Re: [PATCH v4 2/5] KEYS: trusted: allow users to use kernel RNG for key material
From: Ahmad Fatoum
Date: Mon Dec 13 2021 - 05:39:57 EST
Hello Jarkko,
On 05.12.21 01:16, Jarkko Sakkinen wrote:
> On Mon, Oct 11, 2021 at 12:02:35PM +0200, Ahmad Fatoum wrote:
>> The two existing trusted key sources don't make use of the kernel RNG,
>> but instead let the hardware doing the sealing/unsealing also
>> generate the random key material. However, Users may want to place
>
> "Users" -> "users"
Will fix for v5.
>> +static bool trusted_kernel_rng;
>> +module_param_named(kernel_rng, trusted_kernel_rng, bool, 0);
>> +MODULE_PARM_DESC(kernel_rng, "Generate key material from kernel RNG");
>
> It's not then always kernel RNG, i.e. that is a very misleading name.
trusted.kernel_rng=1 always forces kernel RNG, trusted.kernel_rng=0 will
choose trust source default.
> I'd prefer trusted_rng with string values "kernel", "tee". That makes
> it explicit what you are using.
This is also a bit misleading for trust sources that don't provide their
own RNG, either because the driver doesn't implement it, or because the
IP doesn't have its own RNG (like DCP on NXP's i.MX6UL SoC).
For v5, I'd implement following 'tristate-with-strings' scheme:
trusted.rng=""
=> Use trust source default, fall back to kernel RNG if there's none
(trusted.kernel_rng=0 in current patch)
trusted.rng=kernel
=> Always use kernel RNG
(trusted.kernel_rng=1 in current patch)
trusted.rng=$trusted.source
=> Use trust source default, but error out if trust source
doesn't implement its own RNG to avoid misleading users
about key randomness source
trusted.rng="anything-else"
=> Error out with warning that only valid values are
"kernel,${trust.source}" where trust.source is the currently
active one.
Sounds good?
Cheers,
Ahmad
>
> /Jarkko
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |