From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Date: Thu, 23 Jan 2020 12:55:52 +0000 Subject: Re: [PATCH v2 1/2] security/keys/secure_key: Adds the secure key support based on CAAM. Message-Id: <88a1bb22a5f63ff81161f25220d47710420a81ac.camel@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit List-Id: References: <20180723111432.26830-1-udit.agarwal@nxp.com> In-Reply-To: To: Maik Otto , Udit Agarwal , dhowells@redhat.com, zohar@linux.vnet.ibm.com, jmorris@namei.org, serge@hallyn.com, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org Cc: sahil.malhotra@nxp.com, ruchika.gupta@nxp.com, horia.geanta@nxp.com, aymen.sghaier@nxp.com On Fri, 2020-01-17 at 12:52 +0100, Maik Otto wrote: > Hi > > I tested both patches in combination with > [RFC,2/2] dm-crypt: Use any key type which is registered from > https://patchwork.kernel.org/patch/10835633/ with bug fix > and an i.MX6Quad (logged device) with Mainline Kernel 4.19.88 > > The following tests were successful: > - key generation with CAAM > keyctl add secure kmk-master "new 64" @s > - export and import key blob with same controller > keyctl pipe 332995568 > secure_key.blob > reboot device > keyctl add secure kmk-master "load `cat secure_key.blob`" @s > - import keyblob with an other cpu and same keys for secure boot > caam_jr 2102000.jr1: caam op done err: 20000c1a > [ 185.788931] secure_key: key_blob decap fail (-22) > add_key: Invalid argument > => failing import was expected: pass > - use key from keyring in dmcrypt with an sd-card > dmsetup create test --table "0 106496 crypt aes-xts-plain64 > :64:secure:kmk-master 0 /dev/mmcblk0p3 0" > write,read reboot and read again > > Tested-by: Maik Otto I cannot find the original patch. Can this patch set be sent together with a cover letter, which is obviously missing from the earlier version, please. /Jarkko From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2ECBC33CB6 for ; Thu, 23 Jan 2020 12:56:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 85A2A24673 for ; Thu, 23 Jan 2020 12:56:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726170AbgAWM4B (ORCPT ); Thu, 23 Jan 2020 07:56:01 -0500 Received: from mga02.intel.com ([134.134.136.20]:57245 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726026AbgAWM4A (ORCPT ); Thu, 23 Jan 2020 07:56:00 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Jan 2020 04:55:59 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,354,1574150400"; d="scan'208";a="288108659" Received: from wkalinsk-mobl.ger.corp.intel.com ([10.252.23.16]) by fmsmga001.fm.intel.com with ESMTP; 23 Jan 2020 04:55:53 -0800 Message-ID: <88a1bb22a5f63ff81161f25220d47710420a81ac.camel@linux.intel.com> Subject: Re: [PATCH v2 1/2] security/keys/secure_key: Adds the secure key support based on CAAM. From: Jarkko Sakkinen To: Maik Otto , Udit Agarwal , dhowells@redhat.com, zohar@linux.vnet.ibm.com, jmorris@namei.org, serge@hallyn.com, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org Cc: sahil.malhotra@nxp.com, ruchika.gupta@nxp.com, horia.geanta@nxp.com, aymen.sghaier@nxp.com Date: Thu, 23 Jan 2020 14:55:52 +0200 In-Reply-To: References: <20180723111432.26830-1-udit.agarwal@nxp.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.1-2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: On Fri, 2020-01-17 at 12:52 +0100, Maik Otto wrote: > Hi > > I tested both patches in combination with > [RFC,2/2] dm-crypt: Use any key type which is registered from > https://patchwork.kernel.org/patch/10835633/ with bug fix > and an i.MX6Quad (logged device) with Mainline Kernel 4.19.88 > > The following tests were successful: > - key generation with CAAM > keyctl add secure kmk-master "new 64" @s > - export and import key blob with same controller > keyctl pipe 332995568 > secure_key.blob > reboot device > keyctl add secure kmk-master "load `cat secure_key.blob`" @s > - import keyblob with an other cpu and same keys for secure boot > caam_jr 2102000.jr1: caam op done err: 20000c1a > [ 185.788931] secure_key: key_blob decap fail (-22) > add_key: Invalid argument > => failing import was expected: pass > - use key from keyring in dmcrypt with an sd-card > dmsetup create test --table "0 106496 crypt aes-xts-plain64 > :64:secure:kmk-master 0 /dev/mmcblk0p3 0" > write,read reboot and read again > > Tested-by: Maik Otto I cannot find the original patch. Can this patch set be sent together with a cover letter, which is obviously missing from the earlier version, please. /Jarkko