Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp2759722rdb; Fri, 22 Sep 2023 07:43:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHiQ1j1c/N539CyrjD4tCzQexN92Yp4RyKE2gxZUJU1AF/yZvCvQLuJAzTNJdV7OhbgsA26 X-Received: by 2002:a05:6a20:144d:b0:14e:3daf:fdb9 with SMTP id a13-20020a056a20144d00b0014e3daffdb9mr10654825pzi.22.1695393815333; Fri, 22 Sep 2023 07:43:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695393815; cv=none; d=google.com; s=arc-20160816; b=hpC3sEV70QQp1VIWUFLRy9rmJZgYBYqgqpDOOlF/c6IWsyj+pWJMT7q3ogJ80MTsrH LRLruO0XwB8LSotkjnBaG61lTDHUrPFvZdIKyXS+1UYzObTUgyTbbJkY5c8vqN37+PMJ Vobj60CNKnEBdUbwgYaqjWyyRk8aKir/i3p5lntfa8lXBVNIWFVfVhpZS7rF9wIdZcPb tyCNZL0qPRG3uTnWqeZVPDaYpZxF/w8WFW77VFRc0pNBhYHdKImgSKOo1JuVeyvokwBi B0yDw2HTVqFbt805yK9qcGnXgcBJdZWUwV+k9MOHy+O3KF5F5w50o1W1gE8QMrlhZ0+q aY5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=f9SVUFZn2boEnF5GwKRdG3SSt8HtSOHZO4l12UhiSWo=; fh=KMfe3NzApKs946iR4WZVcjkCLVuFGk/FN6/8X0ShN1s=; b=kTJyRUp1zHR+arGSJQtt1YoaAwQ3J9GGgDi307qc+rpYQqnGaRASKsLVHxpLIUU0kO Jv2RKftOXCpDNMJXFrfSYsabRGskmfZRkXj6HayC4Lca0MTA4GeVZgLaxNHHXHtqKUrf 2f/jIwGV9SNO9NDjzmrGYnjctV78SzaMQ3X1JnKKXW2K3d8Qo6FYvYLwwnIJvNrZiNwy hrejgbvOWWTnScJwShPpQsKxBVaJJHCCn+nPayRigS69yVzs27MwqoMKW1CDDIpNlzqc gzCLr6+lQ29UxxZ9Jty+iQ210129kBNwN/yd+ZgfRV4LKN1B2boNuVWhhGyjbLFYTO+I VqwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=McMMAWGf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id y189-20020a6364c6000000b00569fd44093fsi3931550pgb.230.2023.09.22.07.43.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Sep 2023 07:43:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=McMMAWGf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 83377831C821; Thu, 21 Sep 2023 15:25:59 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233274AbjIUWZz (ORCPT + 99 others); Thu, 21 Sep 2023 18:25:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232913AbjIUWZc (ORCPT ); Thu, 21 Sep 2023 18:25:32 -0400 Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F1A1A5464 for ; Thu, 21 Sep 2023 10:58:53 -0700 (PDT) Received: by mail-il1-x136.google.com with SMTP id e9e14a558f8ab-34fa117f92bso13155ab.1 for ; Thu, 21 Sep 2023 10:58:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1695319133; x=1695923933; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=f9SVUFZn2boEnF5GwKRdG3SSt8HtSOHZO4l12UhiSWo=; b=McMMAWGfHhqPUhzXpT7VHiRtKNmFAh+12xLXkk5gZY39LZlcGl+G+OiI5SUfm8i0Wh 0dKn/HaR6jiMhBQOqve2b+V63UtmkR1KaFSeum9XR2V9pu2wK4JL8Q/tnBBV+cgP4fF1 YD6MX95A5zylakzf2NmBOHb0wsdZ1zsyK8mha5CzUgMhrTYlcjph9v38hXgyY260ehSh Q/qThmz0mB7BXSHWrulsVUAThft4cjZ04gZfdTtSiGuDPS8PVzUkEGU2RTbfvXQyz8jS 3h4G4d600YDR+8AqrDZ+ucpypXYfkU7Eqfbt9OLaOsnnsumJn3i7hKjlOHWdvlwhIWOT zPBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695319133; x=1695923933; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f9SVUFZn2boEnF5GwKRdG3SSt8HtSOHZO4l12UhiSWo=; b=b46oPIZCK9NwDO2GsDjJNNEZxvOFx8xnDVtcKbgn2Hiiij/dNvxRsgwbbxdeasbILS XkMMbMOb1EjckR0lPfhxob0A3MrXxPnSc5LXsGPVTWPG3o1ehhPU2i7a9tlb2ycemwzx zC1M01+EgEk4HLp9n1umbnDR7LPcDKffcfWecvhUpnGgitpFfFcXfjWSluqITxga/VaP aAJhAagVcVgxF4C/0Cee7xk2YIMfxDsZysUTGwJ43lkh4o1lzSQCjI3Y9jmmKHC1J3us FOsKu0VnE7HLKJHcN7NRkR5BCqTyJMyeNXQkdz9VYvXLoZIJDk1fno8SQTK6LfzD96Lc byiA== X-Gm-Message-State: AOJu0YxZ/xy3hCXIQG2k9JSJ9teN93f/bB2hi5HJAfjGoX+gL4Qew8cq EJY/aRyRwHNDb1oCxH7oRSJl9dlgfK0vqn4hDqb9 X-Received: by 2002:a05:6e02:156d:b0:346:1ca6:c27a with SMTP id k13-20020a056e02156d00b003461ca6c27amr292898ilu.13.1695319132831; Thu, 21 Sep 2023 10:58:52 -0700 (PDT) MIME-Version: 1.0 References: <20230911125936.10648-1-yunfei.dong@mediatek.com> <20230911125936.10648-13-yunfei.dong@mediatek.com> <1df3e79b84933dda0313d0d9719220dbc06c9022.camel@collabora.com> <5307203d79c0d90cc742a315bb161fa796b9960f.camel@mediatek.com> In-Reply-To: From: Jeffrey Kardatzke Date: Thu, 21 Sep 2023 10:58:38 -0700 Message-ID: Subject: Re: [PATCH 12/14] media: medkatek: vcodec: set secure mode to decoder driver To: Nicolas Dufresne Cc: Hans Verkuil , =?UTF-8?B?WXVuZmVpIERvbmcgKOiRo+S6kemjnik=?