[Libva] [PATCH v2 1/7] API: add support for raw DRM.

Huang, Haitao haitao.huang at intel.com
Wed Aug 1 09:45:09 PDT 2012 

Hi,

On Android, surface flinger will be the master because it comes up
first. However, we do not need DRM authentication.
DRM authentication was really for remote clients.

Haitao

On Wed, Aug 1, 2012 at 2:15 AM, Yuan, Shengquan
<shengquan.yuan at gmail.com> wrote:
> On Tue, Jul 31, 2012 at 4:17 PM, Gwenole Beauchesne <gb.devel at gmail.com> wrote:
>> Hi,
>>
>> 2012/7/30 Yuan, Shengquan <shengquan.yuan at gmail.com>:
>>> On Sat, Jul 28, 2012 at 12:21 AMa, Gwenole Beauchesne <gb.devel at gmail.com> wrote:
>> Actually, you get authenticated if you are the first and only user, no
>> matter you are root or not. However, if you need another client to be
>> authenticated, you need someone (a third-party) that owns and controls
>> access to graphics memory. Typically, this is the display server (X11,
>> Wayland, etc.) that has this role and can get this call to succeed.
>>
>> Another thing, you only need to be authenticated to submit commands,
>> i.e. you don't really need to be "master" for that.
>>
>> For console apps, and probably others in Android context (should you
>> use this API), I wanted to create a standalone library (e.g.
>> libdrm_auth) that would manage authentication. Basically, you'd need a
>> third-party app (setuid root) that says "hey, you are a good guy and I
>> accept to authenticate you". Something similar to the Weston startup
>> helper actually. I didn't implement this yet as I didn't come yet to a
>> point I actually need this functionality.
>
> There are multiple clients in Android environment, e.g. thumbnail
> threads in background,
> video playback through wireless display. I don't know how other
> vendors solve this issue,
> perhaps they don't use DRM, so that they don't need this
> authentication mechanism.
>
> Because of multiple clients, does it mean we must develop a separate
> authentication application
> if we want to go through DRM authentication path?
>>
>> Do you need this soon? In terms of security, there are also ways to
> It is not urgent. I saw your headless backend, just thinking if we can
> simply use it for Android.
>
> Thanks
> -Austin
>
>> deprivilege root and also grant specific rights to specific users,
>> should this be required in a self-contained environment. e.g. with an
>> RSBAC-enabled environment, but I don't know if you want to get extreme
>> and enable this in Android :)
>
>
>>
>> Kristian also suggested other means in the past, but this would need
>> further changes to DRM. The point is to fulfill the following model:
>> user A should not see graphics memory of user B, unless user B allows
>> it.
>>
>> Regards,
>> Gwenole.
> _______________________________________________
> Libva mailing list
> Libva at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/libva

More information about the Libva mailing list