Re: [PATCH v6 07/17] firmware: qcom: scm: add calls for creating, preparing and importing keys

From: Konrad Dybcio
Date: Mon Sep 09 2024 - 07:25:37 EST


On 6.09.2024 8:07 PM, Bartosz Golaszewski wrote:
> From: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
>
> Storage encryption has two IOCTLs for creating, importing and preparing
> keys for encryption. For wrapped keys, these IOCTLs need to interface
> with Qualcomm's Trustzone. Add the following keys:
>
> generate_key:
> This is used to generate and return a longterm wrapped key. Trustzone
> achieves this by generating a key and then wrapping it using the
> Hawrdware Key Manager (HWKM), returning a wrapped keyblob.
>
> import_key:
> The functionality is similar to generate, but here: a raw key is
> imported into the HWKM and a longterm wrapped keyblob is returned.
>
> prepare_key:
> The longterm wrapped key from the import or generate calls is made
> further secure by rewrapping it with a per-boot, ephemeral wrapped key
> before installing it in the kernel for programming into ICE.
>
> Tested-by: Neil Armstrong <neil.armstrong@xxxxxxxxxx>
> Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
> [Bartosz:
> improve kerneldocs,
> fix hex values coding style,
> rewrite commit message]
> Co-developed-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
> ---

same question as patch 6, lgtm otherwise

Konrad