1NAWpoW8UVBywv44XW_mjAJa32PcC9mcmiOLdiRqw@mail.gmail.com>
2025-03-04  7:45 ` Sumit Garg
2025-03-18 18:38   ` Nicolas Dufresne
2025-03-19  7:37     ` Jens Wiklander
     [not found] < <CAPj87rN7J6u9NsviAdw8=OenEYc8t719Lds6u6-BhFKrtkLZ-A@mail.gmail.com>
2025-03-04  7:17 ` Jens Wiklander
     [not found] < <CAFA6WYMLLLSuz3y5J+DuRFAGrmwpZoWax5sasfAUhXoQXmrNNA@mail.gmail.com>
2025-02-21 14:12 ` Daniel Stone
     [not found] < <CAPj87rN-OYTzh5=Gdv619UQD5=x=U6Yt=uV4N1kCs4Zao4RVAg@mail.gmail.com>
2025-02-19 13:22 ` Simona Vetter
2025-02-21 11:24 ` Sumit Garg
     [not found] < <CAFA6WYPc6EHQwcPuMZRm4C1P6SoDrCzEPUmju_meupB6NXQ1sg@mail.gmail.com>
2025-02-18 16:22 ` Daniel Stone
     [not found] < <CAFA6WYOuTwRPEh3L7+hMyARB_E73xmp+OwhKyS-r4+ryS7=9sw@mail.gmail.com>
2025-02-14 15:48 ` Boris Brezillon
2025-02-17  6:12   ` Sumit Garg
     [not found] < <CAHUa44Gs0D1fBD0=+EDgcQUMeDv4knci9trUkYEc1J98qFV7HQ@mail.gmail.com>
2025-02-14 13:07 ` Sumit Garg
     [not found] < <CAPj87rPHnME5Osgnf5-FSAu22mDpLj=dzvhi_NqEcOwr1ThgGw@mail.gmail.com>
2025-02-14 10:07 ` Jens Wiklander
     [not found] < <CAHUa44G9hw-z6wzxg=HkVAxPKEW1yES5JTEqRWMvJUJAtcUDkQ@mail.gmail.com>
2025-02-13 17:39 ` Daniel Stone
     [not found] < <CAPj87rM5Y=-Jgf4mwukicF6Yb-vccn2fpG2X1jNq0upH2+cAEQ@mail.gmail.com>
2025-02-13 15:57 ` Jens Wiklander
     [not found] < <CAFA6WYOJkSRsH-15QdqXNMd08Q=Dg4NkRd1Cr9LXA+5nozTF6g@mail.gmail.com>
2025-02-13 12:40 ` Boris Brezillon
2025-02-13 14:05   ` Daniel Stone
     [not found] < <CAFA6WYOaGEPj0xNEDBCoEmjJreEHChjQ2hyXRJ_CYoGhiBonfw@mail.gmail.com>
2025-02-13  8:19 ` Jens Wiklander
2025-02-13  8:35 ` Boris Brezillon
2025-02-13  9:16   ` Sumit Garg
     [not found] < <CAFA6WYNVHu7_-bNAuTYBRBdoJwfk2VrW5M4aFVkb_UWQ=uxTvQ@mail.gmail.com>
2024-12-24  9:28 ` Lukas Wunner
2024-12-24  9:32   ` Lukas Wunner
2024-12-24 10:00     ` Dmitry Baryshkov
2024-12-26  5:59   ` Sumit Garg
2025-01-08 16:57 ` Simona Vetter
2025-01-09  6:08   ` Sumit Garg
2024-12-17 10:07 Jens Wiklander
2024-12-18 11:06 ` Simona Vetter
2024-12-24  6:35   ` Sumit Garg
2025-02-12 19:56 ` Boris Brezillon
2025-02-13  6:41   ` Sumit Garg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z209ZegsmgN1xlNG@wunner.de \
    --to=lukas@wunner.de \
    --cc=op-tee@lists.trustedfirmware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox