From: Pankaj Gupta <pankaj.gupta@nxp.com>
To: 'Herbert Xu' <herbert@gondor.apana.org.au>,
"Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "jarkko@kernel.org" <jarkko@kernel.org>,
"a.fatoum@pengutronix.de" <a.fatoum@pengutronix.de>,
"gilad@benyossef.com" <gilad@benyossef.com>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"sumit.garg@linaro.org" <sumit.garg@linaro.org>,
"david@sigma-star.at" <david@sigma-star.at>,
"michael@walle.cc" <michael@walle.cc>,
"john.ernberg@actia.se" <john.ernberg@actia.se>,
"jmorris@namei.org" <jmorris@namei.org>,
"serge@hallyn.com" <serge@hallyn.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"j.luebbe@pengutronix.de" <j.luebbe@pengutronix.de>,
"ebiggers@kernel.org" <ebiggers@kernel.org>,
"richard@nod.at" <richard@nod.at>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
Sahil Malhotra <sahil.malhotra@nxp.com>,
Kshitiz Varshney <kshitiz.varshney@nxp.com>,
Horia Geanta <horia.geanta@nxp.com>,
Varun Sethi <V.Sethi@nxp.com>
Subject: RE: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm
Date: Tue, 11 Oct 2022 11:32:43 +0000 [thread overview]
Message-ID: <DU2PR04MB8630BED11334D94A25731F3695239@DU2PR04MB8630.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <Y0UxY51KQoKCq59o@gondor.apana.org.au>
> -----Original Message-----
> From: Herbert Xu <herbert@gondor.apana.org.au>
> Sent: Tuesday, October 11, 2022 2:34 PM
> To: Jason A. Donenfeld <Jason@zx2c4.com>
> Cc: Pankaj Gupta <pankaj.gupta@nxp.com>; jarkko@kernel.org;
> a.fatoum@pengutronix.de; gilad@benyossef.com; jejb@linux.ibm.com;
> zohar@linux.ibm.com; dhowells@redhat.com; sumit.garg@linaro.org;
> david@sigma-star.at; michael@walle.cc; john.ernberg@actia.se;
> jmorris@namei.org; serge@hallyn.com; davem@davemloft.net;
> j.luebbe@pengutronix.de; ebiggers@kernel.org; richard@nod.at;
> keyrings@vger.kernel.org; linux-crypto@vger.kernel.org; linux-
> integrity@vger.kernel.org; linux-kernel@vger.kernel.org; linux-security-
> module@vger.kernel.org; Sahil Malhotra <sahil.malhotra@nxp.com>; Kshitiz
> Varshney <kshitiz.varshney@nxp.com>; Horia Geanta
> <horia.geanta@nxp.com>; Varun Sethi <V.Sethi@nxp.com>
> Subject: Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the
> tfm
>
> Caution: EXT Email
>
> On Mon, Oct 10, 2022 at 09:15:48AM -0600, Jason A. Donenfeld wrote:
> >
> > Do you mean to say that other drivers that use hardware-backed keys do
> > so by setting "cra_name" to something particular? Like instead of "aes"
> > it'd be "aes-but-special-for-this-driver"? If so, that would seem to
> > break the design of the crypto API. Which driver did you see that does
> > this? Or perhaps, more generally, what are the drivers that Herbert is
> > talking about when he mentions the "plenty of existing drivers" that
> > already do this?
>
> Grep for paes for the existing drivers that support this. I don't have anything
> against this feature per se, but the last thing we want is a proliferation of
> different ways of doing the same thing.
Our goal is to have a generic solution, which can be extended to any driver dealing with:
- Generating HBK and adding to trusted keyring.
- Using the trusted keyring's HBK for crypto operation.
With this framework in place, driver specific custom changes can be avoided, bridging the interface-gap of:
kernel-keyring <-> kernel-crypto-layer.
Thanks.
