From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8EC18C433FE for ; Thu, 6 Oct 2022 12:41:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231265AbiJFMlu (ORCPT ); Thu, 6 Oct 2022 08:41:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230371AbiJFMls (ORCPT ); Thu, 6 Oct 2022 08:41:48 -0400 Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2879B8F950; Thu, 6 Oct 2022 05:41:48 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 99075320090D; Thu, 6 Oct 2022 08:41:45 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Thu, 06 Oct 2022 08:41:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benboeckel.net; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to :reply-to:sender:subject:subject:to:to; s=fm1; t=1665060105; x= 1665146505; bh=WjfN3TnG3qyIp+b77nmfwa/0mGwvYTAgTe3PiH8ciEE=; b=W cl/t60RHccMRbIHxNtZppCSGv+KOGIG8iyciTRiIkmxlKm/MZBBKvbwiAnpxaD8T BwL//MpPzgRNUqF6OJY2t+baiVRpJtI+o/bSz+Il9b+RjJ1CZxQFZ8vSjg+YxUG+ MqJ+2PeL8zO4ukHP/NwRBww7XIypeJ5yh4anM0wCFdI/0SyYfUPlzkDqVBLtHk9p iVGmZLsULN7JTDF4EAdRzprGOm6nInRsIhN18gVLnm668myEORgmwkbzqOloHy9m xUHvVSnXxPAK5hdPgAYmzw4pZ8Jn4lIg0WVEAQplL9Ot5a3B1QmGs53uSP9ga7ZL 6q6kvnoKOek0NAw1EiyJQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1665060105; x=1665146505; bh=WjfN3TnG3qyIp +b77nmfwa/0mGwvYTAgTe3PiH8ciEE=; b=BFZYF9gXLkSbDZHyxHzhBjPsY0R0t WHiUm2vlPDiOXSkd8tuR/ov0+L3wREOdmJSgXTwxBBYeBlQfeQM70z46pfJvP1+A sYnhMWMG4lgmrCevaW5n/7Q3v/2MSDPOSZ44tMC5eymjFPcdFNLdYFe/oKq89Ie3 Ir7tqxFfCIR8jLPin5rvtpjtOTOIGqB1A51DacMV+pWzE08SzeRp36z/REhWf1PN 2Op5dYFPm+Xc3wv6eamrpVSZMv0rEIDI6wUtWib1F9BLjcq9oogZuD6wuaiMZrfb WULL9CLod1fyHtnG/vIsKnLAyQtAcbCb2rfLsAIKMrbFSVGWpEdSCrdDw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfeeihedgheehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkrhhfgggtuggjfgesthdtredttderjeenucfhrhhomhepuegv nhcuuehovggtkhgvlhcuoehmvgessggvnhgsohgvtghkvghlrdhnvghtqeenucggtffrrg htthgvrhhnpeduteehgfefudfffeelfffhheejgfdvfffhledvueekudeuieegueejieff vdeigeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hmvgessggvnhgsohgvtghkvghlrdhnvght X-ME-Proxy: Feedback-ID: iffc1478b:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 6 Oct 2022 08:41:43 -0400 (EDT) Date: Thu, 6 Oct 2022 08:42:32 -0400 From: Ben Boeckel To: Pankaj Gupta Cc: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Subject: Re: [PATCH v0 6/8] KEYS: trusted: caam based black key Message-ID: Reply-To: list.lkml.keyrings@me.benboeckel.net References: <20221006130837.17587-1-pankaj.gupta@nxp.com> <20221006130837.17587-7-pankaj.gupta@nxp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20221006130837.17587-7-pankaj.gupta@nxp.com> User-Agent: Mutt/2.2.7 (2022-08-07) Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Thu, Oct 06, 2022 at 18:38:35 +0530, Pankaj Gupta wrote: > - CAAM supports two types of black keys: > -- Plain key encrypted with ECB > -- Plain key encrypted with CCM What is a "black key"? Is this described in the documentation or local comments at all? (I know I'm unfamiliar with CAAM, but maybe this should be mentioned somewhere?). > Note: Due to robustness, default encytption used for black key is CCM. ^^^^^^^^^^ encryption What "robustness"? Surely there's some more technical details involved here? > - A black key blob is generated, and added to trusted key payload. > This is done as part of sealing operation, that was triggered as a result of: > -- new key generation > -- load key, It seems that "black keys" are what the uapi calls "hw". I think this should be mentioned in the commit message (and CAAM docs). What do other keytypes do if `hw` is requested and it's not possible (say, `big_key`)? Thanks, --Ben