| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YjmGHRK5TzteGwNu@iki.fi>
Date: Tue, 22 Mar 2022 10:17:33 +0200
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Ahmad Fatoum <a.fatoum@...gutronix.de>
Cc: Jonathan Corbet <corbet@....net>,
David Howells <dhowells@...hat.com>,
James Bottomley <jejb@...ux.ibm.com>,
Mimi Zohar <zohar@...ux.ibm.com>, kernel@...gutronix.de,
David Gstir <david@...ma-star.at>,
Pankaj Gupta <pankaj.gupta@....com>,
Tim Harvey <tharvey@...eworks.com>,
Matthias Schiffer <matthias.schiffer@...tq-group.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Horia Geantă <horia.geanta@....com>,
Aymen Sghaier <aymen.sghaier@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Eric Biggers <ebiggers@...nel.org>,
Jan Luebbe <j.luebbe@...gutronix.de>,
Richard Weinberger <richard@....at>,
Franck LENORMAND <franck.lenormand@....com>,
Sumit Garg <sumit.garg@...aro.org>, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-doc@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH v6 4/4] KEYS: trusted: Introduce support for NXP
CAAM-based trusted keys
On Tue, Mar 22, 2022 at 08:33:34AM +0100, Ahmad Fatoum wrote:
> Hello Jarkko,
>
> On 20.03.22 22:02, Jarkko Sakkinen wrote:
> > On Wed, Mar 16, 2022 at 05:43:35PM +0100, Ahmad Fatoum wrote:
> >> @@ -192,6 +217,19 @@ Usage::
> >> specific to TEE device implementation. The key length for new keys is always
> >> in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
> >>
> >> +Trusted Keys usage: CAAM
> >> +------------------------
> >> +
> >> +Usage::
> >> +
> >> + keyctl add trusted name "new keylen" ring
> >> + keyctl add trusted name "load hex_blob" ring
> >> + keyctl print keyid
> >> +
> >> +"keyctl print" returns an ASCII hex copy of the sealed key, which is in format
> >> +specific to CAAM device implementation. The key length for new keys is always
> >> +in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
> >> +
> >> Encrypted Keys usage
> >> --------------------
> >>
> >> diff --git a/MAINTAINERS b/MAINTAINERS
> >> index 05fd080b82f3..f13382a14967 100644
> >> --- a/MAINTAINERS
> >> +++ b/MAINTAINERS
> >> @@ -10647,6 +10647,15 @@ S: Supported
> >> F: include/keys/trusted_tee.h
> >> F: security/keys/trusted-keys/trusted_tee.c
> >>
> >> +KEYS-TRUSTED-CAAM
> >> +M: Ahmad Fatoum <a.fatoum@...gutronix.de>
> >> +R: Pengutronix Kernel Team <kernel@...gutronix.de>
> >> +L: linux-integrity@...r.kernel.org
> >> +L: keyrings@...r.kernel.org
> >> +S: Maintained
> >> +F: include/keys/trusted_caam.h
> >> +F: security/keys/trusted-keys/trusted_caam.c
> >> +
> >> KEYS/KEYRINGS
> >> M: David Howells <dhowells@...hat.com>
> >> M: Jarkko Sakkinen <jarkko@...nel.org>
> >
> > Documentation and MAINTAINERS updates must be separate patches.
>
> I will do so for v7. Does this patch look otherwise ok to you?
>
> Thanks,
> Ahmad
I don't give heads ups. It's improperly constructed patch, i.e. I won't
review it in this from.
BR, Jarkko
Powered by blists - more mailing lists