From: David Gstir <david@sigma-star.at>
To: Mimi Zohar <zohar@linux.ibm.com>,
James Bottomley <jejb@linux.ibm.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: David Gstir <david@sigma-star.at>,
linux-doc@vger.kernel.org,
Catalin Marinas <catalin.marinas@arm.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, Fabio Estevam <festevam@gmail.com>,
Ahmad Fatoum <a.fatoum@pengutronix.de>,
Paul Moore <paul@paul-moore.com>,
Jonathan Corbet <corbet@lwn.net>,
Richard Weinberger <richard@nod.at>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
James Morris <jmorris@namei.org>,
NXP Linux Team <linux-imx@nxp.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Sascha Hauer <s.hauer@pengutronix.de>,
sigma star Kernel Team <upstream+dcp@sigma-star.at>,
"Steven Rostedt \(Google\)" <rostedt@goodmis.org>,
David Oberhollenzer <david.oberhollenzer@sigma-star.at>,
linux-arm-kernel@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org,
Randy Dunlap <rdunlap@infradead.org>,
linux-kernel@vger.kernel.org, Li Yang <leoyang.li@nxp.com>,
linux-security-module@vger.kernel.org,
linux-crypto@vger.kernel.org,
Pengutroni x Kernel Team <kernel@pengutronix.de>,
Tejun Heo <tj@kernel.org>,
linux-integrity@vger.kernel.org, Shawn Guo <shawnguo@kernel.org>
Subject: [PATCH v7 6/6] docs: trusted-encrypted: add DCP as new trust source
Date: Wed, 27 Mar 2024 09:24:52 +0100 [thread overview]
Message-ID: <20240327082454.13729-7-david@sigma-star.at> (raw)
In-Reply-To: <20240327082454.13729-1-david@sigma-star.at>
Update the documentation for trusted and encrypted KEYS with DCP as new
trust source:
- Describe security properties of DCP trust source
- Describe key usage
- Document blob format
Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
---
.../security/keys/trusted-encrypted.rst | 85 +++++++++++++++++++
1 file changed, 85 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index e989b9802f92..81fb3540bb20 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -42,6 +42,14 @@ safe.
randomly generated and fused into each SoC at manufacturing time.
Otherwise, a common fixed test key is used instead.
+ (4) DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)
+
+ Rooted to a one-time programmable key (OTP) that is generally burnt
+ in the on-chip fuses and is accessible to the DCP encryption engine only.
+ DCP provides two keys that can be used as root of trust: the OTP key
+ and the UNIQUE key. Default is to use the UNIQUE key, but selecting
+ the OTP key can be done via a module parameter (dcp_use_otp_key).
+
* Execution isolation
(1) TPM
@@ -57,6 +65,12 @@ safe.
Fixed set of operations running in isolated execution environment.
+ (4) DCP
+
+ Fixed set of cryptographic operations running in isolated execution
+ environment. Only basic blob key encryption is executed there.
+ The actual key sealing/unsealing is done on main processor/kernel space.
+
* Optional binding to platform integrity state
(1) TPM
@@ -79,6 +93,11 @@ safe.
Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs
for platform integrity.
+ (4) DCP
+
+ Relies on Secure/Trusted boot process (called HAB by vendor) for
+ platform integrity.
+
* Interfaces and APIs
(1) TPM
@@ -94,6 +113,11 @@ safe.
Interface is specific to silicon vendor.
+ (4) DCP
+
+ Vendor-specific API that is implemented as part of the DCP crypto driver in
+ ``drivers/crypto/mxs-dcp.c``.
+
* Threat model
The strength and appropriateness of a particular trust source for a given
@@ -129,6 +153,13 @@ selected trust source:
CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure the device
is probed.
+ * DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)
+
+ The DCP hardware device itself does not provide a dedicated RNG interface,
+ so the kernel default RNG is used. SoCs with DCP like the i.MX6ULL do have
+ a dedicated hardware RNG that is independent from DCP which can be enabled
+ to back the kernel RNG.
+
Users may override this by specifying ``trusted.rng=kernel`` on the kernel
command-line to override the used RNG with the kernel's random number pool.
@@ -231,6 +262,19 @@ Usage::
CAAM-specific format. The key length for new keys is always in bytes.
Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
+Trusted Keys usage: DCP
+-----------------------
+
+Usage::
+
+ keyctl add trusted name "new keylen" ring
+ keyctl add trusted name "load hex_blob" ring
+ keyctl print keyid
+
+"keyctl print" returns an ASCII hex copy of the sealed key, which is in format
+specific to this DCP key-blob implementation. The key length for new keys is
+always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
+
Encrypted Keys usage
--------------------
@@ -426,3 +470,44 @@ string length.
privkey is the binary representation of TPM2B_PUBLIC excluding the
initial TPM2B header which can be reconstructed from the ASN.1 octed
string length.
+
+DCP Blob Format
+---------------
+
+The Data Co-Processor (DCP) provides hardware-bound AES keys using its
+AES encryption engine only. It does not provide direct key sealing/unsealing.
+To make DCP hardware encryption keys usable as trust source, we define
+our own custom format that uses a hardware-bound key to secure the sealing
+key stored in the key blob.
+
+Whenever a new trusted key using DCP is generated, we generate a random 128-bit
+blob encryption key (BEK) and 128-bit nonce. The BEK and nonce are used to
+encrypt the trusted key payload using AES-128-GCM.
+
+The BEK itself is encrypted using the hardware-bound key using the DCP's AES
+encryption engine with AES-128-ECB. The encrypted BEK, generated nonce,
+BEK-encrypted payload and authentication tag make up the blob format together
+with a version number, payload length and authentication tag::
+
+ /*
+ * struct dcp_blob_fmt - DCP BLOB format.
+ *
+ * @fmt_version: Format version, currently being %1
+ * @blob_key: Random AES 128 key which is used to encrypt @payload,
+ * @blob_key itself is encrypted with OTP or UNIQUE device key in
+ * AES-128-ECB mode by DCP.
+ * @nonce: Random nonce used for @payload encryption.
+ * @payload_len: Length of the plain text @payload.
+ * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key,
+ * GCM auth tag of size AES_BLOCK_SIZE is attached at the end of it.
+ *
+ * The total size of a DCP BLOB is sizeof(struct dcp_blob_fmt) + @payload_len +
+ * AES_BLOCK_SIZE.
+ */
+ struct dcp_blob_fmt {
+ __u8 fmt_version;
+ __u8 blob_key[AES_KEYSIZE_128];
+ __u8 nonce[AES_KEYSIZE_128];
+ __le32 payload_len;
+ __u8 payload[];
+ } __packed;
--
2.35.3
next prev parent reply other threads:[~2024-03-27 8:30 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-27 8:24 [PATCH v7 0/6] DCP as trusted keys backend David Gstir
2024-03-27 8:24 ` [PATCH v7 1/6] crypto: mxs-dcp: Add support for hardware-bound keys David Gstir
2024-03-27 8:24 ` [PATCH v7 2/6] KEYS: trusted: improve scalability of trust source config David Gstir
2024-03-27 15:30 ` Jarkko Sakkinen
2024-03-27 8:24 ` [PATCH v7 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys David Gstir
2024-03-27 8:24 ` [PATCH v7 4/6] MAINTAINERS: add entry for DCP-based " David Gstir
2024-03-27 8:24 ` [PATCH v7 5/6] docs: document DCP-backed trusted keys kernel params David Gstir
2024-03-27 15:32 ` Jarkko Sakkinen
2024-03-27 8:24 ` David Gstir [this message]
2024-03-27 15:40 ` [PATCH v7 6/6] docs: trusted-encrypted: add DCP as new trust source Jarkko Sakkinen
2024-03-28 8:05 ` David Gstir
2024-03-28 18:47 ` Jarkko Sakkinen
2024-03-28 18:50 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240327082454.13729-7-david@sigma-star.at \
--to=david@sigma-star.at \
--cc=a.fatoum@pengutronix.de \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=david.oberhollenzer@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=festevam@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=leoyang.li@nxp.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paul@paul-moore.com \
--cc=paulmck@kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rdunlap@infradead.org \
--cc=richard@nod.at \
--cc=rostedt@goodmis.org \
--cc=s.hauer@pengutronix.de \
--cc=serge@hallyn.com \
--cc=shawnguo@kernel.org \
--cc=tj@kernel.org \
--cc=upstream+dcp@sigma-star.at \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).