On Thu, Feb 22, 2024 at 05:24:19PM +0100, Bartosz Golaszewski wrote: > On Sun, Feb 18, 2024 at 4:41 AM Bjorn Andersson <andersson@xxxxxxxxxx> wrote: > > > > On Mon, Feb 05, 2024 at 07:28:08PM +0100, Bartosz Golaszewski wrote: > > > From: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> > > > > > [snip] > > > > > > > +config QCOM_TZMEM_MODE_SHMBRIDGE > > > + bool "SHM Bridge" > > > + help > > > + Use Qualcomm Shared Memory Bridge. The memory has the same alignment as > > > + in the 'Default' allocator but is also explicitly marked as an SHM Bridge > > > + buffer. > > > + > > > + With this selected, all buffers passed to the TrustZone must be allocated > > > + using the TZMem allocator or else the TrustZone will refuse to use them. > > > > It's funny how this is the only place in the whole series I can find > > this mentioned. One could from this statement guess that the eluding > > scminvoke requires shmbridge and that this patch series exists solely > > to facilitate the requirement stated in this paragraph. > > > > Yes, scminvoke *requires* SHM bridge. So does the wrapped key support. > No, this is not the only reason as - as stated by Srini - it improves > overall safety of the system for all users. > > > Either this guess is correct and this should have been made clear in > > the commit messages, or I'm guessing wrong here, in which case I need > > some help to figure out why this series exists. > > > > This series exists and IMO should get upstream soon to facilitate > adding new security features (in addition to improving existing ones). This needs to be stated in the cover letter/commit messages. > As there are at least two such features in development (mentioned > above) pushing this series upstream will make it easier to develop > them independently. > Show me the work-in-progress code and I will entertain this argument. Regards, Bjorn > Bart > > [snip]
