[PATCH 00/14] drm/amdgpu: introduce secure buffer object support (trusted memory zone)
Koenig, Christian
Christian.Koenig at amd.com
Wed Sep 11 12:11:41 UTC 2019
Patches #1-#4, #8, #9 are Reviewed-by: Christian König
<christian.koenig at amd.com>
Patches #10, #11 are Acked-by: Christian König <christian.koenig at amd.com>
Patches #7 and the resulting workaround in patch #13 are a clear NAK.
The ttm_mem_reg can't be used like this to get back to the ttm_bo object.
Going to reply separately on patch #14 regarding this.
Regards,
Christian.
Am 11.09.19 um 13:50 schrieb Huang, Ray:
> Hi all,
>
> These series of patches introduce a feature to support secure buffer object.
> The Trusted Memory Zone (TMZ) is a method to protect the contents being written
> to and read from memory. We use TMZ hardware memory protection scheme to
> implement the secure buffer object support.
>
> TMZ is the page-level protection that hardware will detect the TMZ bit in the
> page table entry to set the current page is encrypted. With this hardware
> feature, we design a BO-level protection in kernel driver to provide a new flag
> AMDGPU_GEM_CREATE_ENCRYPTED to gem create ioctl to libdrm for the secure buffer
> allocation. And also provide the AMDGPU_CTX_ALLOC_FLAGS_SECURE to indicate the
> context is trusted or not. If the BO is secure, then the data is encrypted, only
> the trusted IP blocks such as gfx, sdma, vcn are able to decrypt. CPU as the
> un-trusted IP are unable to read the secure buffer.
>
> We will submit the new secure context interface later for libdrm, and create a
> new test suite to verify the security feature in the libdrm unit tests.
>
> Suite id = 11: Name 'Security Tests status: ENABLED'
> Test id 1: Name: 'allocate secure buffer test status: ENABLED'
> Test id 2: Name: 'graphics command submission under secure context status: ENABLED'
>
> Thanks,
> Ray
>
> Alex Deucher (4):
> drm/amdgpu: add UAPI for creating encrypted buffers
> drm/amdgpu: add UAPI for creating secure contexts (v2)
> drm/amdgpu: define the TMZ bit for the PTE
> drm/amdgpu: set TMZ bits in PTEs for secure bo (v2)
>
> Huang Rui (10):
> drm/amdgpu: add tmz feature parameter (v2)
> drm/amdgpu: add amdgpu_tmz data structure
> drm/amdgpu: add function to check tmz capability (v4)
> drm/ttm: add helper to get buffer object with ttm_mem_reg
> drm/amdgpu: revise the function to allocate secure context (v2)
> drm/amdgpu: add tmz bit in frame control packet
> drm/amdgpu: expand the emit tmz interface with trusted flag
> drm/amdgpu: expand the context control interface with trust flag
> drm/amdgpu: set trusted mode while the job is under secure context
> (v2)
> drm/amdgpu: modify the method to use mem under buffer object for
> amdgpu_ttm_tt_pte_flags
>
> drivers/gpu/drm/amd/amdgpu/Makefile | 2 +-
> drivers/gpu/drm/amd/amdgpu/amdgpu.h | 7 ++++-
> drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 1 +
> drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 19 +++++++++---
> drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.h | 1 +
> drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 ++
> drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +++++++
> drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 12 +++++++-
> drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 4 +--
> drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 2 ++
> drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 10 ++++++
> drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 9 +++---
> drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.c | 49 ++++++++++++++++++++++++++++++
> drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.h | 39 ++++++++++++++++++++++++
> drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 23 +++++++++-----
> drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 3 ++
> drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 20 +++++++++---
> drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 3 +-
> drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 3 +-
> drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 3 +-
> drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 16 +++++++---
> drivers/gpu/drm/amd/amdgpu/nvd.h | 1 +
> drivers/gpu/drm/amd/amdgpu/soc15d.h | 1 +
> include/drm/ttm/ttm_bo_driver.h | 13 ++++++++
> include/uapi/drm/amdgpu_drm.h | 9 +++++-
> 25 files changed, 230 insertions(+), 34 deletions(-)
> create mode 100644 drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.c
> create mode 100644 drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.h
>
More information about the amd-gfx
mailing list