lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <311e97da-3ec3-407a-920b-fd042392cf0b@linaro.org>
Date: Mon, 17 Jun 2024 19:39:31 +0200
From: Konrad Dybcio <konrad.dybcio@...aro.org>
To: Gaurav Kashyap <quic_gaurkash@...cinc.com>,
 linux-arm-msm@...r.kernel.org, linux-scsi@...r.kernel.org,
 andersson@...nel.org, ebiggers@...gle.com, neil.armstrong@...aro.org,
 srinivas.kandagatla@...aro.org, krzysztof.kozlowski+dt@...aro.org,
 conor+dt@...nel.org, robh+dt@...nel.org
Cc: linux-kernel@...r.kernel.org, linux-mmc@...r.kernel.org,
 kernel@...cinc.com, linux-crypto@...r.kernel.org,
 devicetree@...r.kernel.org, quic_omprsing@...cinc.com,
 quic_nguyenb@...cinc.com, bartosz.golaszewski@...aro.org,
 ulf.hansson@...aro.org, jejb@...ux.ibm.com, martin.petersen@...cle.com,
 mani@...nel.org, davem@...emloft.net, herbert@...dor.apana.org.au,
 psodagud@...cinc.com, quic_apurupa@...cinc.com, sonalg@...cinc.com
Subject: Re: [PATCH v5 13/15] dt-bindings: crypto: ice: document the hwkm
 property



On 6/17/24 02:51, Gaurav Kashyap wrote:
> When Qualcomm's Inline Crypto Engine (ICE) contains Hardware
> Key Manager (HWKM), and the 'HWKM' mode is enabled, it
> supports wrapped keys. However, this also requires firmware
> support in Trustzone to work correctly, which may not be available
> on all chipsets. In the above scenario, ICE needs to support standard
> keys even though HWKM is integrated from a hardware perspective.
> 
> Introducing this property so that Hardware wrapped key support
> can be enabled/disabled from software based on chipset firmware,
> and not just based on hardware version.
> 
> Tested-by: Neil Armstrong <neil.armstrong@...aro.org>
> Signed-off-by: Gaurav Kashyap <quic_gaurkash@...cinc.com>
> ---
>   .../bindings/crypto/qcom,inline-crypto-engine.yaml     | 10 ++++++++++
>   1 file changed, 10 insertions(+)
> 
> diff --git a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
> index 0304f074cf08..0bb4d008f961 100644
> --- a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
> +++ b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
> @@ -27,6 +27,16 @@ properties:
>     clocks:
>       maxItems: 1
>   
> +  qcom,ice-use-hwkm:
> +    type: boolean
> +    description:
> +      Use the supported Hardware Key Manager (HWKM) in Qualcomm ICE
> +      to support wrapped keys. Having this entry helps scenarios where
> +      the ICE hardware supports HWKM, but the Trustzone firmware does
> +      not have the full capability to use this HWKM and support wrapped
> +      keys. Not having this entry enabled would make ICE function in
> +      non-HWKM mode supporting standard keys.

Just check if qcom_scm_derive_sw_secret is available instead

Konrad

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