lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <DU2PR04MB863008D8958A5F7599C88949951D9@DU2PR04MB8630.eurprd04.prod.outlook.com>
Date:   Mon, 28 Mar 2022 10:46:07 +0000
From:   Pankaj Gupta <pankaj.gupta@....com>
To:     Ahmad Fatoum <a.fatoum@...gutronix.de>,
        Jonathan Corbet <corbet@....net>,
        David Howells <dhowells@...hat.com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        James Bottomley <jejb@...ux.ibm.com>,
        Mimi Zohar <zohar@...ux.ibm.com>
CC:     "kernel@...gutronix.de" <kernel@...gutronix.de>,
        David Gstir <david@...ma-star.at>,
        "tharvey@...eworks.com" <tharvey@...eworks.com>,
        Matthias Schiffer <matthias.schiffer@...tq-group.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Horia Geanta <horia.geanta@....com>,
        Aymen Sghaier <aymen.sghaier@....com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Biggers <ebiggers@...nel.org>,
        Jan Luebbe <j.luebbe@...gutronix.de>,
        Richard Weinberger <richard@....at>,
        Franck Lenormand <franck.lenormand@....com>,
        Sumit Garg <sumit.garg@...aro.org>,
        "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-security-module@...r.kernel.org" 
        <linux-security-module@...r.kernel.org>
Subject: RE: [EXT] [PATCH v6 4/4] KEYS: trusted: Introduce support for NXP
 CAAM-based trusted keys

Hi Ahmad,

Please find the comments in-line.

