Hi Jason, CK,
On Tue, 19 Sept 2023 at 04:04, Jason-JH.Lin jason-jh.lin@mediatek.com wrote:
The patch series provides drm driver support for enabling secure video path (SVP) playback on MediaiTek hardware in the Linux kernel.
[...]
Memory Usage in SVP: The overall flow of SVP starts with encrypted video coming in from an outside source into the REE. The REE will then allocate a 'secure buffer' and send the corresponding 'secure handle' along with the encrypted, compressed video data to the TEE. The TEE will then decrypt the video and store the result in the 'secure buffer'. The REE will then allocate a 'secure surface'. The REE will pass the 'secure handles' for both the 'secure buffer' and 'secure surface' into the TEE for video decoding. The video decoder HW will then decode the contents of the 'secure buffer' and place the result in the 'secure surface'. The REE will then attach the 'secure surface' to the overlay plane for rendering of the video.
Everything relating to ensuring security of the actual contents of the 'secure buffer' and 'secure surface' is out of scope for the REE and is the responsibility of the TEE.
DRM driver handles allocation of gem objects that are backed by a 'secure surface' and for displaying a 'secure surface' on the overlay plane. This introduces a new flag for object creation called DRM_MTK_GEM_CREATE_ENCRYPTED which indicates it should be a 'secure surface'. All changes here are in MediaTek specific code.
To be honest, it seems strange that DRM is being used as the allocator for buffers which will mostly be used by codec hardware which is not mentioned here. I can understand that minigbm and gbm_gralloc make this easy to implement, but it's not really right to add this all to mtk-drm just to support some codec features.
NXP posted a patchset a while ago to add secure-memory support to dma-heaps[0]. This would be much cleaner (e.g. avoiding strcmp on allocating name, avoiding mtk-drm being a render node when it can't render) I think, and also allow common secure-path semantics between different vendors.
Having common secure-path semantics between different vendors would be very helpful, because the first question when we add new uAPI is 'where is the open-source userspace?'. If there is at least a common interface through e.g. dma-heaps, then we could have some standard cross-vendor userspace code which would work well with the standard interface.
Cheers, Daniel
[0]: https://lore.kernel.org/lkml/20220805135330.970-2-olivier.masse@nxp.com/