From: Marek Vasut <marex@denx.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Jay Monkman <jay.monkman@freescale.com>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: Crypto driver -DCP
Date: Thu, 4 Jun 2015 17:34:39 +0200 [thread overview]
Message-ID: <201506041734.40053.marex@denx.de> (raw)
In-Reply-To: <20150604032400.GA20967@gondor.apana.org.au>
On Thursday, June 04, 2015 at 05:24:00 AM, Herbert Xu wrote:
> On Wed, Jun 03, 2015 at 03:02:13PM -0500, Jay Monkman wrote:
> > That would be one use, but a more likely use would be to prevent
> > access to the keys. A system could write keys to the key slots in
> > the bootloader or in a TrustZone secure world. Then those keys could
> > be used for crypto operations in Linux without ever exposing them.
> > Key slots can be written to, but cannot be read from.
> >
> > Even with keys stored in key slots, other keys may be used. For
> >
> > example, someone could do:
> > operation w/ key in slot 1
> > operation w/ key provided in descriptor
> > operation w/ key in slot 1
> >
> > I don't think an LRU scheme would allow something like that.
>
> In that case I would suggest using setkey with a length other
> than that of a valid AES key. For example, you could use a one-
> byte value to select the key slot.
Is this really a valid way to go about crypto -- introduce all kinds
of obscure nuances into the API which are driver specific at best ?
Best regards,
Marek Vasut
next prev parent reply other threads:[~2015-06-04 15:34 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <554BBD05.3050807@freescale.com>
[not found] ` <201505080220.56630.marex@denx.de>
[not found] ` <55673BF4.3040108@freescale.com>
2015-05-28 18:27 ` Crypto driver -DCP Marek Vasut
[not found] ` <20150529003700.GC14942@gondor.apana.org.au>
2015-05-29 0:40 ` Marek Vasut
2015-05-29 0:45 ` Herbert Xu
2015-05-29 1:00 ` Marek Vasut
2015-05-29 1:23 ` Herbert Xu
2015-05-29 1:29 ` Marek Vasut
2015-05-29 1:32 ` Herbert Xu
2015-05-29 13:02 ` Marek Vasut
2015-05-29 13:30 ` Herbert Xu
2015-06-01 13:24 ` Marek Vasut
2015-06-01 14:50 ` Herbert Xu
2015-06-03 12:54 ` Marek Vasut
2015-06-02 18:57 ` Jay Monkman
2015-06-03 2:11 ` Herbert Xu
2015-06-03 20:02 ` Jay Monkman
2015-06-04 3:24 ` Herbert Xu
2015-06-04 15:34 ` Marek Vasut [this message]
2015-06-05 3:54 ` Herbert Xu
2015-06-05 14:38 ` Marek Vasut
2015-06-08 4:52 ` Herbert Xu
2015-06-08 8:45 ` Marek Vasut
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201506041734.40053.marex@denx.de \
--to=marex@denx.de \
--cc=herbert@gondor.apana.org.au \
--cc=jay.monkman@freescale.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.