Regards
Pankaj

> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum@...gutronix.de>
> Sent: Wednesday, March 16, 2022 10:14 PM
> To: Jonathan Corbet <corbet@....net>; David Howells
> <dhowells@...hat.com>; Jarkko Sakkinen <jarkko@...nel.org>; James
> Bottomley <jejb@...ux.ibm.com>; Mimi Zohar <zohar@...ux.ibm.com>
> Cc: kernel@...gutronix.de; David Gstir <david@...ma-star.at>; Pankaj
> Gupta <pankaj.gupta@....com>; tharvey@...eworks.com; Matthias
> Schiffer <matthias.schiffer@...tq-group.com>; Ahmad Fatoum
> <a.fatoum@...gutronix.de>; James Morris <jmorris@...ei.org>; Serge E.
> Hallyn <serge@...lyn.com>; Horia Geanta <horia.geanta@....com>; Aymen
> Sghaier <aymen.sghaier@....com>; Herbert Xu
> <herbert@...dor.apana.org.au>; David S. Miller <davem@...emloft.net>;
> Eric Biggers <ebiggers@...nel.org>; Jan Luebbe <j.luebbe@...gutronix.de>;
> Richard Weinberger <richard@....at>; Franck Lenormand
> <franck.lenormand@....com>; Sumit Garg <sumit.garg@...aro.org>;
> keyrings@...r.kernel.org; linux-crypto@...r.kernel.org; linux-
> doc@...r.kernel.org; linux-integrity@...r.kernel.org; linux-
> kernel@...r.kernel.org; linux-security-module@...r.kernel.org
> Subject: [EXT] [PATCH v6 4/4] KEYS: trusted: Introduce support for NXP
> CAAM-based trusted keys
> 
> Caution: EXT Email
> 
> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP core
> built into many newer i.MX and QorIQ SoCs by NXP.
> 
> The CAAM does crypto acceleration, hardware number generation and has a
> blob mechanism for encapsulation/decapsulation of sensitive material.
> 
> This blob mechanism depends on a device specific random 256-bit One Time
> Programmable Master Key that is fused in each SoC at manufacturing time.
> This key is unreadable and can only be used by the CAAM for AES
> encryption/decryption of user data.
> 
> This makes it a suitable backend (source) for kernel trusted keys.
> 
> Previous commits generalized trusted keys to support multiple backends and
> added an API to access the CAAM blob mechanism. Based on these, provide
> the necessary glue to use the CAAM for trusted keys.
> 
> Reviewed-by: David Gstir <david@...ma-star.at>
> Reviewed-by: Pankaj Gupta <pankaj.gupta@....com>
> Tested-By: Tim Harvey <tharvey@...eworks.com>
> Tested-by: Matthias Schiffer <matthias.schiffer@...tq-group.com>
> Tested-by: Pankaj Gupta <pankaj.gupta@....com>
> Signed-off-by: Ahmad Fatoum <a.fatoum@...gutronix.de>
> ---
> v5 -> v6:
>   - Rename caam_trusted_key_ops to trusted_key_caam_ops for symmetry
>     with other trust sources (Pankaj)
>   - collected Pankaj's Reviewed-by
> v4 -> v5:
>   - Collected Reviewed-by's and Tested-by's
>   - Changed modifier to SECURE_KEY for compatibility with linux-imx
>     (Matthias)
> v3 -> v4:
>   - Collected Acked-by's, Reviewed-by's and Tested-by
> v2 -> v3:
>  - add MAINTAINERS entry
> v1 -> v2:
>  - Extend trusted keys documentation for CAAM
> 
> To: Jonathan Corbet <corbet@....net>
> To: David Howells <dhowells@...hat.com>
> To: Jarkko Sakkinen <jarkko@...nel.org>
> To: James Bottomley <jejb@...ux.ibm.com>
> To: Mimi Zohar <zohar@...ux.ibm.com>
> Cc: James Morris <jmorris@...ei.org>
> Cc: "Serge E. Hallyn" <serge@...lyn.com>
> Cc: "Horia Geantă" <horia.geanta@....com>
> Cc: Aymen Sghaier <aymen.sghaier@....com>
> Cc: Herbert Xu <herbert@...dor.apana.org.au>
> Cc: "David S. Miller" <davem@...emloft.net>
> Cc: Eric Biggers <ebiggers@...nel.org>
> Cc: Jan Luebbe <j.luebbe@...gutronix.de>
> Cc: David Gstir <david@...ma-star.at>
> Cc: Richard Weinberger <richard@....at>
> Cc: Franck LENORMAND <franck.lenormand@....com>
> Cc: Matthias Schiffer <matthias.schiffer@...tq-group.com>
> Cc: Sumit Garg <sumit.garg@...aro.org>
> Cc: keyrings@...r.kernel.org
> Cc: linux-crypto@...r.kernel.org
> Cc: linux-doc@...r.kernel.org
> Cc: linux-integrity@...r.kernel.org
> Cc: linux-kernel@...r.kernel.org
> Cc: linux-security-module@...r.kernel.org
> ---
>  .../admin-guide/kernel-parameters.txt         |  1 +
>  .../security/keys/trusted-encrypted.rst       | 40 +++++++++-
>  MAINTAINERS                                   |  9 +++
>  include/keys/trusted_caam.h                   | 11 +++
>  security/keys/trusted-keys/Kconfig            | 11 ++-
>  security/keys/trusted-keys/Makefile           |  2 +
>  security/keys/trusted-keys/trusted_caam.c     | 74 +++++++++++++++++++
>  security/keys/trusted-keys/trusted_core.c     |  6 +-
>  8 files changed, 151 insertions(+), 3 deletions(-)  create mode 100644
> include/keys/trusted_caam.h  create mode 100644 security/keys/trusted-
> keys/trusted_caam.c
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt
> b/Documentation/admin-guide/kernel-parameters.txt
> index 844c883ca9d8..9e7ef4c6585d 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -5875,6 +5875,7 @@
>                         sources:
>                         - "tpm"
>                         - "tee"
> +                       - "caam"
>                         If not specified then it defaults to iterating through
>                         the trust source list starting with TPM and assigns the
>                         first trust source as a backend which is initialized diff --git
> a/Documentation/security/keys/trusted-encrypted.rst
> b/Documentation/security/keys/trusted-encrypted.rst
> index 99cf34d7c025..ed60c48cb692 100644
> --- a/Documentation/security/keys/trusted-encrypted.rst
> +++ b/Documentation/security/keys/trusted-encrypted.rst
> @@ -35,6 +35,13 @@ safe.
>           Rooted to Hardware Unique Key (HUK) which is generally burnt in on-
> chip
>           fuses and is accessible to TEE only.
> 
> +     (3) CAAM (Cryptographic Acceleration and Assurance Module: IP on
> + NXP SoCs)
> +
> +         When High Assurance Boot (HAB) is enabled and the CAAM is in secure
> +         mode, trust is rooted to the OTPMK, a never-disclosed 256-bit key
> +         randomly generated and fused into each SoC at manufacturing time.
