From: Mimi Zohar <zohar@linux.ibm.com>
To: Udit Agarwal <udit.agarwal@nxp.com>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"zohar@linux.vnet.ibm.com" <zohar@linux.vnet.ibm.com>,
"jmorris@namei.org" <jmorris@namei.org>,
"serge@hallyn.com" <serge@hallyn.com>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Sahil Malhotra <sahil.malhotra@nxp.com>,
Ruchika Gupta <ruchika.gupta@nxp.com>,
Horia Geanta <horia.geanta@nxp.com>,
Aymen Sghaier <aymen.sghaier@nxp.com>
Subject: Re: [PATCH 1/2] security/keys/secure_key: Adds the secure key support based on CAAM.
Date: Tue, 24 Jul 2018 09:34:50 -0400 [thread overview]
Message-ID: <1532439290.3277.52.camel@linux.ibm.com> (raw)
In-Reply-To: <AM5PR0401MB2660B8C1DD5ED9989239EF009E550@AM5PR0401MB2660.eurprd04.prod.outlook.com>
On Tue, 2018-07-24 at 12:31 +0000, Udit Agarwal wrote:
> Yes the secure keys and CAAM are correlated. Secure keys depends on
> NXP CAAM crypto HW accelerator. Secure key is a random data of
> length X (passed using keyctl command) & derived using CAAM. Blob of
> this data is also created using CAAM. Only blob is visible to user
> space.
The term "secure keys" is really generic. What makes the "secure
keys" secure? We introduced "trusted keys", because TPM 1.2 didn't
support symmetric keys. We shouldn't just duplicate "trusted keys"
for different HW, but improve upon it (eg. symmetric keys never leave
the device).
The new key type should define generic methods, which are implemented
for NXP CAAM rypto HW accelerator as an example.
Mimi
prev parent reply other threads:[~2018-07-24 13:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-20 5:46 [PATCH 1/2] security/keys/secure_key: Adds the secure key support based on CAAM Udit Agarwal
2018-07-20 5:46 ` [PATCH 2/2] encrypted_keys: Adds support for secure key-type as master key Udit Agarwal
2018-07-20 8:40 ` [PATCH 1/2] security/keys/secure_key: Adds the secure key support based on CAAM Jan Lübbe
2018-07-21 14:44 ` Udit Agarwal
2018-07-23 12:42 ` Jan Lübbe
2018-07-20 18:37 ` kbuild test robot
2018-07-22 23:34 ` Mimi Zohar
2018-07-24 12:31 ` Udit Agarwal
2018-07-24 13:34 ` Mimi Zohar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1532439290.3277.52.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=aymen.sghaier@nxp.com \
--cc=dhowells@redhat.com \
--cc=horia.geanta@nxp.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=ruchika.gupta@nxp.com \
--cc=sahil.malhotra@nxp.com \
--cc=serge@hallyn.com \
--cc=udit.agarwal@nxp.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).