Hi Maxime, [snip] I'm sorry for losing your previous comment mail. I finally found a way to import this mail back so I can reply to you. > > - mtk_gem = mtk_gem_create(dev, args->size, false); > > + if (args->flags & DRM_MTK_GEM_CREATE_ENCRYPTED) > > + mtk_gem = mtk_gem_create_from_heap(dev, "mtk_svp_cma", > > args->size); > > That heap doesn't exist upstream either. Also, I'm wondering if it's > the > right solution there. > Yes, I found that its name changed to "restricted_mtk_cma" in the latest patch: https://patchwork.kernel.org/project/linux-mediatek/patch/20240515112308.10171-10-yong.wu@xxxxxxxxxxxx/ > From what I can tell, you want to allow to create encrypted buffers > from > the TEE. Why do we need this as a DRM ioctl at all? A heap seems like > the perfect solution to do so, and then you just have to import it > into > DRM. > OK, I'll try to change the userspace's ioctl from DRM_IOCTL_MTK_GEM_CREATE to DMA_HEAP_IOCTL_ALLOC to get the buffer fd, then import to DRM. > I'm also not entirely sure that not having a SG list is enough to > consider the buffer secure. Wouldn't a buffer allocated without a > kernel > mapping also be in that situation? > I have confirmed to Yong.Wu that secure buffer also have sg list, so the secure checking method "!sg_page(sg->sgl)" will be deprecated. Regards, Jason-JH.Lin > Maxime > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel >
