Re: [RFC] How implement Secure Data Path ?

From: Daniel Vetter
Date: Wed May 06 2015 - 04:35:19 EST


On Wed, May 06, 2015 at 03:50:13AM +0300, Laurent Pinchart wrote:
> On Tuesday 05 May 2015 09:27:52 Christoph Hellwig wrote:
> > On Tue, May 05, 2015 at 05:39:57PM +0200, Benjamin Gaignard wrote:
> > > Since few months I'm looking for Linaro to how do Secure Data Path (SPD).
> > > I have tried and implemented multiple thinks but I always facing
> > > architecture issues so I would like to get your help to solve the
> > > problem.
> > >
> > > First what is Secure Data Path ? SDP is a set of hardware features to
> > > garanty that some memories regions could only be read and/or write by
> > > specific hardware IPs. You can imagine it as a kind of memory firewall
> > > which grant/revoke accesses to memory per devices. Firewall configuration
> > > must be done in a trusted environment: for ARM architecture we plan to
> > > use OP-TEE + a trusted application to do that.
> > >
> > > One typical use case for SDP in a video playback which involve those
> > > elements: decrypt -> video decoder -> transform -> display
> >
> > Sounds like a good enough reason not to implement it ever.
>
> The irony of it is to post an RFC on they day before
> http://www.defectivebydesign.org/dayagainstdrm/ :-)

Just for the record: Even though I disagree with the design&threat model
for secure memory I don't think we should outright refuse to merge
patches. Assuming it comes with a sane design and no blob bits I'd be very
much willing to merge support for i915. Unfortunately Intel isn't willing
to publish the specs for any of the content protection stuff, at least
right now.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/