From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Nikolaus Voss <nikolaus.voss@haag-streit.com>,
Horia Geanta <horia.geanta@nxp.com>,
Pankaj Gupta <pankaj.gupta@nxp.com>,
Gaurav Jain <gaurav.jain@nxp.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
David Gstir <david@sigma-star.at>,
Steffen Trumtrar <s.trumtrar@pengutronix.de>,
Nikolaus Voss <nv@vosn.de>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Pengutronix Kernel Team <kernel@pengutronix.de>
Subject: Re: [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure
Date: Thu, 1 Dec 2022 09:18:55 +0100 [thread overview]
Message-ID: <d08447fd-cac5-3082-9eb7-22e32a9dbea5@pengutronix.de> (raw)
In-Reply-To: <20221121141929.2E36427E9@mail.steuer-voss.de>
On 21.11.22 15:12, Nikolaus Voss wrote:
> If CAAM is not in "trusted" or "secure" state, a fixed non-volatile key
> is used instead of the unique device key. This is the default mode of
> operation without secure boot (HAB). In this scenario, CAAM encrypted
> blobs should be used only for testing but not in a production
> environment, so issue a warning.
>
> Signed-off-by: Nikolaus Voss <nikolaus.voss@haag-streit.com>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
>
> ---
> CHANGES
> =======
> v2: make warning more verbose, correct register, style fixes
> v3: fix sparse warning "dereference of noderef expression"
> by using ioread32() to dereference iomem pointer
>
> drivers/crypto/caam/blob_gen.c | 9 +++++++++
> drivers/crypto/caam/regs.h | 3 +++
> 2 files changed, 12 insertions(+)
>
> diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c
> index 6345c7269eb03..1f65df4898478 100644
> --- a/drivers/crypto/caam/blob_gen.c
> +++ b/drivers/crypto/caam/blob_gen.c
> @@ -6,6 +6,7 @@
>
> #define pr_fmt(fmt) "caam blob_gen: " fmt
>
> +#include <linux/bitfield.h>
> #include <linux/device.h>
> #include <soc/fsl/caam-blob.h>
>
> @@ -61,12 +62,14 @@ static void caam_blob_job_done(struct device *dev, u32 *desc, u32 err, void *con
> int caam_process_blob(struct caam_blob_priv *priv,
> struct caam_blob_info *info, bool encap)
> {
> + const struct caam_drv_private *ctrlpriv;
> struct caam_blob_job_result testres;
> struct device *jrdev = &priv->jrdev;
> dma_addr_t dma_in, dma_out;
> int op = OP_PCLID_BLOB;
> size_t output_len;
> u32 *desc;
> + u32 moo;
> int ret;
>
> if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH)
> @@ -100,6 +103,12 @@ int caam_process_blob(struct caam_blob_priv *priv,
> goto out_unmap_in;
> }
>
> + ctrlpriv = dev_get_drvdata(jrdev->parent);
> + moo = FIELD_GET(CSTA_MOO, ioread32(&ctrlpriv->ctrl->perfmon.status));
> + if (moo != CSTA_MOO_SECURE && moo != CSTA_MOO_TRUSTED)
> + dev_warn(jrdev,
> + "using insecure test key, enable HAB to use unique device key!\n");
> +
> /*
> * A data blob is encrypted using a blob key (BK); a random number.
> * The BK is used as an AES-CCM key. The initial block (B0) and the
> diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
> index 66d6dad841bb2..66928f8a0c4b1 100644
> --- a/drivers/crypto/caam/regs.h
> +++ b/drivers/crypto/caam/regs.h
> @@ -426,6 +426,9 @@ struct caam_perfmon {
> u32 rsvd2;
> #define CSTA_PLEND BIT(10)
> #define CSTA_ALT_PLEND BIT(18)
> +#define CSTA_MOO GENMASK(9, 8)
> +#define CSTA_MOO_SECURE 1
> +#define CSTA_MOO_TRUSTED 2
> u32 status; /* CSTA - CAAM Status */
> u64 rsvd3;
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2022-12-01 8:19 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-21 14:12 [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure Nikolaus Voss
2022-12-01 8:18 ` Ahmad Fatoum [this message]
2022-12-02 10:19 ` Herbert Xu
2022-12-02 12:05 ` Ahmad Fatoum
2022-12-02 14:43 ` Nikolaus Voss
2022-12-02 23:35 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d08447fd-cac5-3082-9eb7-22e32a9dbea5@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=gaurav.jain@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=kernel@pengutronix.de \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nikolaus.voss@haag-streit.com \
--cc=nv@vosn.de \
--cc=pankaj.gupta@nxp.com \
--cc=s.trumtrar@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).