SMAF Aims To Provide Secure Memory Allocation For DMA-BUF

Written by Michael Larabel in Linux Kernel on 21 October 2015 at 01:36 PM EDT. 3 Comments
LINUX KERNEL
SMAF, short for the Secure Memory Allocation Framework, is the newest framework in development for the mainline Linux kernel. SMAF is designed to allocate and secure memory by DMA_BUF.

The SMAF framework is a Linaro-led project for implementing Secure Data Path (SDP). Benjamin Gaignard of Linaro explained when originally seeking feedback on secure memory allocation functionality, "SDP is a set of hardware features to garanty that some memories regions could only be read and/or write by specific hardware IPs. You can imagine it as a kind of memory firewall which grant/revoke accesses to memory per devices. Firewall configuration must be done in a trusted environment: for ARM architecture we plan to use OP-TEE + a trusted application to do that."

One mentioned use-case for SDP/SMAF is video playback when it comes to handling video decryption, the video decoder, any transformations, and then the display output. Using Secure Data Path would ensure that only decrypted video data can be read by the video decoder (V4L2) and then in turn that data could only be read by the DRM/KMS driver needed to display the video.

Gaignard explains in the SMAF patches, "SMAF goal is to provide a framework that allow allocating and securing memory by using dma_buf. Each platform have it own way to perform those two features so SMAF design allow to register helper modules to perform them. To be sure to select the best allocation method for devices SMAF implement deferred allocation mechanism: memory allocation is only done when the first device effectively required it."

Those wanting to learn more about the SMAF driver/framework can see the newest patches, which are now up to their fifth revision.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week