Re: [PATCH 1/2] security/keys/secure_key: Adds the secure key support based on CAAM.

From: Mimi Zohar
Date: Tue Jul 24 2018 - 09:35:14 EST

Next message: Michal Hocko: "Re: [PATCH v1 0/2] mm/kdump: exclude reserved pages in dumps"
Previous message: Brian Brooks: "[PATCH bpf-next] samples/bpf: xdpsock: order memory on AArch64"
In reply to: Udit Agarwal: "RE: [PATCH 1/2] security/keys/secure_key: Adds the secure key support based on CAAM."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2018-07-24 at 12:31 +0000, Udit Agarwal wrote:
> Yes the secure keys and CAAM are correlated. Secure keys depends on
> NXP CAAM crypto HW accelerator. ÂSecure key is a random data of
> length X (passed using keyctl command) & derived using CAAM. Blob of
> this data is also created using CAAM. Only blob is visible to user
> space.

The term "secure keys" is really generic. ÂWhat makes the "secure
keys" secure? ÂWe introduced "trusted keys", because TPM 1.2 didn't
support symmetric keys. ÂWe shouldn't just duplicate "trusted keys"
for different HW, but improve upon it (eg. symmetric keys never leave
the device).

The new key type should define generic methods, which are implemented
for NXP CAAM rypto HW accelerator as an example.

Mimi

Next message: Michal Hocko: "Re: [PATCH v1 0/2] mm/kdump: exclude reserved pages in dumps"
Previous message: Brian Brooks: "[PATCH bpf-next] samples/bpf: xdpsock: order memory on AArch64"
In reply to: Udit Agarwal: "RE: [PATCH 1/2] security/keys/secure_key: Adds the secure key support based on CAAM."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]