2015-10-21 16:32 GMT+02:00 James Morris jmorris@namei.org:
On Wed, 21 Oct 2015, Benjamin Gaignard wrote:
Secure Memory Allocation Framework goal is to be able to allocate memory that can be securing. There is so much ways to allocate and securing memory that SMAF doesn't do it by itself but need help of additional modules. To be sure to use the correct allocation method SMAF implement deferred allocation (i.e. allocate memory when only really needed)
Allocation modules (smaf-alloctor.h): SMAF could manage with multiple allocation modules at same time. To select the good one SMAF call match() to be sure that a module can allocate memory for a given list of devices. It is to the module to check if the devices are compatible or not with it allocation method.
Securing module (smaf-secure.h): The way of how securing memory it is done is platform specific. Secure module is responsible of grant/revoke memory access.
This documentation is highly inadequate.
If you give hints I will try to complete it and make it acceptable.
What does "allocate memory that can be securing" mean?
Maybe I could re-phrase it like that: "Secure Memory Allocation Framework goal is to be able to allocate memory that the platform can secure."
I'm trying to be generic here because each could have it own method to secure buffers.
-- James Morris jmorris@namei.org