From patchwork Wed Sep 25 13:45:08 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Huang Rui <ray.huang@amd.com>
X-Patchwork-Id: 11160711
Return-Path: <SRS0=GKCn=XU=lists.freedesktop.org=dri-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 87907924
	for <patchwork-dri-devel@patchwork.kernel.org>;
 Wed, 25 Sep 2019 13:45:18 +0000 (UTC)
Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 6EC8E21D7E
	for <patchwork-dri-devel@patchwork.kernel.org>;
 Wed, 25 Sep 2019 13:45:18 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6EC8E21D7E
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=amd.com
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id 8CDA46EBB2;
	Wed, 25 Sep 2019 13:45:15 +0000 (UTC)
X-Original-To: dri-devel@lists.freedesktop.org
Delivered-To: dri-devel@lists.freedesktop.org
Received: from NAM05-DM3-obe.outbound.protection.outlook.com
 (mail-eopbgr730084.outbound.protection.outlook.com [40.107.73.84])
 by gabe.freedesktop.org (Postfix) with ESMTPS id 753136EBB1;
 Wed, 25 Sep 2019 13:45:10 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=PBCVDPi2YyYE1Wwvt+VFyjwLQUu8JVS4qicewNZigd7xCMNCofhMQzXZ6lzZ0LB3TEcZnAwiX+yhMl3sokQB4UG6uxpp/vDuR8vX6uNvfvAYKkExNiJ7MO4SIr51yg4wrgWHuH2EHnC+zJrPQRIn0fgnxh77iXPvHtN2bzmv0Tf6xywVEwKNLOpoLyIqK5QJ2Mgkfk83lZImba9O/GyLBkNiZiQr4yaD2AevLCtagOfYLBsbTc2JB6hdFBhUjGwYxhv04Rx+h+m1c+kfrLf43fBdxuNymLC8SyGaTdz7n1V3F0I/tNt+W2M/CB6OpuH+MhlzkntKMnJVTyeQiKllUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=kig8dpLmkZNCRUXwsmWKBO/gpli13f9kmBTHuL8hnfk=;
 b=nDa86gImYYdyGQ8d9b3tGaxUPTZ9f1jx8X/vZLRfCFSr1xET/aa+YuMVG2jfEgTA6Vo1oUWj2kX8YvmV3sEu3yDQtDJFEQgAEo0y46ZtPnfc9dJApPa24S1YE4UbsPaxGO9UbZhQakER+ecUCSJJ17B1XETTgy/HkQjDFmE80RlqqSiHa1vu4y9TlJdn+ilRGPxb2/GxuGXVDQ/Z7I+Ejo8suKiG9MH96A2cqIyevV+TvUpZCMRRP+3AntJuGybRjUZdwxAPA5HbVT9bmz+LzYVyxQOYxx39KwM9KcdNka4TzXeGst66HghSV7+6CnfVjHZ3OS5zZmWK3DfYVUrhEw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
Received: from MN2PR12MB3309.namprd12.prod.outlook.com (20.179.83.157) by
 MN2PR12MB4304.namprd12.prod.outlook.com (10.255.224.204) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2284.20; Wed, 25 Sep 2019 13:45:08 +0000
Received: from MN2PR12MB3309.namprd12.prod.outlook.com
 ([fe80::e105:cd24:c71d:c38d]) by MN2PR12MB3309.namprd12.prod.outlook.com
 ([fe80::e105:cd24:c71d:c38d%4]) with mapi id 15.20.2305.016; Wed, 25 Sep 2019
 13:45:08 +0000
From: "Huang, Ray" <Ray.Huang@amd.com>
To: "amd-gfx@lists.freedesktop.org" <amd-gfx@lists.freedesktop.org>,
 "dri-devel@lists.freedesktop.org" <dri-devel@lists.freedesktop.org>,
 "Deucher, Alexander" <Alexander.Deucher@amd.com>
Subject: [PATCH v2 00/11] drm/amdgpu: introduce secure buffer object support
 (trusted memory zone)
Thread-Topic: [PATCH v2 00/11] drm/amdgpu: introduce secure buffer object
 support (trusted memory zone)
Thread-Index: AQHVc6dxG74lBwTEdUaW5M9ca9Qk4w==
Date: Wed, 25 Sep 2019 13:45:08 +0000
Message-ID: <1569419090-5304-1-git-send-email-ray.huang@amd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [180.167.199.189]
