
With earlier versions of the SMAF patches some were concerned over this approach for allowing protected video playback and what feels like Digital Rights Management. The SMAF v10 patches clarify some of the use-cases:
One example of SMAF usage is camera preview: on SoC you may use either an USB webcam or the built-in camera interface and the frames could be send directly to the dipslay Ip or handle by GPU. Most of USB interfaces and GPU have mmu but almost all built-in camera interace and display Ips don't have mmu so when selecting how allocate buffer you need to be aware of each devices constraints (contiguous memory, stride, boundary, alignment ...). ION has solve this problem by let userland decide which allocator (heap) to use but this require to adapt userland for each platform and sometime for each use case.
...
In the same camera preview use case, SMAF allow to protect the data from being read by unauthorized IPs (i.e. a malware to dump camera stream). Until now I have only see access rights protection at process/thread level (PKeys/MPK) or on file (SELinux) but nothing allow to drive data bus firewalls. SMAF propose an interface to control and implement those firewalls. Like IOMMU, firewalls IPs can help to protect memory from malicious/faulty devices that are attempting DMA attacks.
With the tenth version of these SMAF patches, they've now been re-based to Linux 4.8 and has a minor typo fix. However, as the Linux 4.9 merge window is already going on, it's looking like this work won't land until at least Linux 4.10. The V10 patches can be seen on the kernel mailing list.
Add A Comment