Hi Vijayanand,
Thanks very much for your review.
On Thu, 2023-10-19 at 10:15 +0530, Vijayanand Jitta wrote:
External email : Please do not click links or open attachments until you have verified the sender or the content.
On 9/11/2023 8:00 AM, Yong Wu wrote:
Add TEE service call for secure memory allocating/freeing.
Signed-off-by: Anan Sun anan.sun@mediatek.com Signed-off-by: Yong Wu yong.wu@mediatek.com
drivers/dma-buf/heaps/mtk_secure_heap.c | 69
++++++++++++++++++++++++-
1 file changed, 68 insertions(+), 1 deletion(-)
diff --git a/drivers/dma-buf/heaps/mtk_secure_heap.c b/drivers/dma-
buf/heaps/mtk_secure_heap.c
index e3da33a3d083..14c2a16a7164 100644 --- a/drivers/dma-buf/heaps/mtk_secure_heap.c +++ b/drivers/dma-buf/heaps/mtk_secure_heap.c @@ -17,6 +17,9 @@ #define MTK_TEE_PARAM_NUM4 +#define TZCMD_MEM_SECURECM_UNREF7 +#define TZCMD_MEM_SECURECM_ZALLOC15
/*
- MediaTek secure (chunk) memory type
@@ -29,6 +32,8 @@ enum kree_mem_type { struct mtk_secure_heap_buffer { struct dma_heap*heap; size_tsize;
+u32sec_handle; }; struct mtk_secure_heap { @@ -80,6 +85,63 @@ static int mtk_kree_secure_session_init(struct
mtk_secure_heap *sec_heap)
return ret; } +static int +mtk_sec_mem_tee_service_call(struct tee_context *tee_ctx, u32
session,
unsigned int command, struct tee_param *params)+{ +struct tee_ioctl_invoke_arg arg = {0}; +int ret;
+arg.num_params = MTK_TEE_PARAM_NUM; +arg.session = session; +arg.func = command;
+ret = tee_client_invoke_func(tee_ctx, &arg, params); +if (ret < 0 || arg.ret) { +pr_err("%s: cmd %d ret %d:%x.\n", __func__, command, ret,
arg.ret);
+ret = -EOPNOTSUPP; +} +return ret; +}
+static int mtk_sec_mem_allocate(struct mtk_secure_heap *sec_heap, +struct mtk_secure_heap_buffer *sec_buf) +{ +struct tee_param params[MTK_TEE_PARAM_NUM] = {0}; +u32 mem_session = sec_heap->mem_session; +int ret;
+params[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; +params[0].u.value.a = SZ_4K;/* alignment */ +params[0].u.value.b = sec_heap->mem_type;/* memory type */ +params[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; +params[1].u.value.a = sec_buf->size; +params[2].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT;
+/* Always request zeroed buffer */ +ret = mtk_sec_mem_tee_service_call(sec_heap->tee_ctx, mem_session,
- TZCMD_MEM_SECURECM_ZALLOC, params);
I see here optee calls are being used to secure memory.
For a secure heap, there can be multiple ways on how we want to secure memory, for eg : by using qcom_scm_assign_mem.
This interface restricts securing memory to only optee calls. can we have a way to choose ops that we want to secure memory ?
Thanks for this suggestion. So it looks like there are four operations in the abstract ops. Something like this?
struct sec_memory_ops { int (*sec_memory_init)() //we need initialise tee session here. int (*sec_memory_alloc)() int (*sec_memory_free)() void (*sec_memory_uninit)() }
Do you also need tee operation like tee_client_open_session and tee_client_invoke_func? if so, your UUID and TEE command ID value are also different, right?
We may also need new macros on how to choose different sec_memory_ops since we don't have different bindings.
Thanks, Vijay