linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: James Bottomley <jejb@linux.ibm.com>
To: list.lkml.keyrings@me.benboeckel.net,
	Pankaj Gupta <pankaj.gupta@nxp.com>
Cc: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com,
	Jason@zx2c4.com, zohar@linux.ibm.com, dhowells@redhat.com,
	sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc,
	john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com,
	herbert@gondor.apana.org.au, davem@davemloft.net,
	j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at,
	keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com,
	kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com
Subject: Re: [PATCH v0 6/8] KEYS: trusted: caam based black key
Date: Thu, 06 Oct 2022 08:52:20 -0400	[thread overview]
Message-ID: <0c6bbab890df1eaccbc6882a2ca86e483e70bd93.camel@linux.ibm.com> (raw)
In-Reply-To: <Yz7NOB1vePLE4yoB@megas.dev.benboeckel.internal>

On Thu, 2022-10-06 at 08:42 -0400, Ben Boeckel wrote:
> On Thu, Oct 06, 2022 at 18:38:35 +0530, Pankaj Gupta wrote:
> > - CAAM supports two types of black keys:
> >   -- Plain key encrypted with ECB
> >   -- Plain key encrypted with CCM
> 
> What is a "black key"? Is this described in the documentation or
> local comments at all? (I know I'm unfamiliar with CAAM, but maybe
> this should be mentioned somewhere?).
> 
> >   Note: Due to robustness, default encytption used for black key is
> > CCM.
>                                      ^^^^^^^^^^ encryption
> 
> What "robustness"? Surely there's some more technical details
> involved here?

The crypto advice for the past decade or more has been never use ECB
it's insecure, so anything could be regarded as robust compared to it
... however that does beg the question of why ECB is even offered in a
modern system?  Surely it's nothing more than a user trap (choose this
secure option only if you don't want security).

James



  reply	other threads:[~2022-10-06 12:55 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-06 13:08 [PATCH v0 0/8] Hardware Bound key added to Trusted Key-Ring Pankaj Gupta
2022-10-06 13:08 ` [PATCH v0 1/8] hw-bound-key: introducing the generic structure Pankaj Gupta
2022-10-12  8:52   ` Jarkko Sakkinen
2022-10-12  8:53   ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 2/8] keys-trusted: new cmd line option added Pankaj Gupta
2022-10-06 12:37   ` Ben Boeckel
2022-10-06 13:08 ` [PATCH v0 3/8] crypto: hbk flags & info added to the tfm Pankaj Gupta
2022-10-07  6:58   ` Herbert Xu
2022-10-10 11:15     ` [EXT] " Pankaj Gupta
2022-10-10 15:15       ` Jason A. Donenfeld
2022-10-10 21:35         ` [EXT] " David Gstir
2022-10-11  9:03         ` [EXT] " Herbert Xu
2022-10-11 11:32           ` Pankaj Gupta
2022-10-11 20:01           ` Jason A. Donenfeld
2022-10-12  9:06             ` Herbert Xu
2022-10-14 19:19               ` Jason Gunthorpe
2022-10-20  4:26                 ` Eric Biggers
2022-10-20 19:23                   ` Jason Gunthorpe
2022-10-20 21:28                     ` Eric Biggers
2022-10-20 23:42                       ` Jason Gunthorpe
2022-10-11 11:05         ` Pankaj Gupta
2022-10-12  8:57   ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 4/8] sk_cipher: checking for hw bound operation Pankaj Gupta
2022-10-12  8:59   ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 5/8] keys-trusted: re-factored caam based trusted key Pankaj Gupta
2022-10-06 13:08 ` [PATCH v0 6/8] KEYS: trusted: caam based black key Pankaj Gupta
2022-10-06 12:42   ` Ben Boeckel
2022-10-06 12:52     ` James Bottomley [this message]
2022-10-06 13:08 ` [PATCH v0 7/8] caam alg: symmetric key ciphers are updated Pankaj Gupta
2022-10-12  9:01   ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 8/8] dm-crypt: consumer-app setting the flag-is_hbk Pankaj Gupta

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0c6bbab890df1eaccbc6882a2ca86e483e70bd93.camel@linux.ibm.com \
    --to=jejb@linux.ibm.com \
    --cc=Jason@zx2c4.com \
    --cc=V.Sethi@nxp.com \
    --cc=a.fatoum@pengutronix.de \
    --cc=davem@davemloft.net \
    --cc=david@sigma-star.at \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=gilad@benyossef.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=horia.geanta@nxp.com \
    --cc=j.luebbe@pengutronix.de \
    --cc=jarkko@kernel.org \
    --cc=jmorris@namei.org \
    --cc=john.ernberg@actia.se \
    --cc=keyrings@vger.kernel.org \
    --cc=kshitiz.varshney@nxp.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=list.lkml.keyrings@me.benboeckel.net \
    --cc=michael@walle.cc \
    --cc=pankaj.gupta@nxp.com \
    --cc=richard@nod.at \
    --cc=sahil.malhotra@nxp.com \
    --cc=serge@hallyn.com \
    --cc=sumit.garg@linaro.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).