lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20241101031539.13285-1-quic_spuppala@quicinc.com>
Date: Fri,  1 Nov 2024 08:45:33 +0530
From: Seshu Madhavi Puppala <quic_spuppala@...cinc.com>
To: Adrian Hunter <adrian.hunter@...el.com>,
        Asutosh Das <quic_asutoshd@...cinc.com>,
        Ulf Hansson <ulf.hansson@...aro.org>
Cc: Ritesh Harjani <ritesh.list@...il.com>, linux-mmc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org,
        quic_gaurkash@...cinc.com, quic_neersoni@...cinc.com,
        quic_spuppala@...cinc.com
Subject: [PATCH RFC 0/6] Hardware wrapped key support for MMC core

This series adds support for wrapped keys by implementing relevant
callbacks MMC core and QCom layer.

They patches do the following:
- Tested on top of Hardware wrapped key support for QCom ICE and UFS core: https://patchwork.kernel.org/project/linux-scsi/cover/20241011-wrapped-keys-v7-0-e3f7a752059b@linaro.org/

Tested on QCM6490.

How to test:

Use the wip-wrapped-keys branch from https://github.com/ebiggers/fscryptctl
to build a custom fscryptctl that supports generating wrapped keys.

Enable the following config options:
CONFIG_BLK_INLINE_ENCRYPTION=y
CONFIG_QCOM_INLINE_CRYPTO_ENGINE=m
CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y
CONFIG_MMC_CRYPTO=y

$ mkfs.ext4 -F -O encrypt,stable_inodes /dev/mmcblk0p12
$ mount /dev/mmcblk0p12 -o inlinecrypt /mnt
$ fscryptctl generate_hw_wrapped_key /dev/mmcblk0p12 > /mnt/key.longterm
$ fscryptctl prepare_hw_wrapped_key /dev/mmcblk0p12 < /mnt/key.longterm > /tmp/key.ephemeral
$ KEYID=$(fscryptctl add_key --hw-wrapped-key < /tmp/key.ephemeral /mnt)
$ rm -rf /mnt/dir
$ mkdir /mnt/dir
$ fscryptctl set_policy --hw-wrapped-key --iv-ino-lblk-32 "$KEYID" /mnt/dir
$ dmesg > /mnt/dir/test.txt
$ sync

Reboot the board

$ mount /dev/mmcblk0p12 -o inlinecrypt /mnt
$ ls /mnt/dir
$ fscryptctl prepare_hw_wrapped_key /dev/mmcblk0p12 < /mnt/key.longterm > /tmp/key.ephemeral
$ KEYID=$(fscryptctl add_key --hw-wrapped-key < /tmp/key.ephemeral /mnt)
$ fscryptctl set_policy --hw-wrapped-key --iv-ino-lblk-32 "$KEYID" /mnt/dir
$ cat /mnt/dir/test.txt # File should now be decrypted

Seshu Madhavi Puppala (6):
  mmc: host: support wrapped keys in mmc
  mmc: host: add support to derive software secret
  mmc: host: add support for generate, import and prepare keys
  mmc: host: wrapped keys support in mmc qcom
  mmc: host: implement derive sw secret vop in mmc qcom
  mmc: host: support for generate, import and prepare key

 drivers/mmc/host/cqhci-crypto.c | 79 +++++++++++++++++++++++++++++----
 drivers/mmc/host/cqhci.h        | 22 +++++++++
 drivers/mmc/host/sdhci-msm.c    | 59 +++++++++++++++++++++++-
 3 files changed, 151 insertions(+), 9 deletions(-)

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