| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Mar 2021 15:08:01 +0100
From: Ahmad Fatoum <a.fatoum@...gutronix.de>
To: Richard Weinberger <richard.weinberger@...il.com>
Cc: Jarkko Sakkinen <jarkko@...nel.org>,
Horia Geantă <horia.geanta@....com>,
Mimi Zohar <zohar@...ux.ibm.com>,
Aymen Sghaier <aymen.sghaier@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
James Bottomley <jejb@...ux.ibm.com>, kernel@...gutronix.de,
David Howells <dhowells@...hat.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Steffen Trumtrar <s.trumtrar@...gutronix.de>,
Udit Agarwal <udit.agarwal@....com>,
Jan Luebbe <j.luebbe@...gutronix.de>,
David Gstir <david@...ma-star.at>,
Franck LENORMAND <franck.lenormand@....com>,
Sumit Garg <sumit.garg@...aro.org>,
linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
LSM <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP
CAAM-based trusted keys
Hello Richard,
On 17.03.21 00:10, Richard Weinberger wrote:
> On Tue, Mar 16, 2021 at 6:24 PM Ahmad Fatoum <a.fatoum@...gutronix.de> wrote:
>> This series has been tested with dmcrypt[5] on an i.MX6DL.
>
> Do have this series also in a git repo to pull from?
> I'd like to give it a test on various systems.
Yes, please pull git://git.pengutronix.de/afa/linux
Branch v5.12/topic/trusted-source-caam
It includes these three patches on top of Jarkko's linux-tpmdd/master.
>> Looking forward to your feedback.
>
> Thanks for working on this! David and I will have a closer look these days.
Great. Here is a simple testing regiment that could help you getting started:
# First boot
DEV=/dev/loop0
ALGO=aes-cbc-essiv:sha256
KEYNAME=kmk
BLOCKS=20
mount -o remount,rw /
fallocate -l $((BLOCKS*512)) ~/loop0.img
losetup -P $DEV ~/loop0.img
KEY="$(keyctl add trusted $KEYNAME 'new 32' @s)"
keyctl pipe $KEY >~/kmk.blob
TABLE="0 $BLOCKS crypt $ALGO :32:trusted:$KEYNAME 0 $DEV 0 1 allow_discards"
echo $TABLE | dmsetup create mydev
echo $TABLE | dmsetup load mydev
dd if=/dev/zero of=/dev/mapper/mydev || true
echo "It works!" 1<> /dev/mapper/mydev
cryptsetup close mydev
# Second boot
DEV=/dev/loop0
ALGO=aes-cbc-essiv:sha256
KEYNAME=kmk
BLOCKS=20
losetup -P $DEV ~/loop0.img
keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s
TABLE="0 $BLOCKS crypt $ALGO :32:trusted:$KEYNAME 0 $DEV 0 1 allow_discards"
echo $TABLE | dmsetup create mydev
echo $TABLE | dmsetup load mydev
# Should print that It works!
hexdump -C /dev/mapper/mydev
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists