From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Pankaj Gupta <pankaj.gupta@nxp.com>,
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: David Gstir <david@sigma-star.at>,
Aymen Sghaier <aymen.sghaier@nxp.com>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Mimi Zohar <zohar@linux.ibm.com>,
Jan Luebbe <j.luebbe@pengutronix.de>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
Udit Agarwal <udit.agarwal@nxp.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Horia Geanta <horia.geanta@nxp.com>,
Jonathan Corbet <corbet@lwn.net>,
Richard Weinberger <richard@nod.at>,
James Morris <jmorris@namei.org>,
Eric Biggers <ebiggers@kernel.org>,
Jarkko Sakkinen <jarkko@kernel.org>,
James Bottomley <jejb@linux.ibm.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
"tharvey@gateworks.com" <tharvey@gateworks.com>,
Franck Lenormand <franck.lenormand@nxp.com>,
Sumit Garg <sumit.garg@linaro.org>,
David Howells <dhowells@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"kernel@pengutronix.de" <kernel@pengutronix.de>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [EXT] Re: [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Date: Tue, 22 Feb 2022 12:24:33 +0100 [thread overview]
Message-ID: <db76da34-a40d-4746-5810-316b052acf16@pengutronix.de> (raw)
In-Reply-To: <DU2PR04MB8630EA7DB3AAD9F582EDB75C953B9@DU2PR04MB8630.eurprd04.prod.outlook.com>
Hello Pankaj,
On 22.02.22 05:30, Pankaj Gupta wrote:
> Hi Ahmad,
>
>
>> -----Original Message-----
>> From: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
>> Sent: Monday, December 13, 2021 7:11 PM
>> To: Ahmad Fatoum <a.fatoum@pengutronix.de>
>>
>>> For now, this is pointed out in the documentation. If you have a
>>> suggestion on a specific condition we should check and issue a
>>> diagnostic on, I can incorporate it. An exhaustive if
>>> WARN_ON(!secure()) is impossible, but having some warning for
>>> unsuspecting users would indeed be nice.
>>
>> I don't know of any condition that doesn't involve looking at SoC- specific OTP
>> registers - that's what U-Boot does to determine whether HAB is enabled...
>>
>
> Check the value fetched from the SEC Status Register (SSTA) (Offset 0xFD4h, bit 8,9 => 00b - Non-Secure, 01b - Secure, 10b - Trusted, 11b - Fail), for MOO (Mode of Operation).
> And the warning can be issued accordingly.
>
> It is to be noted that this register is part of CAAM page0, which might not be accessible to Linux, for all the iMX SoC(s).
>
> For other SoC(s), this can be added.
Thanks for the pointer. I am only testing this with i.MX, so I'd prefer this
be left as a future exercise for a Layerscape user.
Thanks for your reviews. I collected them on Patches 2/5 and 4/5 for v5.
Cheers,
Ahmad
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
prev parent reply other threads:[~2022-02-22 11:25 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-11 10:02 [PATCH v4 0/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2021-10-11 10:02 ` [PATCH v4 1/5] KEYS: trusted: allow use of TEE as backend without TCG_TPM support Ahmad Fatoum
2021-12-05 0:12 ` Jarkko Sakkinen
2021-10-11 10:02 ` [PATCH v4 2/5] KEYS: trusted: allow users to use kernel RNG for key material Ahmad Fatoum
2021-12-05 0:16 ` Jarkko Sakkinen
2021-12-13 10:29 ` Ahmad Fatoum
2021-12-23 7:25 ` [EXT] " Pankaj Gupta
2021-10-11 10:02 ` [PATCH v4 3/5] KEYS: trusted: allow trust sources " Ahmad Fatoum
2021-10-11 10:02 ` [PATCH v4 4/5] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2021-11-01 8:00 ` Ahmad Fatoum
2021-11-24 7:48 ` Ahmad Fatoum
2021-12-05 0:18 ` Jarkko Sakkinen
2021-12-13 10:34 ` Ahmad Fatoum
2021-12-23 7:20 ` [EXT] " Pankaj Gupta (OSS)
2021-10-11 10:02 ` [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2021-11-24 7:53 ` Ahmad Fatoum
2021-12-13 11:00 ` Matthias Schiffer
2021-12-13 11:36 ` Ahmad Fatoum
2021-12-13 13:40 ` Matthias Schiffer
2022-02-22 4:30 ` [EXT] " Pankaj Gupta
2022-02-22 11:24 ` Ahmad Fatoum [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=db76da34-a40d-4746-5810-316b052acf16@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=aymen.sghaier@nxp.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=franck.lenormand@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthias.schiffer@ew.tq-group.com \
--cc=pankaj.gupta@nxp.com \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=tharvey@gateworks.com \
--cc=udit.agarwal@nxp.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.