= , "nhebert@chromium.org" , "benjamin.gaignard@collabora.com" , "nfraprado@collabora.com" , "angelogioacchino.delregno@collabora.com" , "linux-kernel@vger.kernel.org" , "linux-mediatek@lists.infradead.org" , "frkoenig@chromium.org" , "stevecho@chromium.org" , "wenst@chromium.org" , "linux-media@vger.kernel.org" , "devicetree@vger.kernel.org" , "daniel@ffwll.ch" , Project_Global_Chrome_Upstream_Group , "hsinyi@chromium.org" , "linux-arm-kernel@lists.infradead.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 21 Sep 2023 15:25:59 -0700 (PDT) On Thu, Sep 21, 2023 at 8:46=E2=80=AFAM Nicolas Dufresne wrote: > > Le mercredi 20 septembre 2023 =C3=A0 11:20 -0700, Jeffrey Kardatzke a =C3= =A9crit : > > > > > > > > Also, regarding MTK, these are stateless decoders. I think it would= be nice to > > > > show use example code that can properly parse the un-encrypted head= er, pass the > > > > data to the decryptor and decode. There is a bit of mechanic in the= re that lacks > > > > clarification, a reference implementation would clearly help. Final= ly, does this > > > > platform offers some clearkey implementation (or other alternative)= so we can do > > > > validation and regression testing? It would be very unfortunate to = add feature > > > > upstream that can only be tested by proprietary CDM software. > > > > > > > It would be possible to use this with clearkey w/ some additional work > > on our end. If this is then part of the public ChromiumOS build, would > > that be satisfactory? (the TEE would have some binary blob components > > like firmware does though) > > From my point of view, this would fully cover my concern. To clarify this > concern, the decryption into secure memory currently only ever take plac= e in > proprietary code that implements the protection (Widewine CDM). With clea= r key, > we can have an open source CDM (made for testing purpose) so that we don'= t have > to have hidden code to test the entire pipeline. So appart from the TEE > firmware, which is just a firmware like all the others, we could have ope= n > source tests in kernelCI and other CI, and we could extend these test to > eventually support other vendors. > > Note that currently, with other proposal, one could allocate and fill a n= ormal > buffer, and "secure" that buffer to test the CODECs and display, but on t= his > specific architecture, with the limitation on the number of secure region= s, this > feature isn't available. > > Alternatives to this end-to-end solution, we could consider a TA (Trusted > Application) that simply copy data from a untrusted chunk of memory into = a > trusted chunk of memory. That seems like a cross-platform solution. It wo= uld be > even better if this get standardized in TEEs for course (or at least requ= ired > with all secure memory implementation). Then copying from untrusted to tr= usted > could easily become an ioctl generic to all TEE drivers. That to me would= be > equally acceptable, and perhaps easier to use. > > Nicolas It's very likely for the clearkey implementation that I would just have it copying the data from a non-secure to secure buffer in a TA. We would never do that in production of course, but for testing images that would suffice.