| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c946cce8-674a-43d2-1000-b57eba4bc45c@pengutronix.de>
Date: Tue, 22 Mar 2022 08:33:34 +0100
From: Ahmad Fatoum <a.fatoum@...gutronix.de>
To: Jarkko Sakkinen <jarkko@...nel.org>
Cc: Jonathan Corbet <corbet@....net>,
David Howells <dhowells@...hat.com>,
James Bottomley <jejb@...ux.ibm.com>,
Mimi Zohar <zohar@...ux.ibm.com>, kernel@...gutronix.de,
David Gstir <david@...ma-star.at>,
Pankaj Gupta <pankaj.gupta@....com>,
Tim Harvey <tharvey@...eworks.com>,
Matthias Schiffer <matthias.schiffer@...tq-group.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Horia Geantă <horia.geanta@....com>,
Aymen Sghaier <aymen.sghaier@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Eric Biggers <ebiggers@...nel.org>,
Jan Luebbe <j.luebbe@...gutronix.de>,
Richard Weinberger <richard@....at>,
Franck LENORMAND <franck.lenormand@....com>,
Sumit Garg <sumit.garg@...aro.org>, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-doc@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH v6 4/4] KEYS: trusted: Introduce support for NXP
CAAM-based trusted keys
Hello Jarkko,
On 20.03.22 22:02, Jarkko Sakkinen wrote:
> On Wed, Mar 16, 2022 at 05:43:35PM +0100, Ahmad Fatoum wrote:
>> @@ -192,6 +217,19 @@ Usage::
>> specific to TEE device implementation. The key length for new keys is always
>> in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
>>
>> +Trusted Keys usage: CAAM
>> +------------------------
>> +
>> +Usage::
>> +
>> + keyctl add trusted name "new keylen" ring
>> + keyctl add trusted name "load hex_blob" ring
>> + keyctl print keyid
>> +
>> +"keyctl print" returns an ASCII hex copy of the sealed key, which is in format
>> +specific to CAAM device implementation. The key length for new keys is always
>> +in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
>> +
>> Encrypted Keys usage
>> --------------------
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index 05fd080b82f3..f13382a14967 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -10647,6 +10647,15 @@ S: Supported
>> F: include/keys/trusted_tee.h
>> F: security/keys/trusted-keys/trusted_tee.c
>>
>> +KEYS-TRUSTED-CAAM
>> +M: Ahmad Fatoum <a.fatoum@...gutronix.de>
>> +R: Pengutronix Kernel Team <kernel@...gutronix.de>
>> +L: linux-integrity@...r.kernel.org
>> +L: keyrings@...r.kernel.org
>> +S: Maintained
>> +F: include/keys/trusted_caam.h
>> +F: security/keys/trusted-keys/trusted_caam.c
>> +
>> KEYS/KEYRINGS
>> M: David Howells <dhowells@...hat.com>
>> M: Jarkko Sakkinen <jarkko@...nel.org>
>
> Documentation and MAINTAINERS updates must be separate patches.
I will do so for v7. Does this patch look otherwise ok to you?
Thanks,
Ahmad
>
> BR, Jarkko
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists