May I suggest the following for the device tree binding? (I'm not very familiar w/ device trees, so apologies for any oversights, but trying to process the feedback here and help move Mediatek along). This should align with my other suggestions for having an MTK specific portion to their secure heap implementation; which also means there should be an MTK specific device tree binding. # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) %YAML 1.2 --- $id: http://devicetree.org/schemas/reserved-memory/mediatek,dynamic-secure-region.yaml# $schema: http://devicetree.org/meta-schemas/core.yaml# title: Mediatek Dynamic Reserved Region description: A memory region that can dynamically transition as a whole between secure and non-secure states. This memory will be protected by OP-TEE when allocations are active and unprotected otherwise. maintainers: - Yong Wu <yong.wu@xxxxxxxxxxxx> allOf: - $ref: reserved-memory.yaml properties: compatible: const: mediatek,dynamic-secure-region required: - compatible - reg - reusable unevaluatedProperties: false examples: - | reserved-memory { #address-cells = <1>; #size-cells = <1>; ranges; reserved-memory@80000000 { compatible = "mediatek,dynamic-secure-region"; reusable; reg = <0x80000000 0x18000000>; }; }; On Tue, Nov 14, 2023 at 5:18 AM Robin Murphy <robin.murphy@xxxxxxx> wrote: > > On 13/11/2023 6:37 am, Yong Wu (吴勇) wrote: > [...] > >>> +properties: > >>> + compatible: > >>> + const: secure_cma_region > >> > >> Still wrong compatible. Look at other bindings - there is nowhere > >> underscore. Look at other reserved memory bindings especially. > >> > >> Also, CMA is a Linux thingy, so either not suitable for bindings at > >> all, > >> or you need Linux specific compatible. I don't quite get why do you > >> evennot > >> put CMA there - adding Linux specific stuff will get obvious > >> pushback... > > > > Thanks. I will change to: secure-region. Is this ok? > > No, the previous discussion went off in entirely the wrong direction. To > reiterate, the point of the binding is not to describe the expected > usage of the thing nor the general concept of the thing, but to describe > the actual thing itself. There are any number of different ways software > may interact with a "secure region", so that is meaningless as a > compatible. It needs to describe *this* secure memory interface offered > by *this* TEE, so that software knows that to use it requires making > those particular SiP calls with that particular UUID etc. > > Thanks, > Robin.
