lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 05 Mar 2024 00:15:55 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "David Gstir" <david@...ma-star.at>, "Mimi Zohar" <zohar@...ux.ibm.com>,
 "James Bottomley" <jejb@...ux.ibm.com>, "Herbert Xu"
 <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>
Cc: "Shawn Guo" <shawnguo@...nel.org>, "Jonathan Corbet" <corbet@....net>,
 "Sascha Hauer" <s.hauer@...gutronix.de>, "Pengutronix Kernel Team"
 <kernel@...gutronix.de>, "Fabio Estevam" <festevam@...il.com>, "NXP Linux
 Team" <linux-imx@....com>, "Ahmad Fatoum" <a.fatoum@...gutronix.de>, "sigma
 star Kernel Team" <upstream+dcp@...ma-star.at>, "David Howells"
 <dhowells@...hat.com>, "Li Yang" <leoyang.li@....com>, "Paul Moore"
 <paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>, "Serge E.
 Hallyn" <serge@...lyn.com>, "Paul E. McKenney" <paulmck@...nel.org>, "Randy
 Dunlap" <rdunlap@...radead.org>, "Catalin Marinas"
 <catalin.marinas@....com>, "Rafael J. Wysocki"
 <rafael.j.wysocki@...el.com>, "Tejun Heo" <tj@...nel.org>, "Steven Rostedt
 (Google)" <rostedt@...dmis.org>, <linux-doc@...r.kernel.org>,
 <linux-kernel@...r.kernel.org>, <linux-integrity@...r.kernel.org>,
 <keyrings@...r.kernel.org>, <linux-crypto@...r.kernel.org>,
 <linux-arm-kernel@...ts.infradead.org>, <linuxppc-dev@...ts.ozlabs.org>,
 <linux-security-module@...r.kernel.org>, "Richard Weinberger"
 <richard@....at>, "David Oberhollenzer" <david.oberhollenzer@...ma-star.at>
Subject: Re: [PATCH v5 1/6] crypto: mxs-dcp: Add support for hardware-bound
 keys

On Fri Dec 15, 2023 at 1:06 PM EET, David Gstir wrote:
> DCP is capable of performing AES with two hardware-bound keys:
>
> - The one-time programmable (OTP) key which is burnt via on-chip fuses
> - The unique key (UK) which is derived from the OTP key

This is somewhat cryptic explanation for the commmon and reoccuring
theme of having a fused random seed and a key derivation function.

I'd just write it is all about.

"DCP is able to derive private keys for a fused random seed, which
can be referenced by handle but not accessed by the CPU. These keys
can be used to perform AES encryption."

My explanation neither includes acronyms OTP and UK and still
delivers the message so much better. That actually further makes
it better because less crappy standard consortium terminology is
always better :-)

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