[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <CZLB9UXFAHK6.26ET7BAGSFZLB@suppilovahvero>
Date: Tue, 05 Mar 2024 00:15:55 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "David Gstir" <david@...ma-star.at>, "Mimi Zohar" <zohar@...ux.ibm.com>,
"James Bottomley" <jejb@...ux.ibm.com>, "Herbert Xu"
<herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>
Cc: "Shawn Guo" <shawnguo@...nel.org>, "Jonathan Corbet" <corbet@....net>,
"Sascha Hauer" <s.hauer@...gutronix.de>, "Pengutronix Kernel Team"
<kernel@...gutronix.de>, "Fabio Estevam" <festevam@...il.com>, "NXP Linux
Team" <linux-imx@....com>, "Ahmad Fatoum" <a.fatoum@...gutronix.de>, "sigma
star Kernel Team" <upstream+dcp@...ma-star.at>, "David Howells"
<dhowells@...hat.com>, "Li Yang" <leoyang.li@....com>, "Paul Moore"
<paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>, "Serge E.
Hallyn" <serge@...lyn.com>, "Paul E. McKenney" <paulmck@...nel.org>, "Randy
Dunlap" <rdunlap@...radead.org>, "Catalin Marinas"
<catalin.marinas@....com>, "Rafael J. Wysocki"
<rafael.j.wysocki@...el.com>, "Tejun Heo" <tj@...nel.org>, "Steven Rostedt
(Google)" <rostedt@...dmis.org>, <linux-doc@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <linux-integrity@...r.kernel.org>,
<keyrings@...r.kernel.org>, <linux-crypto@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>, <linuxppc-dev@...ts.ozlabs.org>,
<linux-security-module@...r.kernel.org>, "Richard Weinberger"
<richard@....at>, "David Oberhollenzer" <david.oberhollenzer@...ma-star.at>
Subject: Re: [PATCH v5 1/6] crypto: mxs-dcp: Add support for hardware-bound
keys
On Fri Dec 15, 2023 at 1:06 PM EET, David Gstir wrote:
> DCP is capable of performing AES with two hardware-bound keys:
>
> - The one-time programmable (OTP) key which is burnt via on-chip fuses
> - The unique key (UK) which is derived from the OTP key
This is somewhat cryptic explanation for the commmon and reoccuring
theme of having a fused random seed and a key derivation function.
I'd just write it is all about.
"DCP is able to derive private keys for a fused random seed, which
can be referenced by handle but not accessed by the CPU. These keys
can be used to perform AES encryption."
My explanation neither includes acronyms OTP and UK and still
delivers the message so much better. That actually further makes
it better because less crappy standard consortium terminology is
always better :-)
BR, Jarkko
Powered by blists - more mailing lists