From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: "Horia Geantă" <horia.geanta@nxp.com>,
"Aymen Sghaier" <aymen.sghaier@nxp.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
kernel@pengutronix.de, "David Gstir" <david@sigma-star.at>,
"Tim Harvey" <tharvey@gateworks.com>,
"James Bottomley" <jejb@linux.ibm.com>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"David Howells" <dhowells@redhat.com>,
"James Morris" <jmorris@namei.org>,
"Eric Biggers" <ebiggers@kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Udit Agarwal" <udit.agarwal@nxp.com>,
"Jan Luebbe" <j.luebbe@pengutronix.de>,
"Richard Weinberger" <richard@nod.at>,
"Franck LENORMAND" <franck.lenormand@nxp.com>,
"Sumit Garg" <sumit.garg@linaro.org>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v4 4/5] crypto: caam - add in-kernel interface for blob generator
Date: Mon, 13 Dec 2021 11:34:39 +0100 [thread overview]
Message-ID: <3e33a215-12d2-da30-d1e1-2fde753a7a0a@pengutronix.de> (raw)
In-Reply-To: <YawFYFV8xGIPZvUJ@iki.fi>
Hello Jarkko,
On 05.12.21 01:18, Jarkko Sakkinen wrote:
> On Mon, Oct 11, 2021 at 12:02:37PM +0200, Ahmad Fatoum wrote:
>> The CAAM can be used to protect user-defined data across system reboot:
>>
>> - When the system is fused and boots into secure state, the master
>> key is a unique never-disclosed device-specific key
>> - random key is encrypted by key derived from master key
>> - data is encrypted using the random key
>> - encrypted data and its encrypted random key are stored alongside
>> - This blob can now be safely stored in non-volatile memory
>>
>> On next power-on:
>> - blob is loaded into CAAM
>> - CAAM writes decrypted data either into memory or key register
>>
>> Add functions to realize encrypting and decrypting into memory alongside
>> the CAAM driver.
>>
>> They will be used in a later commit as a source for the trusted key
>> seal/unseal mechanism.
>>
>> Reviewed-by: David Gstir <david@sigma-star.at>
>> Tested-By: Tim Harvey <tharvey@gateworks.com>
>> Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
>> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
>
> What is CAAM? This is missing.
That's Crypto Accelerator on NXP SoCs. There is a description in the cover
letter and in the follow-up patch wiring this into the new trusted key
source. I didn't elaborate on this here as this patch touches
drivers/crypto/caam and I assumed familiarity.
For v5, I can add some extra info:
"The NXP Cryptographic Acceleration and Assurance Module (CAAM)
can be used to protect user-defined data across system reboot..."
Sounds good? Does the last patch in the series look ok to you?
Cheers,
Ahmad
>
> /Jarkko
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2021-12-13 10:41 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-11 10:02 [PATCH v4 0/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2021-10-11 10:02 ` [PATCH v4 1/5] KEYS: trusted: allow use of TEE as backend without TCG_TPM support Ahmad Fatoum
2021-12-05 0:12 ` Jarkko Sakkinen
2021-10-11 10:02 ` [PATCH v4 2/5] KEYS: trusted: allow users to use kernel RNG for key material Ahmad Fatoum
2021-12-05 0:16 ` Jarkko Sakkinen
2021-12-13 10:29 ` Ahmad Fatoum
2021-12-23 7:25 ` [EXT] " Pankaj Gupta
2021-10-11 10:02 ` [PATCH v4 3/5] KEYS: trusted: allow trust sources " Ahmad Fatoum
2021-10-11 10:02 ` [PATCH v4 4/5] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2021-11-01 8:00 ` Ahmad Fatoum
2021-11-24 7:48 ` Ahmad Fatoum
2021-12-05 0:18 ` Jarkko Sakkinen
2021-12-13 10:34 ` Ahmad Fatoum [this message]
2021-12-23 7:20 ` [EXT] " Pankaj Gupta (OSS)
2021-10-11 10:02 ` [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2021-11-24 7:53 ` Ahmad Fatoum
2021-12-13 11:00 ` Matthias Schiffer
2021-12-13 11:36 ` Ahmad Fatoum
2021-12-13 13:40 ` Matthias Schiffer
2022-02-22 4:30 ` [EXT] " Pankaj Gupta
2022-02-22 11:24 ` Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3e33a215-12d2-da30-d1e1-2fde753a7a0a@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=aymen.sghaier@nxp.com \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=franck.lenormand@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=tharvey@gateworks.com \
--cc=udit.agarwal@nxp.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).