x-clientproxiedby: HK2PR02CA0186.apcprd02.prod.outlook.com
 (2603:1096:201:21::22) To MN2PR12MB3309.namprd12.prod.outlook.com
 (2603:10b6:208:106::29)
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: git-send-email 2.7.4
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7992b5eb-0b2d-4e93-5b01-08d741be9432
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020);
 SRVR:MN2PR12MB4304;
x-ms-traffictypediagnostic: MN2PR12MB4304:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: 
 <MN2PR12MB43049B2D197406A10B666636EC870@MN2PR12MB4304.namprd12.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01713B2841
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(39860400002)(136003)(376002)(346002)(396003)(366004)(189003)(53754006)(199004)(86362001)(8936002)(305945005)(2501003)(50226002)(6636002)(14444005)(256004)(6486002)(6116002)(3846002)(6436002)(6512007)(2906002)(4326008)(66066001)(102836004)(26005)(186003)(52116002)(486006)(476003)(2616005)(66946007)(66476007)(66556008)(64756008)(66446008)(99286004)(5660300002)(81156014)(6506007)(81166006)(450100002)(25786009)(36756003)(316002)(478600001)(386003)(8676002)(71190400001)(71200400001)(110136005)(54906003)(7736002)(14454004);
 DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR12MB4304;
 H:MN2PR12MB3309.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: amd.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 YV5aXPQyDwLZjUJZW4HmkZsFB1Kh38zVa99Rk5Azp1Ch4Qnu/2KKkkz5mP41C112RPNm4Aa+k5dcdxtJ3McZVAhTyV77WaG9eo8J2ijZH3isGKoqkrzeIaQaa7Vf9rSUdU7yXXUwcCtppzSbJi20+oDG/cunrdtw1ubsfrHPK3vennsrizgh9wmLtuceRy1lNMS97v1aNq6DdssL8LN7XuKar4mEy2GQzGZkrA47YCv1NRTH9t1iRRS876baFrhqKyEEVKrRdThXvodajPwFsxWmK0hLycXzSMT6HCMhQRUuro9AgRSek7Y7aDXTsvC4cpCUqd6o4q7KWGveGnJ/DxJbLpIpIrSTflchATjanFw644x5dtdjvjKyD4jmmmpavNQwgaMSp0ugnARaj5WpxGM/52I+RK/40p1+O37vinc=
Content-ID: <545160CE7EA433458D4D55D1F56AC73A@namprd12.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 7992b5eb-0b2d-4e93-5b01-08d741be9432
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2019 13:45:08.5052 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 F496o01p1/uTXFLB5q8L678F3Ovwemu7CyuSJnlhYzIo7fW62hFHpGe8egq7Jz+8Lpv7hTFaEnLDcnjElX8+Xg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4304
X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=kig8dpLmkZNCRUXwsmWKBO/gpli13f9kmBTHuL8hnfk=;
 b=cSaiu7j5oMomQ+Q1DbdqoH8EmoATesUfMYzAVtIZnr462rPS7sSLhIqsq0RlZTza1mP24G2hjJziAeydzbqWLDteAk17/3XrGiYZDLeRk32mChDZOUHPGCNzf4qOEGi8mG+RrkeXI0AmSzGffKK9eNwvE7HESPd+drcKtGAlqiY=
X-Mailman-Original-Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=Ray.Huang@amd.com;
X-BeenThere: dri-devel@lists.freedesktop.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Direct Rendering Infrastructure - Development
 <dri-devel.lists.freedesktop.org>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Cc: "Tuikov, Luben" <Luben.Tuikov@amd.com>, "Huang, Ray" <Ray.Huang@amd.com>,
 "Koenig, Christian" <Christian.Koenig@amd.com>, "Liu,
 Aaron" <Aaron.Liu@amd.com>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>

