linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Pankaj Gupta <pankaj.gupta@nxp.com>
To: Pankaj Gupta <pankaj.gupta@nxp.com>,
	Ahmad Fatoum <a.fatoum@pengutronix.de>,
	Jonathan Corbet <corbet@lwn.net>,
	David Howells <dhowells@redhat.com>,
	Jarkko Sakkinen <jarkko@kernel.org>,
	James Bottomley <jejb@linux.ibm.com>,
	Mimi Zohar <zohar@linux.ibm.com>
Cc: "kernel@pengutronix.de" <kernel@pengutronix.de>,
	David Gstir <david@sigma-star.at>,
	"tharvey@gateworks.com" <tharvey@gateworks.com>,
	Matthias Schiffer <matthias.schiffer@ew.tq-group.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Horia Geanta <horia.geanta@nxp.com>,
	Aymen Sghaier <aymen.sghaier@nxp.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Biggers <ebiggers@kernel.org>,
	Jan Luebbe <j.luebbe@pengutronix.de>,
	Richard Weinberger <richard@nod.at>,
	Franck Lenormand <franck.lenormand@nxp.com>,
	Sumit Garg <sumit.garg@linaro.org>,
	"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	"linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>
Subject: RE: [EXT] [PATCH v5 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Date: Mon, 7 Mar 2022 04:48:15 +0000	[thread overview]
Message-ID: <DU2PR04MB8630D83FE9BBC0D782C4FAF595089@DU2PR04MB8630.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <DU2PR04MB8630CB9CD8968FB1FC57235E95039@DU2PR04MB8630.eurprd04.prod.outlook.com>

Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>


Testing Details with iMX8 platform:

- Using command "keyctl", successfully able to create/load key from the @s keyring.
- Able to use the key with DM-Crypt utility.
- Across power cycle, Validated the decrypted content with correct key; as well as the incorrect key.

Regards
Pankaj

> -----Original Message-----
> From: Pankaj Gupta <pankaj.gupta@nxp.com>
> Sent: Wednesday, March 2, 2022 10:08 AM
> To: Ahmad Fatoum <a.fatoum@pengutronix.de>; Jonathan Corbet
> <corbet@lwn.net>; David Howells <dhowells@redhat.com>; Jarkko Sakkinen
> <jarkko@kernel.org>; James Bottomley <jejb@linux.ibm.com>; Mimi Zohar
> <zohar@linux.ibm.com>
> Cc: kernel@pengutronix.de; David Gstir <david@sigma-star.at>;
> tharvey@gateworks.com; Matthias Schiffer <matthias.schiffer@ew.tq-
> group.com>; James Morris <jmorris@namei.org>; Serge E. Hallyn
> <serge@hallyn.com>; Horia Geanta <horia.geanta@nxp.com>; Aymen
> Sghaier <aymen.sghaier@nxp.com>; Herbert Xu
> <herbert@gondor.apana.org.au>; David S. Miller <davem@davemloft.net>;
> Eric Biggers <ebiggers@kernel.org>; Jan Luebbe <j.luebbe@pengutronix.de>;
> Richard Weinberger <richard@nod.at>; Franck Lenormand
> <franck.lenormand@nxp.com>; Sumit Garg <sumit.garg@linaro.org>;
> keyrings@vger.kernel.org; linux-crypto@vger.kernel.org; linux-
> doc@vger.kernel.org; linux-integrity@vger.kernel.org; linux-
> kernel@vger.kernel.org; linux-security-module@vger.kernel.org
> Subject: RE: [EXT] [PATCH v5 5/5] KEYS: trusted: Introduce support for NXP
> CAAM-based trusted keys
> 
> Caution: EXT Email
> 
> Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> 
> > -----Original Message-----
> > From: Ahmad Fatoum <a.fatoum@pengutronix.de>
> > Sent: Wednesday, February 23, 2022 1:28 AM
> > To: Jonathan Corbet <corbet@lwn.net>; David Howells
> > <dhowells@redhat.com>; Jarkko Sakkinen <jarkko@kernel.org>; James
> > Bottomley <jejb@linux.ibm.com>; Mimi Zohar <zohar@linux.ibm.com>
> > Cc: kernel@pengutronix.de; David Gstir <david@sigma-star.at>;
> > tharvey@gateworks.com; Matthias Schiffer <matthias.schiffer@ew.tq-
> > group.com>; Ahmad Fatoum <a.fatoum@pengutronix.de>; James Morris
> > <jmorris@namei.org>; Serge E. Hallyn <serge@hallyn.com>; Horia Geanta
> > <horia.geanta@nxp.com>; Aymen Sghaier <aymen.sghaier@nxp.com>;
> Herbert
> > Xu <herbert@gondor.apana.org.au>; David S. Miller
> > <davem@davemloft.net>; Eric Biggers <ebiggers@kernel.org>; Jan Luebbe
> > <j.luebbe@pengutronix.de>; Richard Weinberger <richard@nod.at>;
> Franck
> > Lenormand <franck.lenormand@nxp.com>; Sumit Garg
> > <sumit.garg@linaro.org>; Pankaj Gupta <pankaj.gupta@nxp.com>;
> > keyrings@vger.kernel.org; linux-crypto@vger.kernel.org; linux-
> > doc@vger.kernel.org; linux-integrity@vger.kernel.org; linux-
> > kernel@vger.kernel.org; linux-security-module@vger.kernel.org
> > Subject: [EXT] [PATCH v5 5/5] KEYS: trusted: Introduce support for NXP
> > CAAM-based trusted keys
> >
> > Caution: EXT Email
> >
> > The Cryptographic Acceleration and Assurance Module (CAAM) is an IP
> > core built into many newer i.MX and QorIQ SoCs by NXP.