> +         Otherwise, a common fixed test key is used instead.
> +
>    *  Execution isolation
> 
>       (1) TPM
> @@ -46,6 +53,10 @@ safe.
>           Customizable set of operations running in isolated execution
>           environment verified via Secure/Trusted boot process.
> 
> +     (3) CAAM
> +
> +         Fixed set of operations running in isolated execution environment.
> +
>    * Optional binding to platform integrity state
> 
>       (1) TPM
> @@ -63,6 +74,11 @@ safe.
>           Relies on Secure/Trusted boot process for platform integrity. It can
>           be extended with TEE based measured boot process.
> 
> +     (3) CAAM
> +
> +         Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs
> +         for platform integrity.
> +
>    *  Interfaces and APIs
> 
>       (1) TPM
> @@ -74,10 +90,13 @@ safe.
>           TEEs have well-documented, standardized client interface and APIs. For
>           more details refer to ``Documentation/staging/tee.rst``.
> 
> +     (3) CAAM
> +
> +         Interface is specific to silicon vendor.
> 
>    *  Threat model
> 
> -     The strength and appropriateness of a particular TPM or TEE for a given
> +     The strength and appropriateness of a particular trust source for
> + a given
>       purpose must be assessed when using them to protect security-relevant
> data.
> 
> 
> @@ -104,6 +123,12 @@ selected trust source:
>       from platform specific hardware RNG or a software based Fortuna
> CSPRNG
>       which can be seeded via multiple entropy sources.
> 
> +  *  CAAM: Kernel RNG
> +
> +     The normal kernel random number generator is used. To seed it from the
> +     CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure
> the device
> +     is probed.
> +
>  Users may override this by specifying ``trusted.rng=kernel`` on the kernel
> command-line to override the used RNG with the kernel's random number
> pool.
> 
> @@ -192,6 +217,19 @@ Usage::
>  specific to TEE device implementation.  The key length for new keys is always
> in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
> 
> +Trusted Keys usage: CAAM
> +------------------------
> +
> +Usage::
> +
> +    keyctl add trusted name "new keylen" ring
> +    keyctl add trusted name "load hex_blob" ring
> +    keyctl print keyid
> +
> +"keyctl print" returns an ASCII hex copy of the sealed key, which is in
> +format specific to CAAM device implementation.  The key length for new
> +keys is always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
> +
>  Encrypted Keys usage
>  --------------------
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 05fd080b82f3..f13382a14967 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -10647,6 +10647,15 @@ S:     Supported
>  F:     include/keys/trusted_tee.h
>  F:     security/keys/trusted-keys/trusted_tee.c
> 
> +KEYS-TRUSTED-CAAM
> +M:     Ahmad Fatoum <a.fatoum@...gutronix.de>
> +R:     Pengutronix Kernel Team <kernel@...gutronix.de>
> +L:     linux-integrity@...r.kernel.org
> +L:     keyrings@...r.kernel.org
> +S:     Maintained
> +F:     include/keys/trusted_caam.h
> +F:     security/keys/trusted-keys/trusted_caam.c
> +
>  KEYS/KEYRINGS
>  M:     David Howells <dhowells@...hat.com>
>  M:     Jarkko Sakkinen <jarkko@...nel.org>
> diff --git a/include/keys/trusted_caam.h b/include/keys/trusted_caam.h
> new file mode 100644 index 000000000000..73fe2f32f65e
> --- /dev/null
> +++ b/include/keys/trusted_caam.h
> @@ -0,0 +1,11 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +/*
> + * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@...gutronix.de>
> +*/
> +
> +#ifndef __CAAM_TRUSTED_KEY_H
> +#define __CAAM_TRUSTED_KEY_H
> +
> +extern struct trusted_key_ops trusted_key_caam_ops;
> +
> +#endif
> diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-
> keys/Kconfig
> index fc4abd581abb..dbfdd8536468 100644
> --- a/security/keys/trusted-keys/Kconfig
> +++ b/security/keys/trusted-keys/Kconfig
> @@ -24,6 +24,15 @@ config TRUSTED_KEYS_TEE
>           Enable use of the Trusted Execution Environment (TEE) as trusted
>           key backend.
> 
> -if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE
> +config TRUSTED_KEYS_CAAM
> +       bool "CAAM-based trusted keys"
> +       depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
> +       select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
> +       default y
> +       help
> +         Enable use of NXP's Cryptographic Accelerator and Assurance Module
> +         (CAAM) as trusted key backend.
> +
> +if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE
> && !TRUSTED_KEYS_CAAM
>  comment "No trust source selected!"
>  endif
> diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-
> keys/Makefile
> index 2e2371eae4d5..735aa0bc08ef 100644
> --- a/security/keys/trusted-keys/Makefile
> +++ b/security/keys/trusted-keys/Makefile
> @@ -12,3 +12,5 @@ trusted-$(CONFIG_TRUSTED_KEYS_TPM) +=
> trusted_tpm2.o
>  trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
> 
>  trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
> +
> +trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
> diff --git a/security/keys/trusted-keys/trusted_caam.c
> b/security/keys/trusted-keys/trusted_caam.c
> new file mode 100644
> index 000000000000..5457c76c6602
> --- /dev/null
> +++ b/security/keys/trusted-keys/trusted_caam.c
> @@ -0,0 +1,74 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@...gutronix.de>
> +*/
> +
> +#include <keys/trusted_caam.h>
> +#include <keys/trusted-type.h>
> +#include <linux/build_bug.h>
> +#include <linux/key-type.h>
> +#include <soc/fsl/caam-blob.h>
> +
> +static struct caam_blob_priv *blobifier;
> +
> +#define KEYMOD "SECURE_KEY"
> +
> +static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <=
> CAAM_BLOB_MAX_LEN);
> +static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN);
> +
> +static int trusted_caam_seal(struct trusted_key_payload *p, char
> +*datablob) {

If the structure "struct keyblob_info", is used in patch 3/4, then below use for CAAM specific macros
will not be needed to be set in this file/function.

> +       int length = p->key_len + CAAM_BLOB_OVERHEAD;
> +       int ret;
> +
> +       ret = caam_encap_blob(blobifier, KEYMOD, p->key, p->blob, length);
> +       if (ret)
> +               return ret;
> +

If the structure "struct keyblob_info", is used in patch 3/4, then below line of code will not be needed.

> +       p->blob_len = length;
> +       return 0;
> +}
> +
> +static int trusted_caam_unseal(struct trusted_key_payload *p, char
> +*datablob) {
> +       int length = p->blob_len;
> +       int ret;
> +
> +       ret = caam_decap_blob(blobifier, KEYMOD, p->blob, p->key, length);
> +       if (ret)
> +               return ret;
> +

If the structure "struct keyblob_info", is used in patch 3/4, then below line of code will not be needed.

> +       p->key_len = length - CAAM_BLOB_OVERHEAD;
> +       return 0;
> +}
> +
> +static int trusted_caam_init(void)
> +{
> +       int ret;
> +
> +       blobifier = caam_blob_gen_init();
> +       if (IS_ERR(blobifier)) {
> +               pr_err("Job Ring Device allocation for transform failed\n");
> +               return PTR_ERR(blobifier);
> +       }
> +
> +       ret = register_key_type(&key_type_trusted);
> +       if (ret)
> +               caam_blob_gen_exit(blobifier);
> +
> +       return ret;
> +}
> +
> +static void trusted_caam_exit(void)
> +{
> +       unregister_key_type(&key_type_trusted);
> +       caam_blob_gen_exit(blobifier);
> +}
> +
> +struct trusted_key_ops trusted_key_caam_ops = {
> +       .migratable = 0, /* non-migratable */
> +       .init = trusted_caam_init,
> +       .seal = trusted_caam_seal,
> +       .unseal = trusted_caam_unseal,
> +       .exit = trusted_caam_exit,
> +};
> diff --git a/security/keys/trusted-keys/trusted_core.c
> b/security/keys/trusted-keys/trusted_core.c
> index 9235fb7d0ec9..c6fc50d67214 100644
> --- a/security/keys/trusted-keys/trusted_core.c
> +++ b/security/keys/trusted-keys/trusted_core.c
> @@ -9,6 +9,7 @@
>  #include <keys/user-type.h>
>  #include <keys/trusted-type.h>
>  #include <keys/trusted_tee.h>
> +#include <keys/trusted_caam.h>
>  #include <keys/trusted_tpm.h>
>  #include <linux/capability.h>
>  #include <linux/err.h>
> @@ -29,7 +30,7 @@ MODULE_PARM_DESC(rng, "Select trusted key RNG");
> 
>  static char *trusted_key_source;
>  module_param_named(source, trusted_key_source, charp, 0); -
> MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
> +MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or
> +caam)");
> 
>  static const struct trusted_key_source trusted_key_sources[] = {  #if
> defined(CONFIG_TRUSTED_KEYS_TPM) @@ -38,6 +39,9 @@ static const
> struct trusted_key_source trusted_key_sources[] = {  #if
> defined(CONFIG_TRUSTED_KEYS_TEE)
>         { "tee", &trusted_key_tee_ops },  #endif
> +#if defined(CONFIG_TRUSTED_KEYS_CAAM)
> +       { "caam", &trusted_key_caam_ops }, #endif
>  };
> 
>  DEFINE_STATIC_CALL_NULL(trusted_key_init,
> *trusted_key_sources[0].ops->init);
> --
> 2.30.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