From patchwork Wed Sep 25 13:45:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Huang Rui X-Patchwork-Id: 11160711 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 87907924 for ; Wed, 25 Sep 2019 13:45:18 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6EC8E21D7E for ; Wed, 25 Sep 2019 13:45:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6EC8E21D7E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 8CDA46EBB2; Wed, 25 Sep 2019 13:45:15 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-eopbgr730084.outbound.protection.outlook.com [40.107.73.84]) by gabe.freedesktop.org (Postfix) with ESMTPS id 753136EBB1; Wed, 25 Sep 2019 13:45:10 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PBCVDPi2YyYE1Wwvt+VFyjwLQUu8JVS4qicewNZigd7xCMNCofhMQzXZ6lzZ0LB3TEcZnAwiX+yhMl3sokQB4UG6uxpp/vDuR8vX6uNvfvAYKkExNiJ7MO4SIr51yg4wrgWHuH2EHnC+zJrPQRIn0fgnxh77iXPvHtN2bzmv0Tf6xywVEwKNLOpoLyIqK5QJ2Mgkfk83lZImba9O/GyLBkNiZiQr4yaD2AevLCtagOfYLBsbTc2JB6hdFBhUjGwYxhv04Rx+h+m1c+kfrLf43fBdxuNymLC8SyGaTdz7n1V3F0I/tNt+W2M/CB6OpuH+MhlzkntKMnJVTyeQiKllUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kig8dpLmkZNCRUXwsmWKBO/gpli13f9kmBTHuL8hnfk=; b=nDa86gImYYdyGQ8d9b3tGaxUPTZ9f1jx8X/vZLRfCFSr1xET/aa+YuMVG2jfEgTA6Vo1oUWj2kX8YvmV3sEu3yDQtDJFEQgAEo0y46ZtPnfc9dJApPa24S1YE4UbsPaxGO9UbZhQakER+ecUCSJJ17B1XETTgy/HkQjDFmE80RlqqSiHa1vu4y9TlJdn+ilRGPxb2/GxuGXVDQ/Z7I+Ejo8suKiG9MH96A2cqIyevV+TvUpZCMRRP+3AntJuGybRjUZdwxAPA5HbVT9bmz+LzYVyxQOYxx39KwM9KcdNka4TzXeGst66HghSV7+6CnfVjHZ3OS5zZmWK3DfYVUrhEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none Received: from MN2PR12MB3309.namprd12.prod.outlook.com (20.179.83.157) by MN2PR12MB4304.namprd12.prod.outlook.com (10.255.224.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.20; Wed, 25 Sep 2019 13:45:08 +0000 Received: from MN2PR12MB3309.namprd12.prod.outlook.com ([fe80::e105:cd24:c71d:c38d]) by MN2PR12MB3309.namprd12.prod.outlook.com ([fe80::e105:cd24:c71d:c38d%4]) with mapi id 15.20.2305.016; Wed, 25 Sep 2019 13:45:08 +0000 From: "Huang, Ray" To: "amd-gfx@lists.freedesktop.org" , "dri-devel@lists.freedesktop.org" , "Deucher, Alexander" Subject: [PATCH v2 00/11] drm/amdgpu: introduce secure buffer object support (trusted memory zone) Thread-Topic: [PATCH v2 00/11] drm/amdgpu: introduce secure buffer object support (trusted memory zone) Thread-Index: AQHVc6dxG74lBwTEdUaW5M9ca9Qk4w== Date: Wed, 25 Sep 2019 13:45:08 +0000 Message-ID: <1569419090-5304-1-git-send-email-ray.huang@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [180.167.199.189] x-clientproxiedby: HK2PR02CA0186.apcprd02.prod.outlook.com (2603:1096:201:21::22) To MN2PR12MB3309.namprd12.prod.outlook.com (2603:10b6:208:106::29) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.7.4 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7992b5eb-0b2d-4e93-5b01-08d741be9432 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MN2PR12MB4304; x-ms-traffictypediagnostic: MN2PR12MB4304: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01713B2841 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(376002)(346002)(396003)(366004)(189003)(53754006)(199004)(86362001)(8936002)(305945005)(2501003)(50226002)(6636002)(14444005)(256004)(6486002)(6116002)(3846002)(6436002)(6512007)(2906002)(4326008)(66066001)(102836004)(26005)(186003)(52116002)(486006)(476003)(2616005)(66946007)(66476007)(66556008)(64756008)(66446008)(99286004)(5660300002)(81156014)(6506007)(81166006)(450100002)(25786009)(36756003)(316002)(478600001)(386003)(8676002)(71190400001)(71200400001)(110136005)(54906003)(7736002)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR12MB4304; H:MN2PR12MB3309.