> >
> > The CAAM does crypto acceleration, hardware number generation and has
> > a blob mechanism for encapsulation/decapsulation of sensitive material.
> >
> > This blob mechanism depends on a device specific random 256-bit One
> > Time Programmable Master Key that is fused in each SoC at manufacturing
> time.
> > This key is unreadable and can only be used by the CAAM for AES
> > encryption/decryption of user data.
> >
> > This makes it a suitable backend (source) for kernel trusted keys.
> >
> > Previous commits generalized trusted keys to support multiple backends
> > and added an API to access the CAAM blob mechanism. Based on these,
> > provide the necessary glue to use the CAAM for trusted keys.
> >
> > Reviewed-by: David Gstir <david@sigma-star.at>
> > Tested-By: Tim Harvey <tharvey@gateworks.com>
> > Tested-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
> > Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> > ---
> > To: Jonathan Corbet <corbet@lwn.net>
> > To: David Howells <dhowells@redhat.com>
> > To: Jarkko Sakkinen <jarkko@kernel.org>
> > To: James Bottomley <jejb@linux.ibm.com>
> > To: Mimi Zohar <zohar@linux.ibm.com>
> > Cc: James Morris <jmorris@namei.org>
> > Cc: "Serge E. Hallyn" <serge@hallyn.com>
> > Cc: "Horia Geantă" <horia.geanta@nxp.com>
> > Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
> > Cc: Herbert Xu <herbert@gondor.apana.org.au>
> > Cc: "David S. Miller" <davem@davemloft.net>
> > Cc: Eric Biggers <ebiggers@kernel.org>
> > Cc: Jan Luebbe <j.luebbe@pengutronix.de>
> > Cc: David Gstir <david@sigma-star.at>
> > Cc: Richard Weinberger <richard@nod.at>
> > Cc: Franck LENORMAND <franck.lenormand@nxp.com>
> > Cc: Sumit Garg <sumit.garg@linaro.org>
> > Cc: Tim Harvey <tharvey@gateworks.com>
> > Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
> > Cc: Pankaj Gupta <pankaj.gupta@nxp.com>
> > Cc: keyrings@vger.kernel.org
> > Cc: linux-crypto@vger.kernel.org
> > Cc: linux-doc@vger.kernel.org
> > Cc: linux-integrity@vger.kernel.org
> > Cc: linux-kernel@vger.kernel.org
> > Cc: linux-security-module@vger.kernel.org
> > ---
> >  .../admin-guide/kernel-parameters.txt         |  1 +
> >  .../security/keys/trusted-encrypted.rst       | 40 +++++++++-
> >  MAINTAINERS                                   |  9 +++
> >  include/keys/trusted_caam.h                   | 11 +++
> >  security/keys/trusted-keys/Kconfig            | 11 ++-
> >  security/keys/trusted-keys/Makefile           |  2 +
> >  security/keys/trusted-keys/trusted_caam.c     | 74
> +++++++++++++++++++
> >  security/keys/trusted-keys/trusted_core.c     |  6 +-
> >  8 files changed, 151 insertions(+), 3 deletions(-)  create mode
> > 100644 include/keys/trusted_caam.h  create mode 100644
> > security/keys/trusted- keys/trusted_caam.c
> >
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt
> > b/Documentation/admin-guide/kernel-parameters.txt
> > index 844c883ca9d8..9e7ef4c6585d 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -5875,6 +5875,7 @@
> >                         sources:
> >                         - "tpm"
> >                         - "tee"
> > +                       - "caam"
> >                         If not specified then it defaults to iterating through
> >                         the trust source list starting with TPM and assigns the
> >                         first trust source as a backend which is
> > initialized diff --git
> > a/Documentation/security/keys/trusted-encrypted.rst
> > b/Documentation/security/keys/trusted-encrypted.rst
> > index 99cf34d7c025..ed60c48cb692 100644
> > --- a/Documentation/security/keys/trusted-encrypted.rst
> > +++ b/Documentation/security/keys/trusted-encrypted.rst
> > @@ -35,6 +35,13 @@ safe.
