Re: [PATCH 1/3] crypto: mxs-dcp: Add support for hardware provided keys

From: Richard Weinberger
Date: Fri Jun 25 2021 - 08:21:35 EST

Next message: Daniel Wagner: "Re: [PATCH 0/2] Handle update hardware queues and queue freeze more carefully"
Previous message: 13145886936: "[PATCH] ASoC: fsl_xcvr: remove unnecessary print function dev_err()"
Next in thread: Herbert Xu: "Re: [PATCH 1/3] crypto: mxs-dcp: Add support for hardware provided keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Herbert,

On Mon, Jun 14, 2021 at 10:18 PM Richard Weinberger <richard@xxxxxx> wrote:
>
> DCP is capable to performing AES with hardware-bound keys.
> These keys are not stored in main memory and are therefore not directly
> accessible by the operating system.
>
> So instead of feeding the key into DCP, we need to place a
> reference to such a key before initiating the crypto operation.
> Keys are referenced by a one byte identifiers.
>
> DCP supports 6 different keys: 4 slots in the secure memory area,
> a one time programmable key which can be burnt via on-chip fuses
> and an unique device key.
>
> Using these keys is restricted to in-kernel users that use them as building
> block for other crypto tools such as trusted keys. Allowing userspace
> (e.g. via AF_ALG) to use these keys to crypt or decrypt data is a security
> risk, because there is no access control mechanism.
>
> Cc: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
> Cc: David Gstir <david@xxxxxxxxxxxxx>
> Cc: David Howells <dhowells@xxxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Fabio Estevam <festevam@xxxxxxxxx>
> Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Cc: James Bottomley <jejb@xxxxxxxxxxxxx>
> Cc: James Morris <jmorris@xxxxxxxxx>
> Cc: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> Cc: Jonathan Corbet <corbet@xxxxxxx>
> Cc: keyrings@xxxxxxxxxxxxxxx
> Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
> Cc: linux-crypto@xxxxxxxxxxxxxxx
> Cc: linux-doc@xxxxxxxxxxxxxxx
> Cc: linux-integrity@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Cc: linux-security-module@xxxxxxxxxxxxxxx
> Cc: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> Cc: NXP Linux Team <linux-imx@xxxxxxx>
> Cc: Pengutronix Kernel Team <kernel@xxxxxxxxxxxxxx>
> Cc: Richard Weinberger <richard@xxxxxx>
> Cc: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
> Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx>
> Cc: Shawn Guo <shawnguo@xxxxxxxxxx>
> Co-developed-by: David Gstir <david@xxxxxxxxxxxxx>
> Signed-off-by: David Gstir <david@xxxxxxxxxxxxx>
> Signed-off-by: Richard Weinberger <richard@xxxxxx>
> ---
> drivers/crypto/mxs-dcp.c | 110 ++++++++++++++++++++++++++++++++++-----
> include/linux/mxs-dcp.h | 19 +++++++
> 2 files changed, 117 insertions(+), 12 deletions(-)
> create mode 100644 include/linux/mxs-dcp.h

This patch was judged as not applicable in your patchwork.
Is something missing? How can we proceed?

--
Thanks,
//richard

Next message: Daniel Wagner: "Re: [PATCH 0/2] Handle update hardware queues and queue freeze more carefully"
Previous message: 13145886936: "[PATCH] ASoC: fsl_xcvr: remove unnecessary print function dev_err()"
Next in thread: Herbert Xu: "Re: [PATCH 1/3] crypto: mxs-dcp: Add support for hardware provided keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]