RE: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY

From: Pankaj Gupta
Date: Wed Sep 07 2022 - 03:23:06 EST

Next message: Pankaj Gupta: "RE: [EXT] Re: [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option added"
Previous message: Pankaj Gupta: "RE: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
In reply to: Jarkko Sakkinen: "Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
Next in thread: Jan Lübbe: "Re: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> Sent: Tuesday, September 6, 2022 2:28 PM
> To: Pankaj Gupta <pankaj.gupta@xxxxxxx>
> Cc: a.fatoum@xxxxxxxxxxxxxx; Jason@xxxxxxxxx; jejb@xxxxxxxxxxxxx;
> zohar@xxxxxxxxxxxxx; dhowells@xxxxxxxxxx; sumit.garg@xxxxxxxxxx;
> david@xxxxxxxxxxxxx; michael@xxxxxxxx; john.ernberg@xxxxxxxx;
> jmorris@xxxxxxxxx; serge@xxxxxxxxxx; herbert@xxxxxxxxxxxxxxxxxxx;
> davem@xxxxxxxxxxxxx; j.luebbe@xxxxxxxxxxxxxx; ebiggers@xxxxxxxxxx;
> richard@xxxxxx; keyrings@xxxxxxxxxxxxxxx; linux-crypto@xxxxxxxxxxxxxxx;
> linux-integrity@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; linux-
> security-module@xxxxxxxxxxxxxxx; Sahil Malhotra
> <sahil.malhotra@xxxxxxx>; Kshitiz Varshney <kshitiz.varshney@xxxxxxx>;
> Horia Geanta <horia.geanta@xxxxxxx>; Varun Sethi <V.Sethi@xxxxxxx>
> Subject: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY
>
> Caution: EXT Email
>
> On Tue, Sep 06, 2022 at 12:21:49PM +0530, Pankaj Gupta wrote:
> > Hardware Bound key(HBK), is never acessible as plain key outside of
> > the
> ~~~~~~~~~
> accesible.
>
> > hardware boundary. Thus, it is un-usable, even if somehow fetched from
> > kernel memory. It ensures run-time security.
>
> Why is it called "HBK" here and "hw" in the context of keyctl?
It is HBK, because the key is bounded to the Hardware. As:
- Key is generated by hardware.
- Key can only be used by hardware.
- Stored as a blob by the hardware.

>
> > This patchset adds generic support for classing the Hardware Bound
> > Key, based on:
> >
> > - Newly added flag-'is_hbk', added to the tfm.
> >
> > Consumer of the kernel crypto api, after allocating
> > the transformation, sets this flag based on the basis
> > of the type of key consumer has.
> >
> > - This helps to influence the core processing logic
> > for the encapsulated algorithm.
> >
> > - This flag is set by the consumer after allocating
> > the tfm and before calling the function crypto_xxx_setkey().
> >
> > First implementation is based on CAAM.
>
> CAAM is implementation of what exactly?

CAAM is the chip's cryptographic acceleration and offloading hardware and combines cryptographic and other mathematical
functions to create a modular and scalable hardware acceleration and assurance engine. In context to this patchset, CAAM implements the following functions:
- Generates HBK
- Generates key-blob, from HBK, for security at rest.
- Perform crypto operations, using HBK.

>
> I'm sorry but I don't know your definition of unusable.

Even if somehow the key is retrieved from the keyring, the retrieved key would be an encrypted key.
This encrypted key can only be decrypted by Hardware, which generated it.

Hence, the retrieved key is unusable outside of the hardware.

>
> BR, Jarkko

Next message: Pankaj Gupta: "RE: [EXT] Re: [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option added"
Previous message: Pankaj Gupta: "RE: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
In reply to: Jarkko Sakkinen: "Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
Next in thread: Jan Lübbe: "Re: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]