>
> Cheers,
> --
> Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page:
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo
> r.apana.org.au%2F~herbert%2F&data=05%7C01%7Cpankaj.gupta%40nx
> p.com%7C4ef27fc922d04350ca9f08daab67a1a3%7C686ea1d3bc2b4c6fa92cd9
> 9c5c301635%7C0%7C0%7C638010758832054902%7CUnknown%7CTWFpbGZs
> b3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn
> 0%3D%7C3000%7C%7C%7C&sdata=SOguJ9LGhSCDmspbjDIEzkQLk9Bz%
> 2FsS0B%2BLNc4gzRo8%3D&reserved=0
> PGP Key:
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo
> r.apana.org.au%2F~herbert%2Fpubkey.txt&data=05%7C01%7Cpankaj.g
> upta%40nxp.com%7C4ef27fc922d04350ca9f08daab67a1a3%7C686ea1d3bc2b
> 4c6fa92cd99c5c301635%7C0%7C0%7C638010758832054902%7CUnknown%7C
> TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL
> CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hCzT2fPfJ%2BBNVqN6JR
> wMx9zNJkqvdRSLrR68ubhCvN4%3D&reserved=0
next prev parent reply other threads:[~2022-10-11 11:32 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-06 13:08 [PATCH v0 0/8] Hardware Bound key added to Trusted Key-Ring Pankaj Gupta
2022-10-06 13:08 ` [PATCH v0 1/8] hw-bound-key: introducing the generic structure Pankaj Gupta
2022-10-12 8:52 ` Jarkko Sakkinen
2022-10-12 8:53 ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 2/8] keys-trusted: new cmd line option added Pankaj Gupta
2022-10-06 12:37 ` Ben Boeckel
2022-10-06 13:08 ` [PATCH v0 3/8] crypto: hbk flags & info added to the tfm Pankaj Gupta
2022-10-07 6:58 ` Herbert Xu
2022-10-10 11:15 ` [EXT] " Pankaj Gupta
2022-10-10 15:15 ` Jason A. Donenfeld
2022-10-10 21:35 ` [EXT] " David Gstir
2022-10-11 9:03 ` [EXT] " Herbert Xu
2022-10-11 11:32 ` Pankaj Gupta [this message]
2022-10-11 20:01 ` Jason A. Donenfeld
2022-10-12 9:06 ` Herbert Xu
2022-10-14 19:19 ` Jason Gunthorpe
2022-10-20 4:26 ` Eric Biggers
2022-10-20 19:23 ` Jason Gunthorpe
2022-10-20 21:28 ` Eric Biggers
2022-10-20 23:42 ` Jason Gunthorpe
2022-10-11 11:05 ` Pankaj Gupta
2022-10-12 8:57 ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 4/8] sk_cipher: checking for hw bound operation Pankaj Gupta
2022-10-12 8:59 ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 5/8] keys-trusted: re-factored caam based trusted key Pankaj Gupta
2022-10-06 13:08 ` [PATCH v0 6/8] KEYS: trusted: caam based black key Pankaj Gupta
2022-10-06 12:42 ` Ben Boeckel
2022-10-06 12:52 ` James Bottomley
2022-10-06 13:08 ` [PATCH v0 7/8] caam alg: symmetric key ciphers are updated Pankaj Gupta
2022-10-12 9:01 ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 8/8] dm-crypt: consumer-app setting the flag-is_hbk Pankaj Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DU2PR04MB8630BED11334D94A25731F3695239@DU2PR04MB8630.eurprd04.prod.outlook.com \
--to=pankaj.gupta@nxp.com \
--cc=Jason@zx2c4.com \
--cc=V.Sethi@nxp.com \
--cc=a.fatoum@pengutronix.de \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=gilad@benyossef.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=john.ernberg@actia.se \
--cc=keyrings@vger.kernel.org \
--cc=kshitiz.varshney@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=michael@walle.cc \
--cc=richard@nod.at \
--cc=sahil.malhotra@nxp.com \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).