From: Pankaj Gupta <pankaj.gupta@nxp.com>
To: "jlu@pengutronix.de" <jlu@pengutronix.de>,
Jarkko Sakkinen <jarkko@kernel.org>
Cc: "a.fatoum@pengutronix.de" <a.fatoum@pengutronix.de>,
"Jason@zx2c4.com" <Jason@zx2c4.com>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"sumit.garg@linaro.org" <sumit.garg@linaro.org>,
"david@sigma-star.at" <david@sigma-star.at>,
"michael@walle.cc" <michael@walle.cc>,
"john.ernberg@actia.se" <john.ernberg@actia.se>,
"jmorris@namei.org" <jmorris@namei.org>,
"serge@hallyn.com" <serge@hallyn.com>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"davem@davemloft.net" <davem@davemloft.net>,
"j.luebbe@pengutronix.de" <j.luebbe@pengutronix.de>,
"ebiggers@kernel.org" <ebiggers@kernel.org>,
"richard@nod.at" <richard@nod.at>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
Sahil Malhotra <sahil.malhotra@nxp.com>,
Kshitiz Varshney <kshitiz.varshney@nxp.com>,
Horia Geanta <horia.geanta@nxp.com>,
Varun Sethi <V.Sethi@nxp.com>
Subject: RE: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY
Date: Wed, 7 Sep 2022 09:57:55 +0000 [thread overview]
Message-ID: <DU2PR04MB863055712C4D919D7892AAC795419@DU2PR04MB8630.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <843e1f1cbed67ce558e20d1e56a82dfe27732028.camel@pengutronix.de>
> -----Original Message-----
> From: Jan Lübbe <jlu@pengutronix.de>
> Sent: Wednesday, September 7, 2022 1:41 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>; Jarkko Sakkinen
> <jarkko@kernel.org>
> Cc: a.fatoum@pengutronix.de; Jason@zx2c4.com; jejb@linux.ibm.com;
> zohar@linux.ibm.com; dhowells@redhat.com; sumit.garg@linaro.org;
> david@sigma-star.at; michael@walle.cc; john.ernberg@actia.se;
> jmorris@namei.org; serge@hallyn.com; herbert@gondor.apana.org.au;
> davem@davemloft.net; j.luebbe@pengutronix.de; ebiggers@kernel.org;
> richard@nod.at; keyrings@vger.kernel.org; linux-crypto@vger.kernel.org;
> linux-integrity@vger.kernel.org; linux-kernel@vger.kernel.org; linux-
> security-module@vger.kernel.org; Sahil Malhotra
> <sahil.malhotra@nxp.com>; Kshitiz Varshney <kshitiz.varshney@nxp.com>;
> Horia Geanta <horia.geanta@nxp.com>; Varun Sethi <V.Sethi@nxp.com>
> Subject: Re: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY
>
> Caution: EXT Email
>
> On Wed, 2022-09-07 at 07:22 +0000, Pankaj Gupta wrote:
> > Even if somehow the key is retrieved from the keyring, the retrieved
> > key would be an encrypted key.
> > This encrypted key can only be decrypted by Hardware, which generated it.
> >
> > Hence, the retrieved key is unusable outside of the hardware.
>
> NXP's CAAM unit (i.e. on i.MX6) supports several modes of sealed/encrypted
> keys.
> The (un)sealing process uses a key that is normally derived from a per-device
> key in eFUSES. One aspect of these modes is whether the plaintext key
> material is accessible to the kernel or not.
>
> Ahmad's patch set added support for a mode where the CAAM is used to
> seal plaintext known to the kernel to a "blob" (in CAAM terminology) on
> export to userspace and the reverse on import. This mode allows the kernel
> to use the plaintext for dm-crypt, to encrypt other keyrings and similar.
>
> The CAAM has another sealing mode, where it will not allow writing of the
> plaintext key to memory. Instead, it is kept in one of the CAAM-internal key
> registers. There, it can be used for cryptographic operations (i.e. AES). This
> way, the plaintext key is protected even from the kernel. The kernel could
> keep a copy of in sealed form, so it can reload the CAAM's key register when
> needed.
>
>
> Pankaj, is that the mode you intend to support with this series?
Yes, this is what is called as "black key", in CAAM terminology.
Black key is nothing but a HBK key.
This is what I am trying to achieve with this patch-set.
>
> Could you describe the high-level use-cases this would be need for,
> compared to the existing mode where plaintext keys are accessible to the
> kernel? In which cases would you use each mode?
>
High-level Use-case is to ensure runtime security.
By runtime security, I mean, key that is added to keyring after blob-decapsulation,
- if get stolen, then being plain key, security can be compromised.
- After this patch-set, if key get stolen, then being HBK(encrypted by H/W), will not be of any use without HW. Security is not compromised.
> Regards,
> Jan
> --
> Pengutronix e.K. | |
> Industrial Linux Solutions |
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.
> pengutronix.de%2F&data=05%7C01%7Cpankaj.gupta%40nxp.com%7Cb
> 1335df185404e02df1108da90a8886c%7C686ea1d3bc2b4c6fa92cd99c5c301635
> %7C0%7C0%7C637981350763081319%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3
> 000%7C%7C%7C&sdata=aNxEETFYLc74F%2BOq9IK3p63tniVfczpgslG3LYe
> ZzAo%3D&reserved=0 |
> Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
prev parent reply other threads:[~2022-09-07 9:59 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-06 6:51 [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option added Pankaj Gupta
2022-09-06 13:01 ` Ben Boeckel
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to the tfm Pankaj Gupta
2022-09-06 6:43 ` Herbert Xu
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-07 7:26 ` Herbert Xu
2022-09-07 9:58 ` Pankaj Gupta
2022-09-07 10:10 ` Herbert Xu
2022-09-12 17:19 ` Varun Sethi
2022-09-13 2:05 ` Herbert Xu
2022-09-13 10:01 ` Varun Sethi
2022-09-13 10:28 ` Herbert Xu
2022-09-21 11:07 ` Varun Sethi
2022-09-06 6:51 ` [RFC PATCH HBK: 3/8] sk_cipher: checking for hw bound operation Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 4/8] keys-trusted: re-factored caam based trusted key Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 5/8] caam blob-gen: moving blob_priv to caam_drv_private Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 6/8] KEYS: trusted: caam based black key Pankaj Gupta
2022-09-06 13:03 ` Ben Boeckel
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 7/8] caam alg: symmetric key ciphers are updated Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 8/8] dm-crypt: consumer-app setting the flag-is_hbk Pankaj Gupta
2022-09-06 7:12 ` [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Michael Walle
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-07 7:29 ` Michael Walle
2022-09-07 7:46 ` [EXT] " David Gstir
2022-09-07 8:11 ` Michael Walle
2022-09-07 9:57 ` Pankaj Gupta
2022-09-06 8:58 ` Jarkko Sakkinen
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-07 8:10 ` Jan Lübbe
2022-09-07 9:57 ` Pankaj Gupta [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DU2PR04MB863055712C4D919D7892AAC795419@DU2PR04MB8630.eurprd04.prod.outlook.com \
--to=pankaj.gupta@nxp.com \
--cc=Jason@zx2c4.com \
--cc=V.Sethi@nxp.com \
--cc=a.fatoum@pengutronix.de \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jlu@pengutronix.de \
--cc=jmorris@namei.org \
--cc=john.ernberg@actia.se \
--cc=keyrings@vger.kernel.org \
--cc=kshitiz.varshney@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=michael@walle.cc \
--cc=richard@nod.at \
--cc=sahil.malhotra@nxp.com \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).