Re: [PATCH v6 4/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
From: Ahmad Fatoum
Date: Tue Mar 22 2022 - 03:34:42 EST
Hello Jarkko,
On 20.03.22 22:02, Jarkko Sakkinen wrote:
> On Wed, Mar 16, 2022 at 05:43:35PM +0100, Ahmad Fatoum wrote:
>> @@ -192,6 +217,19 @@ Usage::
>> specific to TEE device implementation. The key length for new keys is always
>> in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
>>
>> +Trusted Keys usage: CAAM
>> +------------------------
>> +
>> +Usage::
>> +
>> + keyctl add trusted name "new keylen" ring
>> + keyctl add trusted name "load hex_blob" ring
>> + keyctl print keyid
>> +
>> +"keyctl print" returns an ASCII hex copy of the sealed key, which is in format
>> +specific to CAAM device implementation. The key length for new keys is always
>> +in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
>> +
>> Encrypted Keys usage
>> --------------------
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index 05fd080b82f3..f13382a14967 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -10647,6 +10647,15 @@ S: Supported
>> F: include/keys/trusted_tee.h
>> F: security/keys/trusted-keys/trusted_tee.c
>>
>> +KEYS-TRUSTED-CAAM
>> +M: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
>> +R: Pengutronix Kernel Team <kernel@xxxxxxxxxxxxxx>
>> +L: linux-integrity@xxxxxxxxxxxxxxx
>> +L: keyrings@xxxxxxxxxxxxxxx
>> +S: Maintained
>> +F: include/keys/trusted_caam.h
>> +F: security/keys/trusted-keys/trusted_caam.c
>> +
>> KEYS/KEYRINGS
>> M: David Howells <dhowells@xxxxxxxxxx>
>> M: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
>
> Documentation and MAINTAINERS updates must be separate patches.
I will do so for v7. Does this patch look otherwise ok to you?
Thanks,
Ahmad
>
> BR, Jarkko
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |