Re: [PATCH v0 6/8] KEYS: trusted: caam based black key
From: Ben Boeckel
Date: Thu Oct 06 2022 - 08:41:55 EST
On Thu, Oct 06, 2022 at 18:38:35 +0530, Pankaj Gupta wrote:
> - CAAM supports two types of black keys:
> -- Plain key encrypted with ECB
> -- Plain key encrypted with CCM
What is a "black key"? Is this described in the documentation or local
comments at all? (I know I'm unfamiliar with CAAM, but maybe this should
be mentioned somewhere?).
> Note: Due to robustness, default encytption used for black key is CCM.
^^^^^^^^^^ encryption
What "robustness"? Surely there's some more technical details involved
here?
> - A black key blob is generated, and added to trusted key payload.
> This is done as part of sealing operation, that was triggered as a result of:
> -- new key generation
> -- load key,
It seems that "black keys" are what the uapi calls "hw". I think this
should be mentioned in the commit message (and CAAM docs).
What do other keytypes do if `hw` is requested and it's not possible
(say, `big_key`)?
Thanks,
--Ben