Hello arm-soc maintainers,
Please pull this set of patches enabling protected DMA-bufs in the TEE subsystem. There's a brief desciption in the tag below. All patches but "dma-buf: dma-heap: export declared functions" are withing the TEE subsystem. The dma-heap maintainer, Sumit Semwal, has acked the dma-heap patch to be merged via my tree.
I believe I've addressed all comments from the reviews including providing a demo as described in [1].
[1] https://lore.kernel.org/op-tee/20250911135007.1275833-1-jens.wiklander@linar...
Thanks, Jens
The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee.git tags/tee-prot-dma-buf-for-v6.18
for you to fetch changes up to dbc2868b7b57fb4caa8e44a69e882dcf8e8d59bf:
optee: smc abi: dynamic protected memory allocation (2025-09-11 11:22:43 +0200)
---------------------------------------------------------------- TEE protected DMA-bufs for v6.18
- Allocates protected DMA-bufs from a DMA-heap instantiated from the TEE subsystem. - The DMA-heap uses a protected memory pool provided by the backend TEE driver, allowing it to choose how to allocate the protected physical memory. - Three use-cases (Secure Video Playback, Trusted UI, and Secure Video Recording) have been identified so far to serve as examples of what can be expected. - The use-cases have predefined DMA-heap names, "protected,secure-video", "protected,trusted-ui", and "protected,secure-video-record". The backend driver registers protected memory pools for the use-cases it supports.
---------------------------------------------------------------- Etienne Carriere (1): tee: new ioctl to a register tee_shm from a dmabuf file descriptor
Jens Wiklander (8): optee: sync secure world ABI headers dma-buf: dma-heap: export declared functions tee: implement protected DMA-heap tee: refactor params_from_user() tee: add tee_shm_alloc_dma_mem() optee: support protected memory allocation optee: FF-A: dynamic protected memory allocation optee: smc abi: dynamic protected memory allocation
drivers/dma-buf/dma-heap.c | 4 + drivers/tee/Kconfig | 5 + drivers/tee/Makefile | 1 + drivers/tee/optee/Kconfig | 5 + drivers/tee/optee/Makefile | 1 + drivers/tee/optee/core.c | 7 + drivers/tee/optee/ffa_abi.c | 146 ++++++++++- drivers/tee/optee/optee_ffa.h | 27 +- drivers/tee/optee/optee_msg.h | 84 ++++++- drivers/tee/optee/optee_private.h | 15 +- drivers/tee/optee/optee_smc.h | 37 ++- drivers/tee/optee/protmem.c | 335 +++++++++++++++++++++++++ drivers/tee/optee/smc_abi.c | 141 ++++++++++- drivers/tee/tee_core.c | 158 +++++++++--- drivers/tee/tee_heap.c | 500 ++++++++++++++++++++++++++++++++++++++ drivers/tee/tee_private.h | 14 ++ drivers/tee/tee_shm.c | 157 +++++++++++- include/linux/tee_core.h | 59 +++++ include/linux/tee_drv.h | 10 + include/uapi/linux/tee.h | 31 +++ 20 files changed, 1670 insertions(+), 67 deletions(-) create mode 100644 drivers/tee/optee/protmem.c create mode 100644 drivers/tee/tee_heap.c