> >           Rooted to Hardware Unique Key (HUK) which is generally burnt
> > in on- chip
> >           fuses and is accessible to TEE only.
> >
> > +     (3) CAAM (Cryptographic Acceleration and Assurance Module: IP on
> > + NXP SoCs)
> > +
> > +         When High Assurance Boot (HAB) is enabled and the CAAM is in
> secure
> > +         mode, trust is rooted to the OTPMK, a never-disclosed 256-bit key
> > +         randomly generated and fused into each SoC at manufacturing time.
> > +         Otherwise, a common fixed test key is used instead.
> > +
> >    *  Execution isolation
> >
> >       (1) TPM
> > @@ -46,6 +53,10 @@ safe.
> >           Customizable set of operations running in isolated execution
> >           environment verified via Secure/Trusted boot process.
> >
> > +     (3) CAAM
> > +
> > +         Fixed set of operations running in isolated execution environment.
> > +
> >    * Optional binding to platform integrity state
> >
> >       (1) TPM
> > @@ -63,6 +74,11 @@ safe.
> >           Relies on Secure/Trusted boot process for platform integrity. It can
> >           be extended with TEE based measured boot process.
> >
> > +     (3) CAAM
> > +
> > +         Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs
> > +         for platform integrity.
> > +
> >    *  Interfaces and APIs
> >
> >       (1) TPM
> > @@ -74,10 +90,13 @@ safe.
> >           TEEs have well-documented, standardized client interface and APIs.
> For
> >           more details refer to ``Documentation/staging/tee.rst``.
> >
> > +     (3) CAAM
> > +
> > +         Interface is specific to silicon vendor.
> >
> >    *  Threat model
> >
> > -     The strength and appropriateness of a particular TPM or TEE for a given
> > +     The strength and appropriateness of a particular trust source
> > + for a given
> >       purpose must be assessed when using them to protect
> > security-relevant data.
> >
> >
> > @@ -104,6 +123,12 @@ selected trust source:
> >       from platform specific hardware RNG or a software based Fortuna
> > CSPRNG
> >       which can be seeded via multiple entropy sources.
> >
> > +  *  CAAM: Kernel RNG
> > +
> > +     The normal kernel random number generator is used. To seed it from
> the
> > +     CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and
> ensure
> > the device
> > +     is probed.
> > +
> >  Users may override this by specifying ``trusted.rng=kernel`` on the
> > kernel command-line to override the used RNG with the kernel's random
> > number pool.
> >
> > @@ -192,6 +217,19 @@ Usage::
> >  specific to TEE device implementation.  The key length for new keys
> > is always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
> >
> > +Trusted Keys usage: CAAM
> > +------------------------
> > +
> > +Usage::
> > +
> > +    keyctl add trusted name "new keylen" ring
> > +    keyctl add trusted name "load hex_blob" ring
> > +    keyctl print keyid
> > +
> > +"keyctl print" returns an ASCII hex copy of the sealed key, which is
> > +in format specific to CAAM device implementation.  The key length for
> > +new keys is always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024
> bits).
