| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f9c0087d299be1b9b91b242f41ac6ef7b9ee3ef7.camel@linux.ibm.com>
Date: Tue, 23 Mar 2021 14:07:20 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Ahmad Fatoum <a.fatoum@...gutronix.de>,
Horia Geantă <horia.geanta@....com>,
Jonathan Corbet <corbet@....net>,
David Howells <dhowells@...hat.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
James Bottomley <jejb@...ux.ibm.com>
Cc: "kernel@...gutronix.de" <kernel@...gutronix.de>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Aymen Sghaier <aymen.sghaier@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Udit Agarwal <udit.agarwal@....com>,
Jan Luebbe <j.luebbe@...gutronix.de>,
David Gstir <david@...ma-star.at>,
Franck Lenormand <franck.lenormand@....com>,
Sumit Garg <sumit.garg@...aro.org>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>
Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP
CAAM-based trusted keys
On Tue, 2021-03-23 at 17:35 +0100, Ahmad Fatoum wrote:
> Hello Horia,
>
> On 21.03.21 21:48, Horia Geantă wrote:
> > On 3/16/2021 7:02 PM, Ahmad Fatoum wrote:
> > [...]
> >> +struct trusted_key_ops caam_trusted_key_ops = {
> >> + .migratable = 0, /* non-migratable */
> >> + .init = trusted_caam_init,
> >> + .seal = trusted_caam_seal,
> >> + .unseal = trusted_caam_unseal,
> >> + .exit = trusted_caam_exit,
> >> +};
> > caam has random number generation capabilities, so it's worth using that
> > by implementing .get_random.
>
> If the CAAM HWRNG is already seeding the kernel RNG, why not use the kernel's?
>
> Makes for less code duplication IMO.
Using kernel RNG, in general, for trusted keys has been discussed
before. Please refer to Dave Safford's detailed explanation for not
using it [1].
thanks,
Mimi
[1]
https://lore.kernel.org/linux-integrity/BCA04D5D9A3B764C9B7405BBA4D4A3C035F2A38B@ALPMBAPA12.e2k.ad.ge.com/
Powered by blists - more mailing lists