Purpose of these patches is to add a new dma-buf heap: linaro,secure-heap
Linaro OPTEE OS Secure Data Path feature is relying on a reserved memory
defined at Linux Kernel level and OPTEE OS level.
From Linux Kernel side, heap management is using dma-buf heaps interface.
Olivier Masse (3):
dma-buf: heaps: add Linaro secure dmabuf heap support
dt-bindings: reserved-memory: add linaro,secure-heap
plat-hikey: Add linaro,secure-heap compatible
.../reserved-memory/linaro,secure-heap.yaml | 56 +++
.../arm64/boot/dts/hisilicon/hi6220-hikey.dts | 11 +
arch/arm64/configs/defconfig | 2 +
drivers/dma-buf/heaps/Kconfig | 9 +
drivers/dma-buf/heaps/Makefile | 1 +
drivers/dma-buf/heaps/secure_heap.c | 357 ++++++++++++++++++
6 files changed, 436 insertions(+)
create mode 100644 Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml
create mode 100644 drivers/dma-buf/heaps/secure_heap.c
--
2.25.0
DMABUF Reserved memory definition for OP-TEE SDP feaure.
Signed-off-by: Olivier Masse <[email protected]>
---
.../reserved-memory/linaro,secure-heap.yaml | 56 +++++++++++++++++++
1 file changed, 56 insertions(+)
create mode 100644 Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml
diff --git a/Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml b/Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml
new file mode 100644
index 000000000000..80522a4e2989
--- /dev/null
+++ b/Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml
@@ -0,0 +1,56 @@
+# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/reserved-memory/linaro,secure-heap.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: Linaro Secure DMABUF Heap
+
+maintainers:
+ - Olivier Masse <[email protected]>
+
+description:
+ Linaro OP-TEE firmware needs a reserved memory for the
+ Secure Data Path feature (aka SDP).
+ The purpose is to provide a secure memory heap which allow
+ non-secure OS to allocate/free secure buffers.
+ The TEE is reponsible for protecting the SDP memory buffers.
+ TEE Trusted Application can access secure memory references
+ provided as parameters (DMABUF file descriptor).
+
+allOf:
+ - $ref: "reserved-memory.yaml"
+
+properties:
+ compatible:
+ const: linaro,secure-heap
+
+ reg:
+ description:
+ Region of memory reserved for OP-TEE SDP feature
+
+ no-map:
+ $ref: /schemas/types.yaml#/definitions/flag
+ description:
+ Avoid creating a virtual mapping of the region as part of the OS'
+ standard mapping of system memory.
+
+unevaluatedProperties: false
+
+required:
+ - compatible
+ - reg
+ - no-map
+
+examples:
+ - |
+ reserved-memory {
+ #address-cells = <2>;
+ #size-cells = <2>;
+
+ sdp@3e800000 {
+ compatible = "linaro,secure-heap";
+ no-map;
+ reg = <0 0x3E800000 0 0x00400000>;
+ };
+ };
--
2.25.0
+Rob and devicetree list.
I don't know if this should be "linaro" or something more generic,
and also where previous discussions got to about DMA heaps in DT.
Cheers,
-Brian
On Fri, Aug 05, 2022 at 03:53:29PM +0200, Olivier Masse wrote:
> DMABUF Reserved memory definition for OP-TEE SDP feaure.
>
> Signed-off-by: Olivier Masse <[email protected]>
> ---
> .../reserved-memory/linaro,secure-heap.yaml | 56 +++++++++++++++++++
> 1 file changed, 56 insertions(+)
> create mode 100644 Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml
>
> diff --git a/Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml b/Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml
> new file mode 100644
> index 000000000000..80522a4e2989
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml
> @@ -0,0 +1,56 @@
> +# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/reserved-memory/linaro,secure-heap.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: Linaro Secure DMABUF Heap
> +
> +maintainers:
> + - Olivier Masse <[email protected]>
> +
> +description:
> + Linaro OP-TEE firmware needs a reserved memory for the
> + Secure Data Path feature (aka SDP).
> + The purpose is to provide a secure memory heap which allow
> + non-secure OS to allocate/free secure buffers.
> + The TEE is reponsible for protecting the SDP memory buffers.
> + TEE Trusted Application can access secure memory references
> + provided as parameters (DMABUF file descriptor).
> +
> +allOf:
> + - $ref: "reserved-memory.yaml"
> +
> +properties:
> + compatible:
> + const: linaro,secure-heap
> +
> + reg:
> + description:
> + Region of memory reserved for OP-TEE SDP feature
> +
> + no-map:
> + $ref: /schemas/types.yaml#/definitions/flag
> + description:
> + Avoid creating a virtual mapping of the region as part of the OS'
> + standard mapping of system memory.
> +
> +unevaluatedProperties: false
> +
> +required:
> + - compatible
> + - reg
> + - no-map
> +
> +examples:
> + - |
> + reserved-memory {
> + #address-cells = <2>;
> + #size-cells = <2>;
> +
> + sdp@3e800000 {
> + compatible = "linaro,secure-heap";
> + no-map;
> + reg = <0 0x3E800000 0 0x00400000>;
> + };
> + };
> --
> 2.25.0
>
Hi Brian,
It was part of a discussion during a Devicetree evolution meeting with
Bill Mills from Linaro.
I've done some modification to OPTEE OS and OPTEE TEST to support dma
buf:
OPTEE OS
https://github.com/OP-TEE/optee_os/commit/eb108a04369fbfaf60c03c0e00bbe9489a761c69
https://github.com/OP-TEE/optee_os/commit/513b0748d46e7eefa17dadb204289e49dc17f854
OPTEE TEST
https://github.com/OP-TEE/optee_test/commit/da5282a011b40621a2cf7a296c11a35c833ed91b
BR / Olivier
On ven., 2022-08-05 at 16:46 +0100, Brian Starkey wrote:
> Caution: EXT Email
>
> +Rob and devicetree list.
>
> I don't know if this should be "linaro" or something more generic,
> and also where previous discussions got to about DMA heaps in DT.
>
> Cheers,
> -Brian
>
> On Fri, Aug 05, 2022 at 03:53:29PM +0200, Olivier Masse wrote:
> > DMABUF Reserved memory definition for OP-TEE SDP feaure.
> >
> > Signed-off-by: Olivier Masse <[email protected]>
> > ---
> > .../reserved-memory/linaro,secure-heap.yaml | 56
> > +++++++++++++++++++
> > 1 file changed, 56 insertions(+)
> > create mode 100644 Documentation/devicetree/bindings/reserved-
> > memory/linaro,secure-heap.yaml
> >
> > diff --git a/Documentation/devicetree/bindings/reserved-
> > memory/linaro,secure-heap.yaml
> > b/Documentation/devicetree/bindings/reserved-memory/linaro,secure-
> > heap.yaml
> > new file mode 100644
> > index 000000000000..80522a4e2989
> > --- /dev/null
> > +++ b/Documentation/devicetree/bindings/reserved-
> > memory/linaro,secure-heap.yaml
> > @@ -0,0 +1,56 @@
> > +# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
> > +%YAML 1.2
> > +---
> > +$id:
> > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdevicetree.org%2Fschemas%2Freserved-memory%2Flinaro%2Csecure-heap.yaml%23&data=05%7C01%7Colivier.masse%40nxp.com%7C0a9e67bbd65446aa05e408da76f9b82a%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637953112157450452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lb9U8Fnt1Y43UgObcgakAC%2FZx4je%2BCoNX5vhkFvgbdQ%3D&reserved=0
> > +$schema:
> > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdevicetree.org%2Fmeta-schemas%2Fcore.yaml%23&data=05%7C01%7Colivier.masse%40nxp.com%7C0a9e67bbd65446aa05e408da76f9b82a%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637953112157450452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UVuVI%2FmUFj7jX7c6DY0rRi9lkZW7kqTJyQurQxvNvz8%3D&reserved=0
> > +
> > +title: Linaro Secure DMABUF Heap
> > +
> > +maintainers:
> > + - Olivier Masse <[email protected]>
> > +
> > +description:
> > + Linaro OP-TEE firmware needs a reserved memory for the
> > + Secure Data Path feature (aka SDP).
> > + The purpose is to provide a secure memory heap which allow
> > + non-secure OS to allocate/free secure buffers.
> > + The TEE is reponsible for protecting the SDP memory buffers.
> > + TEE Trusted Application can access secure memory references
> > + provided as parameters (DMABUF file descriptor).
> > +
> > +allOf:
> > + - $ref: "reserved-memory.yaml"
> > +
> > +properties:
> > + compatible:
> > + const: linaro,secure-heap
> > +
> > + reg:
> > + description:
> > + Region of memory reserved for OP-TEE SDP feature
> > +
> > + no-map:
> > + $ref: /schemas/types.yaml#/definitions/flag
> > + description:
> > + Avoid creating a virtual mapping of the region as part of
> > the OS'
> > + standard mapping of system memory.
> > +
> > +unevaluatedProperties: false
> > +
> > +required:
> > + - compatible
> > + - reg
> > + - no-map
> > +
> > +examples:
> > + - |
> > + reserved-memory {
> > + #address-cells = <2>;
> > + #size-cells = <2>;
> > +
> > + sdp@3e800000 {
> > + compatible = "linaro,secure-heap";
> > + no-map;
> > + reg = <0 0x3E800000 0 0x00400000>;
> > + };
> > + };
> > --
> > 2.25.0
> >