Hi all,

These series of patches introduce a feature to support secure buffer object.
The Trusted Memory Zone (TMZ) is a method to protect the contents being written
to and read from memory. We use TMZ hardware memory protection scheme to
implement the secure buffer object support.

TMZ is the page-level protection that hardware will detect the TMZ bit in the
page table entry to set the current page is encrypted. With this hardware
feature, we design a BO-level protection in kernel driver to provide a new flag
AMDGPU_GEM_CREATE_ENCRYPTED to gem create ioctl to libdrm for the secure buffer
allocation. And also provide the new AMDGPU_CS_FLAGS_SECURE to indicate the
command submmission is trusted or not. If the BO is secure, then the data is
encrypted, only the trusted IP blocks such as gfx, sdma, vcn are able to
decrypt. CPU as the un-trusted IP are unable to read the secure buffer.

We will submit the new secure command later for libdrm, and create a new test
suite to verify the security feature in the libdrm unit tests.

Suite id = 11: Name 'Security Tests status: ENABLED'
Test id 1: Name: 'allocate secure buffer test status: ENABLED'
Test id 2: Name: 'graphics secure command submission status: ENABLED'

Changes from V1 -> V2:
- Change the UAPI from secure context to secure command submission for display
  server and client usage. (Thanks Luben)
- Remove ttm_mem_reg macro to get ttm_bo object.
- Move the amdgpu_bo_encrypted into amdgpu_vm_bo_update(). 

Thanks,
Ray

Alex Deucher (3):
  drm/amdgpu: add UAPI for creating encrypted buffers
  drm/amdgpu: define the TMZ bit for the PTE
  drm/amdgpu: set TMZ bits in PTEs for secure BO (v4)

Huang Rui (7):
  drm/amdgpu: add tmz feature parameter (v2)
  drm/amdgpu: add amdgpu_tmz data structure
  drm/amdgpu: add function to check tmz capability (v4)
  drm/amdgpu: add tmz bit in frame control packet
  drm/amdgpu: expand the emit tmz interface with trusted flag
  drm/amdgpu: expand the context control interface with trust flag
  drm/amdgpu: job is secure iff CS is secure (v3)

Luben Tuikov (1):
  drm/amdgpu: add UAPI to create secure commands (v3)

 drivers/gpu/drm/amd/amdgpu/Makefile        |  2 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu.h        |  7 ++++-
 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c     |  8 ++++-
 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c |  3 ++
 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c    | 11 +++++++
 drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c    | 12 +++++++-
 drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c     |  4 +--
 drivers/gpu/drm/amd/amdgpu/amdgpu_job.h    |  2 ++
 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 11 +++++++
 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h   |  9 +++---
 drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.c    | 49 ++++++++++++++++++++++++++++++
 drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.h    | 39 ++++++++++++++++++++++++
 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c     |  5 +++
 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h     |  3 ++
 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c     | 20 +++++++++---
 drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c      |  3 +-
 drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c      |  3 +-
 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c      |  3 +-
 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c      | 16 +++++++---
 drivers/gpu/drm/amd/amdgpu/nvd.h           |  1 +
 drivers/gpu/drm/amd/amdgpu/soc15d.h        |  1 +
 include/uapi/drm/amdgpu_drm.h              | 10 +++++-
 22 files changed, 199 insertions(+), 23 deletions(-)
 create mode 100644 drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.c
 create mode 100644 drivers/gpu/drm/amd/amdgpu/amdgpu_tmz.h