On Sun, Feb 18, 2024 at 4:41 AM Bjorn Andersson <andersson@xxxxxxxxxx> wrote: > > On Mon, Feb 05, 2024 at 07:28:08PM +0100, Bartosz Golaszewski wrote: > > From: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> > > [snip] > > > > +config QCOM_TZMEM_MODE_SHMBRIDGE > > + bool "SHM Bridge" > > + help > > + Use Qualcomm Shared Memory Bridge. The memory has the same alignment as > > + in the 'Default' allocator but is also explicitly marked as an SHM Bridge > > + buffer. > > + > > + With this selected, all buffers passed to the TrustZone must be allocated > > + using the TZMem allocator or else the TrustZone will refuse to use them. > > It's funny how this is the only place in the whole series I can find > this mentioned. One could from this statement guess that the eluding > scminvoke requires shmbridge and that this patch series exists solely > to facilitate the requirement stated in this paragraph. > Yes, scminvoke *requires* SHM bridge. So does the wrapped key support. No, this is not the only reason as - as stated by Srini - it improves overall safety of the system for all users. > Either this guess is correct and this should have been made clear in > the commit messages, or I'm guessing wrong here, in which case I need > some help to figure out why this series exists. > This series exists and IMO should get upstream soon to facilitate adding new security features (in addition to improving existing ones). As there are at least two such features in development (mentioned above) pushing this series upstream will make it easier to develop them independently. Bart [snip]