linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Varun Sethi <V.Sethi@nxp.com>
Cc: Pankaj Gupta <pankaj.gupta@nxp.com>,
	"jarkko@kernel.org" <jarkko@kernel.org>,
	"a.fatoum@pengutronix.de" <a.fatoum@pengutronix.de>,
	"Jason@zx2c4.com" <Jason@zx2c4.com>,
	"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
	"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
	"dhowells@redhat.com" <dhowells@redhat.com>,
	"sumit.garg@linaro.org" <sumit.garg@linaro.org>,
	"david@sigma-star.at" <david@sigma-star.at>,
	"michael@walle.cc" <michael@walle.cc>,
	"john.ernberg@actia.se" <john.ernberg@actia.se>,
	"jmorris@namei.org" <jmorris@namei.org>,
	"serge@hallyn.com" <serge@hallyn.com>,
	"davem@davemloft.net" <davem@davemloft.net>,
	"j.luebbe@pengutronix.de" <j.luebbe@pengutronix.de>,
	"ebiggers@kernel.org" <ebiggers@kernel.org>,
	"richard@nod.at" <richard@nod.at>,
	"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
	"linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>,
	Sahil Malhotra <sahil.malhotra@nxp.com>,
	Kshitiz Varshney <kshitiz.varshney@nxp.com>,
	Horia Geanta <horia.geanta@nxp.com>
Subject: Re: [EXT] Re: [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to the tfm
Date: Tue, 13 Sep 2022 10:05:39 +0800	[thread overview]
Message-ID: <Yx/lc1YjWm9+df1r@gondor.apana.org.au> (raw)
In-Reply-To: <AM9PR04MB8211C7D59379D4C9F877D20EE8449@AM9PR04MB8211.eurprd04.prod.outlook.com>

On Mon, Sep 12, 2022 at 05:19:44PM +0000, Varun Sethi wrote:
>
> > On Wed, Sep 07, 2022 at 09:58:45AM +0000, Pankaj Gupta wrote:
> > >
> > > There are 3rd party IP(s), which uses kernel for crypto-algorithm's operations.
> > > Modifying the algorithm name in these IP(s), is not always allowed or easy to
> > maintain.
> > 
> > So the objective is to support out-of-tree modules?
> [Varun] No, the intention is not to use out of tree modules but to allow seamless use of crytpo ciphers with keys backed by security co-processors (keys only visible to security co-processors), by Linux kernel and userspace components. Hardware backed keys are being introduced as a variant of existing Trusted keys, with the difference that these are not un-sealed and released in plain to the kernel memory. With the current patchset, the existing set of ciphers can be used along with newly introduced hardware backed flag. The security co-processor driver is able to interpret the flag and subsequently program the hardware, to interpret the supplied key as a hardware backed key.

Well I asked why isn't the existing arrangement for hardware key
algorithms sufficient, and I was given the response that you needed
this for compatibility with third-party IP(s).

Now are you saying this is not the case? So the existing framework
should work then?

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

  reply	other threads:[~2022-09-13  2:06 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-06  6:51 [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option added Pankaj Gupta
2022-09-06 13:01   ` Ben Boeckel
2022-09-07  7:22     ` [EXT] " Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to the tfm Pankaj Gupta
2022-09-06  6:43   ` Herbert Xu
2022-09-07  7:22     ` [EXT] " Pankaj Gupta
2022-09-07  7:26       ` Herbert Xu
2022-09-07  9:58         ` Pankaj Gupta
2022-09-07 10:10           ` Herbert Xu
2022-09-12 17:19             ` Varun Sethi
2022-09-13  2:05               ` Herbert Xu [this message]
2022-09-13 10:01                 ` Varun Sethi
2022-09-13 10:28                   ` Herbert Xu
2022-09-21 11:07                     ` Varun Sethi
2022-09-06  6:51 ` [RFC PATCH HBK: 3/8] sk_cipher: checking for hw bound operation Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 4/8] keys-trusted: re-factored caam based trusted key Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 5/8] caam blob-gen: moving blob_priv to caam_drv_private Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 6/8] KEYS: trusted: caam based black key Pankaj Gupta
2022-09-06 13:03   ` Ben Boeckel
2022-09-07  7:22     ` [EXT] " Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 7/8] caam alg: symmetric key ciphers are updated Pankaj Gupta
2022-09-06  6:51 ` [RFC PATCH HBK: 8/8] dm-crypt: consumer-app setting the flag-is_hbk Pankaj Gupta
2022-09-06  7:12 ` [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Michael Walle
2022-09-07  7:22   ` [EXT] " Pankaj Gupta
2022-09-07  7:29     ` Michael Walle
2022-09-07  7:46       ` [EXT] " David Gstir
2022-09-07  8:11         ` Michael Walle
2022-09-07  9:57           ` Pankaj Gupta
2022-09-06  8:58 ` Jarkko Sakkinen
2022-09-07  7:22   ` [EXT] " Pankaj Gupta
2022-09-07  8:10     ` Jan Lübbe
2022-09-07  9:57       ` Pankaj Gupta

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Yx/lc1YjWm9+df1r@gondor.apana.org.au \
    --to=herbert@gondor.apana.org.au \
    --cc=Jason@zx2c4.com \
    --cc=V.Sethi@nxp.com \
    --cc=a.fatoum@pengutronix.de \
    --cc=davem@davemloft.net \
    --cc=david@sigma-star.at \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=horia.geanta@nxp.com \
    --cc=j.luebbe@pengutronix.de \
    --cc=jarkko@kernel.org \
    --cc=jejb@linux.ibm.com \
    --cc=jmorris@namei.org \
    --cc=john.ernberg@actia.se \
    --cc=keyrings@vger.kernel.org \
    --cc=kshitiz.varshney@nxp.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=michael@walle.cc \
    --cc=pankaj.gupta@nxp.com \
    --cc=richard@nod.at \
    --cc=sahil.malhotra@nxp.com \
    --cc=serge@hallyn.com \
    --cc=sumit.garg@linaro.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).