Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY

From: Jarkko Sakkinen
Date: Tue Sep 06 2022 - 04:58:29 EST

Next message: Peng Fan (OSS): "[PATCH] dt-bindings: clock: add i.MX8M Anatop"
Previous message: Peter Zijlstra: "Re: [PATCH v2 0/5] cpumask: cleanup nr_cpu_ids vs nr_cpumask_bits mess"
In reply to: Pankaj Gupta: "RE: [EXT] [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
Next in thread: Pankaj Gupta: "RE: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 06, 2022 at 12:21:49PM +0530, Pankaj Gupta wrote:
> Hardware Bound key(HBK), is never acessible as plain key outside of the
~~~~~~~~~
accesible.

> hardware boundary. Thus, it is un-usable, even if somehow fetched
> from kernel memory. It ensures run-time security.

Why is it called "HBK" here and "hw" in the context of keyctl?

> This patchset adds generic support for classing the Hardware Bound Key,
> based on:
>
> - Newly added flag-'is_hbk', added to the tfm.
>
> Consumer of the kernel crypto api, after allocating
> the transformation, sets this flag based on the basis
> of the type of key consumer has.
>
> - This helps to influence the core processing logic
> for the encapsulated algorithm.
>
> - This flag is set by the consumer after allocating
> the tfm and before calling the function crypto_xxx_setkey().
>
> First implementation is based on CAAM.

CAAM is implementation of what exactly?

I'm sorry but I don't know your definition of unusable.

BR, Jarkko

Next message: Peng Fan (OSS): "[PATCH] dt-bindings: clock: add i.MX8M Anatop"
Previous message: Peter Zijlstra: "Re: [PATCH v2 0/5] cpumask: cleanup nr_cpu_ids vs nr_cpumask_bits mess"
In reply to: Pankaj Gupta: "RE: [EXT] [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
Next in thread: Pankaj Gupta: "RE: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]