Attendees

• Alex Elder
  Andy Harker
  Arnd Bergmann
  cgoldswo
  Dan Handley
  Deepti Jaggi
  Don
  Drew Reed
  Fred Gylys-Colwell
  Gen Shimada
  Grant Likely
  Jeff Kardatzke (Google)
  Jens Wiklander
  Jerome Forissier
  Jerome Forissier
  Joakim Bech
  Jonathan Cameron (Huawei)
  Kangkang Shen
  Kiyoshi Owada (Socionext)
  Leonardo Garcia
  Linus
  Mathieu Poirier
  Mike Holmes
  peter.zhang
  Prakash Gupta
  Prakash Gupta
  Prasad QC (shreyanash)
  Sebastian Ene
  Srini
  Sudarshan Rajagopalan
  Sukadev Bhattiprolu
  Sumit Semwal
  Thomas Gall
  Tim Benton
  T.J. Mercier
  Viktor Mårtensson (Google Pixel 7a)
  Vincent Guittot

   

Agenda

Linaro Technical Forum

• Recordings

• Purpose and target audience

• Future invites

  • How to get invited.

  • Meeting URL will change.

dma-buf and secure heaps

• For today's meeting we'd like to discuss dma-buf heaps and the interaction with secure enclaves and also virtualized environments. In short, this is a continuation of an email from me to the TSC in August last year (subject: "dma_buf heaps - unmapped heaps").
  
  

• Background: As a bit of background we've already had two meetings in Q4 last year for the dma-buf/SDP use case, where we've had attendees from various companies interested in this. Topics discussed and the notes from those two meetings can be found here. Besides a general "kick-off" discussion, our initial goal has is to try to define the properties and requirements we need on the dma-buf heaps used for Secure Data Path use cases. I intend to use the same document to take notes for this particular call as well.
  
  This meeting is not intended to take the place of the previously mentioned meetings. I intend to continue those as needed. However, we would like to see if we are able to get additional input from others. The attendees of the previous dma-buf/SDP meetings as well as a few others have been added to this invitation as optional attendees. Unfortunately I'm unable to make the time slot work for everyone because of the number of people who have been invited.
  
  On the coding side, Google together with MediaTek have sent a couple patches upstream (most recent patch set can be found here). 
  
  

• Challenges: There is a variety of challenges with this work, to name a few:

  • What are the properties we need for a secure heap? What are the requirements we need for a secure heap?

  • Communication protocols? SDP involves basically all exception levels + boot as well as runtime. In theory we have various candidates, VirtIO, FF-A, Transfer List (Firmware handoff), Device Tree etc etc, to name a few.

  • What interfaces and APIs do we need from various runtime environments?

  • Development platform where everything can be implemented and demonstrated.

  • Naming conventions? There is some resistance to naming things "secure" from Linux kernel point of view. "Restricted" has been discussed as an alternative name.

  • Talking about this kind of work is made more difficult due to the fact that DRM technology is a controversial subject that some people find extremely offensive. So on top of the technical challenges we also need to consider this when having discussions with various communities.
    
    

• Topics for today

  • Execution environments?

    • We’ve been very focused on things running on the host user space ↔︎ Linux kernel ↔︎ TrustZone (traditional TEE environment, OP-TEE, Trusty etc). What about other execution environments?

      • Virtualized environments: pKVM? Infotainment in Automotive?

      • Secure enclaves: What other secure enclaves should we consider?

  • Memory carveout

    • Currently a predefined area know to firmware and the OS.

    • As of know DT has been used to transfer information between execution stages. Transfer list is likely a future candidate.

    • The issue here is that it’s a hardcoded thing for each and every device. How can that be avoided? Run-time queries?

  • How to contribute?

    • Linux:

      • Linux kernel mailinglist

      • Reviewers: Always needed.

      • Subsystem maintainers: Often too busy and also it seems like people submitting patches often getting stuck between maintainers. It looks like DeviceTree, TEE, dma-buf and DRM graphics maintainers all need to be on board.

    • OP-TEE

      • Post questions and patches here: https://github.com/OP-TEE/optee_os

    • Widevine

      • Mainly developed by Google themselves, so start by reaching out to them.

    • V4L2

      • ???

    • Generally:

      • Send Joakim Bech <joakim.bech@linaro.org> an email to get included to the ad-hoc meetings.

Files, presentations and recording

• Recording

  • https://linaro-org.zoom.us/rec/share/cSNVrSF313ul0dlzRRF1v06N7dJvlYTCOPm1lPgfErQrKnQ34w7TnaMkHu0pjSg.IgvjU7LHwXCfOcTa

    Passcode: syRW@8X@

Notes

• Please see recording.

Chat

16:04:50 From Joakim Bech To Everyone:

https://linaro.atlassian.net/wiki/spaces/LTF/pages/29111451760/2024-01-17+LTF+-+dma+buf+Secure+Heaps#Agenda

16:26:35 From Dan Handley To Everyone:

Regarding terminology, "protected memory" was used in earlier Arm specifications relating to this.

16:40:27 From Alex Elder To Everyone:

This was why I asked about passing between VMs. Display and decrypt could conceivably be in different VMs.

16:45:15 From Alex Elder To Everyone:

Exactly what I was talking about, Fred...

16:45:20 From Alex Elder To Everyone:

Maybe I was not mistaken