<pre>
Hi, Jason:

On Sun, 2023-12-24 at 02:29 +0800, Jason-JH.Lin wrote:
> To add secure flow support for mediatek-drm, each crtc have to
> create a secure cmdq mailbox channel. Then cmdq packets with
> display HW configuration will be sent to secure cmdq mailbox channel
> and configured in the secure world.
>
> Each crtc have to use secure cmdq interface to configure some secure
> settings for display HW before sending cmdq packets to secure cmdq
> mailbox channel.
>
> If any of fb get from current drm_atomic_state is secure, then crtc
> will switch to the secure flow to configure display HW.
> If all fbs are not secure in current drm_atomic_state, then crtc will
> switch to the normal flow.
>
> TODO:
> 1. Remove get sec larb port interface in ddp_comp, ovl and
> ovl_adaptor.
> 2. Verify instruction for enabling/disabling dapc and larb port in
> TEE
> drop the sec_engine flags in normal world.
>
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
>

[snip]

> @@ -1091,14 +1292,63 @@ int mtk_drm_crtc_create(struct drm_device
> *drm_dev,
> if (ret) {
> dev_dbg(dev, "mtk_crtc %d failed to
> create cmdq packet\n",
> drm_crtc_index(&mtk_crtc-
> >base));
> -mbox_free_channel(mtk_crtc-
> >cmdq_client.chan);
> -mtk_crtc->cmdq_client.chan = NULL;
> +goto cmdq_err;
> }
> }
>
> /* for sending blocking cmd in crtc disable */
> init_waitqueue_head(&mtk_crtc->cb_blocking_queue);
> }
> +
> +mtk_crtc->sec_cmdq_client.client.dev = mtk_crtc->mmsys_dev;
> +mtk_crtc->sec_cmdq_client.client.tx_block = false;
> +mtk_crtc->sec_cmdq_client.client.knows_txdone = true;
> +mtk_crtc->sec_cmdq_client.client.rx_callback = ddp_cmdq_cb;
> +mtk_crtc->sec_cmdq_client.chan =
> +mbox_request_channel(&mtk_crtc-
> >sec_cmdq_client.client, i + 1);
> +if (IS_ERR(mtk_crtc->sec_cmdq_client.chan)) {
> +dev_err(dev, "mtk_crtc %d failed to create sec mailbox
> client\n",
> +drm_crtc_index(&mtk_crtc->base));
> +mtk_crtc->sec_cmdq_client.chan = NULL;
> +}
> +
> +if (mtk_crtc->sec_cmdq_client.chan) {

I would like use secure channel to replace normal channel. It means
that no extra channel is required and change the original normal
channel to secure channel. The secure channel could process both normal
buffer and secure buffer, so you need not to switch the channel.

Regards,
CK

> +struct device_link *link;
> +
> +/* add devlink to cmdq dev to make sure suspend/resume
> order is correct */
> +link = device_link_add(priv->dev, mtk_crtc-
> >sec_cmdq_client.chan->mbox->dev,
> + DL_FLAG_PM_RUNTIME |
> DL_FLAG_STATELESS);
> +if (!link) {
> +dev_err(priv->dev, "Unable to link dev=%s\n",
> +dev_name(mtk_crtc-
> >sec_cmdq_client.chan->mbox->dev));
> +ret = -ENODEV;
> +goto cmdq_err;
> +}
> +
> +ret = mtk_drm_cmdq_pkt_create(&mtk_crtc-
> >sec_cmdq_client,
> + &mtk_crtc-
> >sec_cmdq_handle,
> + PAGE_SIZE);
> +if (ret) {
> +dev_dbg(dev, "mtk_crtc %d failed to create cmdq
> secure packet\n",
> +drm_crtc_index(&mtk_crtc->base));
> +goto cmdq_err;
> +}
> +
> +/* for sending blocking cmd in crtc disable */
> +init_waitqueue_head(&mtk_crtc->sec_cb_blocking_queue);
> +}
> +
> +cmdq_err:
> +if (ret) {
> +if (mtk_crtc->cmdq_client.chan) {
> +mbox_free_channel(mtk_crtc->cmdq_client.chan);
> +mtk_crtc->cmdq_client.chan = NULL;
> +}
> +if (mtk_crtc->sec_cmdq_client.chan) {
> +mbox_free_channel(mtk_crtc-
> >sec_cmdq_client.chan);
> +mtk_crtc->sec_cmdq_client.chan = NULL;
> +}
> +}
> #endif
>
> if (conn_routes) {
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> b/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> index 1f988ff1bf9f..cf8433846108 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> @@ -21,6 +21,7 @@ int mtk_drm_crtc_create(struct drm_device *drm_dev,
> int priv_data_index,
> const struct mtk_drm_route *conn_routes,
> unsigned int num_conn_routes);
> +void mtk_crtc_disable_secure_state(struct drm_crtc *crtc);
> int mtk_drm_crtc_plane_check(struct drm_crtc *crtc, struct drm_plane
> *plane,
> struct mtk_plane_state *state);
> void mtk_drm_crtc_async_update(struct drm_crtc *crtc, struct
> drm_plane *plane,
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> index d4d515627ca4..96293c632d67 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> @@ -287,6 +287,13 @@ static void mtk_plane_atomic_disable(struct
> drm_plane *plane,
> mtk_plane_state->pending.enable = false;
> wmb(); /* Make sure the above parameter is set before update */
> mtk_plane_state->pending.dirty = true;
> +
> +if (mtk_plane_state->pending.is_secure) {
> +struct drm_plane_state *old_state =
> drm_atomic_get_old_plane_state(state, plane);
> +
> +if (old_state->crtc)
> +mtk_crtc_disable_secure_state(old_state->crtc);
> +}
> }
>
> static void mtk_plane_atomic_update(struct drm_plane *plane,

</pre><!--type:text--><!--{--><pre>************* MEDIATEK Confidentiality Notice
 ********************
The information contained in this e-mail message (including any 
attachments) may be confidential, proprietary, privileged, or otherwise
exempt from disclosure under applicable laws. It is intended to be 
conveyed only to the designated recipient(s). Any use, dissemination, 
distribution, printing, retaining or copying of this e-mail (including its 
attachments) by unintended recipient(s) is strictly prohibited and may 
be unlawful. If you are not an intended recipient of this e-mail, or believe
 
that you have received this e-mail in error, please notify the sender 
immediately (by replying to this e-mail), delete any and all copies of 
this e-mail (including any attachments) from your system, and do not
disclose the content of this e-mail to any other person. Thank you!
</pre><!--}-->