| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Jun 2021 14:21:16 +0200
From: Richard Weinberger <richard.weinberger@...il.com>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: keyrings@...r.kernel.org, Richard Weinberger <richard@....at>,
Ahmad Fatoum <a.fatoum@...gutronix.de>,
David Gstir <david@...ma-star.at>,
David Howells <dhowells@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Fabio Estevam <festevam@...il.com>,
James Bottomley <jejb@...ux.ibm.com>,
James Morris <jmorris@...ei.org>,
Jarkko Sakkinen <jarkko@...nel.org>,
Jonathan Corbet <corbet@....net>,
linux-arm-kernel@...ts.infradead.org,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
linux-doc@...r.kernel.org, linux-integrity@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>,
LSM <linux-security-module@...r.kernel.org>,
Mimi Zohar <zohar@...ux.ibm.com>,
NXP Linux Team <linux-imx@....com>,
Pengutronix Kernel Team <kernel@...gutronix.de>,
Sascha Hauer <s.hauer@...gutronix.de>,
"Serge E. Hallyn" <serge@...lyn.com>,
Shawn Guo <shawnguo@...nel.org>
Subject: Re: [PATCH 1/3] crypto: mxs-dcp: Add support for hardware provided keys
Herbert,
On Mon, Jun 14, 2021 at 10:18 PM Richard Weinberger <richard@....at> wrote:
>
> DCP is capable to performing AES with hardware-bound keys.
> These keys are not stored in main memory and are therefore not directly
> accessible by the operating system.
>
> So instead of feeding the key into DCP, we need to place a
> reference to such a key before initiating the crypto operation.
> Keys are referenced by a one byte identifiers.
>
> DCP supports 6 different keys: 4 slots in the secure memory area,
> a one time programmable key which can be burnt via on-chip fuses
> and an unique device key.
>
> Using these keys is restricted to in-kernel users that use them as building
> block for other crypto tools such as trusted keys. Allowing userspace
> (e.g. via AF_ALG) to use these keys to crypt or decrypt data is a security
> risk, because there is no access control mechanism.
>
> Cc: Ahmad Fatoum <a.fatoum@...gutronix.de>
> Cc: David Gstir <david@...ma-star.at>
> Cc: David Howells <dhowells@...hat.com>
> Cc: "David S. Miller" <davem@...emloft.net>
> Cc: Fabio Estevam <festevam@...il.com>
> Cc: Herbert Xu <herbert@...dor.apana.org.au>
> Cc: James Bottomley <jejb@...ux.ibm.com>
> Cc: James Morris <jmorris@...ei.org>
> Cc: Jarkko Sakkinen <jarkko@...nel.org>
> Cc: Jonathan Corbet <corbet@....net>
> Cc: keyrings@...r.kernel.org
> Cc: linux-arm-kernel@...ts.infradead.org
> Cc: linux-crypto@...r.kernel.org
> Cc: linux-doc@...r.kernel.org
> Cc: linux-integrity@...r.kernel.org
> Cc: linux-kernel@...r.kernel.org
> Cc: linux-security-module@...r.kernel.org
> Cc: Mimi Zohar <zohar@...ux.ibm.com>
> Cc: NXP Linux Team <linux-imx@....com>
> Cc: Pengutronix Kernel Team <kernel@...gutronix.de>
> Cc: Richard Weinberger <richard@....at>
> Cc: Sascha Hauer <s.hauer@...gutronix.de>
> Cc: "Serge E. Hallyn" <serge@...lyn.com>
> Cc: Shawn Guo <shawnguo@...nel.org>
> Co-developed-by: David Gstir <david@...ma-star.at>
> Signed-off-by: David Gstir <david@...ma-star.at>
> Signed-off-by: Richard Weinberger <richard@....at>
> ---
> drivers/crypto/mxs-dcp.c | 110 ++++++++++++++++++++++++++++++++++-----
> include/linux/mxs-dcp.h | 19 +++++++
> 2 files changed, 117 insertions(+), 12 deletions(-)
> create mode 100644 include/linux/mxs-dcp.h
This patch was judged as not applicable in your patchwork.
Is something missing? How can we proceed?
--
Thanks,
//richard
Powered by blists - more mailing lists