From: Thorsten Blum <thorsten.blum@linux.dev>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Horia Geantă" <horia.geanta@nxp.com>,
"Pankaj Gupta" <pankaj.gupta@nxp.com>,
"Gaurav Jain" <gaurav.jain@nxp.com>,
"David S. Miller" <davem@davemloft.net>,
"Kim Phillips" <kim.phillips@freescale.com>,
"Yuan Kang" <Yuan.Kang@freescale.com>,
stable@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] crypto: caam - remove HMAC key hex dumps from hash_digest_key
Date: Wed, 18 Mar 2026 13:02:11 +0100 [thread overview]
Message-ID: <abqUQxdoH7zuszZQ@linux.dev> (raw)
In-Reply-To: <abpYWkDzofozlOWp@gondor.apana.org.au>
On Wed, Mar 18, 2026 at 04:46:34PM +0900, Herbert Xu wrote:
> On Tue, Mar 17, 2026 at 12:20:30PM +0100, Thorsten Blum wrote:
> >
> > This is not specifically about caam, but (debug) logging of potentially
> > sensitive key material should generally be avoided, imho. Some other
> > recent examples:
> >
> > https://lore.kernel.org/lkml/20260227230008.858641-2-thorsten.blum@linux.dev/
> > https://lore.kernel.org/lkml/20260303132552.65235-2-thorsten.blum@linux.dev/
> > https://lore.kernel.org/lkml/20260303190350.78705-2-thorsten.blum@linux.dev/
> >
> > > Is there a scenario where production systems will run with debugging
> > > enabled in caam?
> >
> > I don't know - possibly.
>
> I think a better solution is to turn these sensitive printk's to
> pr_devel. That way you can still get them by recompiling the kernel
> but they won't be enabled in any distro kernels.
>
> What do you think?
Sounds reasonable. However, the code is already using the debug-gated
print_hex_dump_debug(), which can also be enabled at runtime with
CONFIG_DYNAMIC_DEBUG.
So I think the question is not necessarily print_hex_dump_debug() vs.
pr_devel(), but whether we want to:
- keep the debug-only hex dumps
- remove the sensitive dumps
My main concern is that with CONFIG_DYNAMIC_DEBUG enabled, which doesn't
require DEBUG, these raw key dumps can still be turned on at runtime in
a deployed kernel.
If we want to keep the dumps for debug-only kernels, then #ifdef DEBUG
plus print_hex_dump() might be a good compromise.
next prev parent reply other threads:[~2026-03-18 12:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-06 11:12 [PATCH] crypto: caam - remove HMAC key hex dumps from hash_digest_key Thorsten Blum
2026-03-14 4:56 ` Herbert Xu
2026-03-17 11:20 ` Thorsten Blum
2026-03-18 7:46 ` Herbert Xu
2026-03-18 12:02 ` Thorsten Blum [this message]
2026-03-18 12:16 ` Herbert Xu
2026-03-18 12:29 ` Thorsten Blum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abqUQxdoH7zuszZQ@linux.dev \
--to=thorsten.blum@linux.dev \
--cc=Yuan.Kang@freescale.com \
--cc=davem@davemloft.net \
--cc=gaurav.jain@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=kim.phillips@freescale.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pankaj.gupta@nxp.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.