linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Jan Lübbe" <jlu@pengutronix.de>
To: Pankaj Gupta <pankaj.gupta@nxp.com>, Jarkko Sakkinen <jarkko@kernel.org>
Cc: "a.fatoum@pengutronix.de" <a.fatoum@pengutronix.de>,
	"Jason@zx2c4.com" <Jason@zx2c4.com>,
	"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
	"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
	"dhowells@redhat.com" <dhowells@redhat.com>,
	"sumit.garg@linaro.org" <sumit.garg@linaro.org>,
	"david@sigma-star.at" <david@sigma-star.at>,
	"michael@walle.cc" <michael@walle.cc>,
	"john.ernberg@actia.se" <john.ernberg@actia.se>,
	"jmorris@namei.org" <jmorris@namei.org>,
	"serge@hallyn.com" <serge@hallyn.com>,
	"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
	"davem@davemloft.net" <davem@davemloft.net>,
	"j.luebbe@pengutronix.de" <j.luebbe@pengutronix.de>,
	"ebiggers@kernel.org" <ebiggers@kernel.org>,
	"richard@nod.at" <richard@nod.at>,
	"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
	"linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>,
	Sahil Malhotra <sahil.malhotra@nxp.com>,
	Kshitiz Varshney <kshitiz.varshney@nxp.com>,
	Horia Geanta <horia.geanta@nxp.com>,
	Varun Sethi <V.Sethi@nxp.com>
Subject: Re: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY
Date: Wed, 07 Sep 2022 10:10:34 +0200	[thread overview]
Message-ID: <843e1f1cbed67ce558e20d1e56a82dfe27732028.camel@pengutronix.de> (raw)
In-Reply-To: <DU2PR04MB86303DE3507B6FF37BD5B6A595419@DU2PR04MB8630.eurprd04.prod.outlook.com>

On Wed, 2022-09-07 at 07:22 +0000, Pankaj Gupta wrote:
> Even if somehow the key is retrieved from the keyring, the retrieved key 
> would be an encrypted key.
> This encrypted key can only be decrypted by Hardware, which generated it.
> 
> Hence, the retrieved key is unusable outside of the hardware.

NXP's CAAM unit (i.e. on i.MX6) supports several modes of sealed/encrypted keys.
The (un)sealing process uses a key that is normally derived from a per-device
key in eFUSES. One aspect of these modes is whether the plaintext key material
is accessible to the kernel or not.

Ahmad's patch set added support for a mode where the CAAM is used to seal
plaintext known to the kernel to a "blob" (in CAAM terminology) on export to
userspace and the reverse on import. This mode allows the kernel to use the
plaintext for dm-crypt, to encrypt other keyrings and similar.

The CAAM has another sealing mode, where it will not allow writing of the
plaintext key to memory. Instead, it is kept in one of the CAAM-internal key
registers. There, it can be used for cryptographic operations (i.e. AES). This
way, the plaintext key is protected even from the kernel. The kernel could keep
a copy of in sealed form, so it can reload the CAAM's key register when needed.


Pankaj, is that the mode you intend to support with this series?

Could you describe the high-level use-cases this would be need for, compared to
the existing mode where plaintext keys are accessible to the kernel? In which
cases would you use each mode?

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


  reply	other threads:[~2022-09-07  8:11 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-06  6:51 [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option added Pankaj Gupta
2022-09-06 13:01   ` Ben Boeckel
2022-09-07  7:22     ` [EXT] " Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to the tfm Pankaj Gupta
2022-09-06  6:43   ` Herbert Xu
2022-09-07  7:22     ` [EXT] " Pankaj Gupta
2022-09-07  7:26       ` Herbert Xu
2022-09-07  9:58         ` Pankaj Gupta
2022-09-07 10:10           ` Herbert Xu
2022-09-12 17:19             ` Varun Sethi
2022-09-13  2:05               ` Herbert Xu
2022-09-13 10:01                 ` Varun Sethi
2022-09-13 10:28                   ` Herbert Xu
2022-09-21 11:07                     ` Varun Sethi
2022-09-06  6:51 ` [RFC PATCH HBK: 3/8] sk_cipher: checking for hw bound operation Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 4/8] keys-trusted: re-factored caam based trusted key Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 5/8] caam blob-gen: moving blob_priv to caam_drv_private Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 6/8] KEYS: trusted: caam based black key Pankaj Gupta
2022-09-06 13:03   ` Ben Boeckel
2022-09-07  7:22     ` [EXT] " Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 7/8] caam alg: symmetric key ciphers are updated Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 8/8] dm-crypt: consumer-app setting the flag-is_hbk Pankaj Gupta
2022-09-06  7:12 ` [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Michael Walle
2022-09-07  7:22   ` [EXT] " Pankaj Gupta
2022-09-07  7:29     ` Michael Walle
2022-09-07  7:46       ` [EXT] " David Gstir
2022-09-07  8:11         ` Michael Walle
2022-09-07  9:57           ` Pankaj Gupta
2022-09-06  8:58 ` Jarkko Sakkinen
2022-09-07  7:22   ` [EXT] " Pankaj Gupta
2022-09-07  8:10     ` Jan Lübbe [this message]
2022-09-07  9:57       ` Pankaj Gupta

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=843e1f1cbed67ce558e20d1e56a82dfe27732028.camel@pengutronix.de \
    --to=jlu@pengutronix.de \
    --cc=Jason@zx2c4.com \
    --cc=V.Sethi@nxp.com \
    --cc=a.fatoum@pengutronix.de \
    --cc=davem@davemloft.net \
    --cc=david@sigma-star.at \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=horia.geanta@nxp.com \
    --cc=j.luebbe@pengutronix.de \
    --cc=jarkko@kernel.org \
    --cc=jejb@linux.ibm.com \
    --cc=jmorris@namei.org \
    --cc=john.ernberg@actia.se \
    --cc=keyrings@vger.kernel.org \
    --cc=kshitiz.varshney@nxp.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=michael@walle.cc \
    --cc=pankaj.gupta@nxp.com \
    --cc=richard@nod.at \
    --cc=sahil.malhotra@nxp.com \
    --cc=serge@hallyn.com \
    --cc=sumit.garg@linaro.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).