On Wed, Jan 28, 2026 at 9:46 PM Viresh Kumar viresh.kumar@linaro.org wrote:
On 28-01-26, 07:41, Armelle Laine wrote:
Viresh, as a first step we could follow the approach used in the Trusty driver with a vendor-specific secure heap which is FFA-aware and can
select
LEND on specific buffers as well as setting the FFA tag.
If the heap can be FFA aware, it can make direct FFA calls and doesn't need to use dma-ops of the virtio-msg device (Vsock). This is exactly what I did in the very first implementation. This will work.
Bertrand, rightly, objected to it and suggested to use the dma-ops instead so we can have a unified path to making FFA share operations.
So until we get a proper solution to this, we can do:
- SHARE via system heap (with my current solution)
- LEND via FFA aware heap (won't upstream)
We also need to support "SEND_SECURE" when the FFA handle already exists. Shouldn't the heap rather be virtio-msg-ffa aware? wouldn't the heap also be responsible to invoke "FFA_BUS_MSG_AREA_SHARE" with both the FFA handle and the tag (for LEND or SEND_SECURE cases)?
Lets see if someone can suggest something else in the meantime.
-- viresh