Re: [PATCH v7 05/12] media: iris: Enable Secure PAS support with IOMMU managed by Linux

From: Dmitry Baryshkov

Date: Sun Jun 07 2026 - 17:39:32 EST

On Wed, Jun 03, 2026 at 07:48:43PM +0530, Vishnu Reddy wrote:
> From: Mukesh Ojha <mukesh.ojha@xxxxxxxxxxxxxxxx>
>
> On platforms where a hypervisor is present, all Secure Monitor Calls
> (SMC) are intercepted. For qcom_scm_pas_auth_and_reset(), the hypervisor
> registers a Shared Memory (SHM) bridge over the Peripheral Image Loader
> (PIL) memory region so that TrustZone (TZ) can access it, forwards the
> authentication SMC to TZ, and upon return maps the PIL region and
> triggers the co-processor bring-up sequence:
>
> HLOS -> Hypervisor(SHM setup) -> TZ(auth) -> Hypervisor(map+reset) -> IRIS
>
> On platforms without a hypervisor, Linux drives these steps directly.
> The SHM bridge infrastructure required for this is already upstream [1].
>
> To isolate firmware memory in its own Input-Output Memory Management
> Unit (IOMMU) context, a dedicated stream ID (SID) is required, tied to
> the firmware function ID. This SID is specified via the iommu-map
> property in the device tree using the firmware function ID as the lookup
> key. A firmware device is created and mapped to this SID.
>
> The presence of a SID mapped to the firmware device via iommu-map is
> used to detect whether a hypervisor is absent: when the firmware device
> has a SID mapped, Linux manages the IOMMU directly; when no SID is
> mapped, a hypervisor is assumed to be present and these steps are
> skipped.
>
> Extend the Iris driver to support Secure Peripheral Authentication
> Service (PAS) on platforms where Linux manages the IOMMU, by creating
> the firmware context device and performing the necessary IOMMU mapping
> when the firmware device SID is present.
>
> [1] https://lore.kernel.org/lkml/20260105-kvmrprocv10-v10-0-022e96815380
> @oss.qualcomm.com/
>
> Reviewed-by: Vishnu Reddy <busanna.reddy@xxxxxxxxxxxxxxxx>
> Co-developed-by: Vikash Garodia <vikash.garodia@xxxxxxxxxxxxxxxx>
> Signed-off-by: Vikash Garodia <vikash.garodia@xxxxxxxxxxxxxxxx>
> Signed-off-by: Mukesh Ojha <mukesh.ojha@xxxxxxxxxxxxxxxx>
> Signed-off-by: Vishnu Reddy <busanna.reddy@xxxxxxxxxxxxxxxx>
> ---
> drivers/media/platform/qcom/iris/iris_core.h | 4 ++
> drivers/media/platform/qcom/iris/iris_firmware.c | 73 ++++++++++++++++++++----
> 2 files changed, 67 insertions(+), 10 deletions(-)
>

Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxxxxxxxx>


--
With best wishes
Dmitry