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: YV5aXPQyDwLZjUJZW4HmkZsFB1Kh38zVa99Rk5Azp1Ch4Qnu/2KKkkz5mP41C112RPNm4Aa+k5dcdxtJ3McZVAhTyV77WaG9eo8J2ijZH3isGKoqkrzeIaQaa7Vf9rSUdU7yXXUwcCtppzSbJi20+oDG/cunrdtw1ubsfrHPK3vennsrizgh9wmLtuceRy1lNMS97v1aNq6DdssL8LN7XuKar4mEy2GQzGZkrA47YCv1NRTH9t1iRRS876baFrhqKyEEVKrRdThXvodajPwFsxWmK0hLycXzSMT6HCMhQRUuro9AgRSek7Y7aDXTsvC4cpCUqd6o4q7KWGveGnJ/DxJbLpIpIrSTflchATjanFw644x5dtdjvjKyD4jmmmpavNQwgaMSp0ugnARaj5WpxGM/52I+RK/40p1+O37vinc= Content-ID: <545160CE7EA433458D4D55D1F56AC73A@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7992b5eb-0b2d-4e93-5b01-08d741be9432 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2019 13:45:08.5052 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: F496o01p1/uTXFLB5q8L678F3Ovwemu7CyuSJnlhYzIo7fW62hFHpGe8egq7Jz+8Lpv7hTFaEnLDcnjElX8+Xg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4304 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kig8dpLmkZNCRUXwsmWKBO/gpli13f9kmBTHuL8hnfk=; b=cSaiu7j5oMomQ+Q1DbdqoH8EmoATesUfMYzAVtIZnr462rPS7sSLhIqsq0RlZTza1mP24G2hjJziAeydzbqWLDteAk17/3XrGiYZDLeRk32mChDZOUHPGCNzf4qOEGi8mG+RrkeXI0AmSzGffKK9eNwvE7HESPd+drcKtGAlqiY= X-Mailman-Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ray.Huang@amd.com; X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Tuikov, Luben" , "Huang, Ray" , "Koenig, Christian" , "Liu, Aaron" Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" Hi all, These series of patches introduce a feature to support secure buffer object. The Trusted Memory Zone (TMZ) is a method to protect the contents being written to and read from memory. We use TMZ hardware memory protection scheme to implement the secure buffer object support. TMZ is the page-level protection that hardware will detect the TMZ bit in the page table entry to set the current page is encrypted. With this hardware feature, we design a BO-level protection in kernel driver to provide a new flag AMDGPU_GEM_CREATE_ENCRYPTED to gem create ioctl to libdrm for the secure buffer allocation. And also provide the new AMDGPU_CS_FLAGS_SECURE to indicate the command submmission is trusted or not. If the BO is secure, then the data is encrypted, only the trusted IP blocks such as gfx, sdma, vcn are able to decrypt. CPU as the un-trusted IP are unable to read the secure buffer. We will submit the new secure command later for libdrm, and create a new test suite to verify the security feature in the libdrm unit tests. Suite id = 11: Name 'Security Tests status: ENABLED' Test id 1: Name: 'allocate secure buffer test status: ENABLED' Test id 2: Name: 'graphics secure command submission status: ENABLED' Changes from V1 -> V2: - Change the UAPI from secure context to secure command submission for display server and client usage. (Thanks Luben) - Remove ttm_mem_reg macro to get ttm_bo object. - Move the amdgpu_bo_encrypted into amdgpu_vm_bo_update(). Thanks, Ray Alex Deucher (3): drm/amdgpu: add UAPI for creating encrypted buffers drm/amdgpu: define the TMZ bit for the PTE drm/amdgpu: set TMZ bits in PTEs for secure BO (v4) Huang Rui (7): drm/amdgpu: add tmz feature parameter (v2) drm/amdgpu: add amdgpu_tmz data structure drm/amdgpu: add function to check tmz capability (v4) drm/amdgpu: add tmz bit in frame control packet drm/amdgpu: expand the emit tmz interface with trusted flag drm/amdgpu: expand the context control interface with trust flag drm/amdgpu: job is secure iff CS is secure (v3) Luben Tuikov (1): drm/amdgpu: add UAPI to create secure commands (v3) drivers/gpu/drm/amd/amdgpu/Makefile | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 7 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 8 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 12 +++++++- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 4 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 2 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 11 +++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 9 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.c | 49 ++++++++++++++++++++++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.h | 39 ++++++++++++++++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 5 +++ drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 3 ++ drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 20 +++++++++--- drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 16 +++++++--- drivers/gpu/drm/amd/amdgpu/nvd.h | 1 + drivers/gpu/drm/amd/amdgpu/soc15d.h | 1 + include/uapi/drm/amdgpu_drm.h | 10 +++++- 22 files changed, 199 insertions(+), 23 deletions(-) create mode 100644 drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.c create mode 100644 drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.h