> > +
> >  Encrypted Keys usage
> >  --------------------
> >
> > diff --git a/MAINTAINERS b/MAINTAINERS index
> > f670002134e0..6eca4476bb76 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -10655,6 +10655,15 @@ S:     Supported
> >  F:     include/keys/trusted_tee.h
> >  F:     security/keys/trusted-keys/trusted_tee.c
> >
> > +KEYS-TRUSTED-CAAM
> > +M:     Ahmad Fatoum <a.fatoum@pengutronix.de>
> > +R:     Pengutronix Kernel Team <kernel@pengutronix.de>
> > +L:     linux-integrity@vger.kernel.org
> > +L:     keyrings@vger.kernel.org
> > +S:     Maintained
> > +F:     include/keys/trusted_caam.h
> > +F:     security/keys/trusted-keys/trusted_caam.c
> > +
> >  KEYS/KEYRINGS
> >  M:     David Howells <dhowells@redhat.com>
> >  M:     Jarkko Sakkinen <jarkko@kernel.org>
> > diff --git a/include/keys/trusted_caam.h b/include/keys/trusted_caam.h
> > new file mode 100644 index 000000000000..2fba0996b0b0
> > --- /dev/null
> > +++ b/include/keys/trusted_caam.h
> > @@ -0,0 +1,11 @@
> > +/* SPDX-License-Identifier: GPL-2.0-only */
> > +/*
> > + * Copyright (C) 2021 Pengutronix, Ahmad Fatoum
> > +<kernel@pengutronix.de> */
> > +
> > +#ifndef __CAAM_TRUSTED_KEY_H
> > +#define __CAAM_TRUSTED_KEY_H
> > +
> > +extern struct trusted_key_ops caam_trusted_key_ops;
> > +
> > +#endif
> > diff --git a/security/keys/trusted-keys/Kconfig
> > b/security/keys/trusted- keys/Kconfig index fc4abd581abb..dbfdd8536468
> > 100644
> > --- a/security/keys/trusted-keys/Kconfig
> > +++ b/security/keys/trusted-keys/Kconfig
> > @@ -24,6 +24,15 @@ config TRUSTED_KEYS_TEE
> >           Enable use of the Trusted Execution Environment (TEE) as trusted
> >           key backend.
> >
> > -if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE
> > +config TRUSTED_KEYS_CAAM
> > +       bool "CAAM-based trusted keys"
> > +       depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
> > +       select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
> > +       default y
> > +       help
> > +         Enable use of NXP's Cryptographic Accelerator and Assurance Module
> > +         (CAAM) as trusted key backend.
> > +
> > +if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE
> > && !TRUSTED_KEYS_CAAM
> >  comment "No trust source selected!"
> >  endif
> > diff --git a/security/keys/trusted-keys/Makefile
> > b/security/keys/trusted- keys/Makefile index
> > 2e2371eae4d5..735aa0bc08ef 100644
> > --- a/security/keys/trusted-keys/Makefile
> > +++ b/security/keys/trusted-keys/Makefile
> > @@ -12,3 +12,5 @@ trusted-$(CONFIG_TRUSTED_KEYS_TPM) +=
> trusted_tpm2.o
> >  trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
> >
> >  trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
> > +
> > +trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
> > diff --git a/security/keys/trusted-keys/trusted_caam.c
> > b/security/keys/trusted-keys/trusted_caam.c
> > new file mode 100644
> > index 000000000000..066f08d6eb2c
> > --- /dev/null
> > +++ b/security/keys/trusted-keys/trusted_caam.c
> > @@ -0,0 +1,74 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +/*
> > + * Copyright (C) 2021 Pengutronix, Ahmad Fatoum
> > +<kernel@pengutronix.de> */
> > +
> > +#include <keys/trusted_caam.h>
> > +#include <keys/trusted-type.h>
> > +#include <linux/build_bug.h>
> > +#include <linux/key-type.h>
> > +#include <soc/fsl/caam-blob.h>
> > +
> > +static struct caam_blob_priv *blobifier;
> > +
> > +#define KEYMOD "SECURE_KEY"
> > +
> > +static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <=
> > CAAM_BLOB_MAX_LEN);
> > +static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN);
> > +
> > +static int trusted_caam_seal(struct trusted_key_payload *p, char
> > +*datablob) {
> > +       int length = p->key_len + CAAM_BLOB_OVERHEAD;
> > +       int ret;
> > +
> > +       ret = caam_encap_blob(blobifier, KEYMOD, p->key, p->blob, length);
> > +       if (ret)
> > +               return ret;
> > +
> > +       p->blob_len = length;
> > +       return 0;
> > +}
> > +
> > +static int trusted_caam_unseal(struct trusted_key_payload *p, char
> > +*datablob) {
> > +       int length = p->blob_len;
> > +       int ret;
> > +
> > +       ret = caam_decap_blob(blobifier, KEYMOD, p->blob, p->key, length);
> > +       if (ret)
> > +               return ret;
> > +
> > +       p->key_len = length - CAAM_BLOB_OVERHEAD;
> > +       return 0;
> > +}
> > +
> > +static int trusted_caam_init(void)
> > +{
> > +       int ret;
> > +
> > +       blobifier = caam_blob_gen_init();
> > +       if (IS_ERR(blobifier)) {
> > +               pr_err("Job Ring Device allocation for transform failed\n");
> > +               return PTR_ERR(blobifier);
> > +       }
> > +
> > +       ret = register_key_type(&key_type_trusted);
> > +       if (ret)
> > +               caam_blob_gen_exit(blobifier);
> > +
> > +       return ret;
> > +}
> > +
> > +static void trusted_caam_exit(void)
> > +{
> > +       unregister_key_type(&key_type_trusted);
> > +       caam_blob_gen_exit(blobifier); }
> > +
> > +struct trusted_key_ops caam_trusted_key_ops = {
> > +       .migratable = 0, /* non-migratable */
> > +       .init = trusted_caam_init,
> > +       .seal = trusted_caam_seal,
> > +       .unseal = trusted_caam_unseal,
> > +       .exit = trusted_caam_exit,
> > +};
> > diff --git a/security/keys/trusted-keys/trusted_core.c
> > b/security/keys/trusted-keys/trusted_core.c
> > index 9235fb7d0ec9..640434cd437a 100644
> > --- a/security/keys/trusted-keys/trusted_core.c
> > +++ b/security/keys/trusted-keys/trusted_core.c
> > @@ -9,6 +9,7 @@
> >  #include <keys/user-type.h>
> >  #include <keys/trusted-type.h>
> >  #include <keys/trusted_tee.h>
> > +#include <keys/trusted_caam.h>
> >  #include <keys/trusted_tpm.h>
> >  #include <linux/capability.h>
> >  #include <linux/err.h>
> > @@ -29,7 +30,7 @@ MODULE_PARM_DESC(rng, "Select trusted key RNG");
> >
> >  static char *trusted_key_source;
> >  module_param_named(source, trusted_key_source, charp, 0); -
> > MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
> > +MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or
> > +caam)");
> >
> >  static const struct trusted_key_source trusted_key_sources[] = {  #if
> > defined(CONFIG_TRUSTED_KEYS_TPM) @@ -38,6 +39,9 @@ static const
> struct
> > trusted_key_source trusted_key_sources[] = {  #if
> > defined(CONFIG_TRUSTED_KEYS_TEE)
> >         { "tee", &trusted_key_tee_ops },  #endif
> > +#if defined(CONFIG_TRUSTED_KEYS_CAAM)
> > +       { "caam", &caam_trusted_key_ops }, #endif
> >  };
> >
> >  DEFINE_STATIC_CALL_NULL(trusted_key_init,
> > *trusted_key_sources[0].ops->init);
> > --
> > 2.30.2


      reply	other threads:[~2022-03-07  4:48 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-22 19:58 [PATCH v5 0/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-02-22 19:58 ` [PATCH v5 1/5] KEYS: trusted: allow use of TEE as backend without TCG_TPM support Ahmad Fatoum
2022-02-22 19:58 ` [PATCH v5 2/5] KEYS: trusted: allow users to use kernel RNG for key material Ahmad Fatoum
2022-02-23 15:42   ` Jarkko Sakkinen
2022-02-22 19:58 ` [PATCH v5 3/5] KEYS: trusted: allow trust sources " Ahmad Fatoum
2022-02-23 16:23   ` Ahmad Fatoum
2022-02-25 11:57     ` [EXT] " Pankaj Gupta
2022-03-02  4:43     ` Pankaj Gupta
2022-02-22 19:58 ` [PATCH v5 4/5] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2022-02-23 15:41   ` Jarkko Sakkinen
2022-02-23 16:20     ` Ahmad Fatoum
2022-02-25 12:20       ` [EXT] " Pankaj Gupta
2022-03-14 15:33         ` Ahmad Fatoum
2022-02-28 12:14       ` Jarkko Sakkinen
2022-03-16 16:44         ` Ahmad Fatoum
2022-02-22 19:58 ` [PATCH v5 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-02-25 12:43   ` [EXT] " Pankaj Gupta
2022-03-02  4:37   ` Pankaj Gupta
2022-03-07  4:48     ` Pankaj Gupta [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DU2PR04MB8630D83FE9BBC0D782C4FAF595089@DU2PR04MB8630.eurprd04.prod.outlook.com \
    --to=pankaj.gupta@nxp.com \
    --cc=a.fatoum@pengutronix.de \
    --cc=aymen.sghaier@nxp.com \
    --cc=corbet@lwn.net \
    --cc=davem@davemloft.net \
    --cc=david@sigma-star.at \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=franck.lenormand@nxp.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=horia.geanta@nxp.com \
    --cc=j.luebbe@pengutronix.de \
    --cc=jarkko@kernel.org \
    --cc=jejb@linux.ibm.com \
    --cc=jmorris@namei.org \
    --cc=kernel@pengutronix.de \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=matthias.schiffer@ew.tq-group.com \
    --cc=richard@nod.at \
    --cc=serge@hallyn.com \
    --cc=sumit.garg@linaro.org \
    --cc=tharvey@gateworks.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).