From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E59ECCD128A for ; Wed, 3 Apr 2024 15:48:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:References:Subject:Cc:To: From:Message-Id:Date:Mime-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=ILnQ//FEhRwm+HxxPmhz3LDCTXgcjFlwpDZmr7nIVbQ=; b=Laxz0rd5/Dm5G/ mZoKHeV8Y6GedKCch3yeUcn40gT1y4QgU2jT/4T5sgRPPKe594D7dWl1en7eu6xp4NWkRx1pMdekn 5XJ35kFAMnIKUzfbTSgYUrGM/87A4xoI9Tn4aU3+kLhYCNNh+ofJEhDpHVV6tRVoHbJ9wEkMi+glp sSFu+jqDlIDnnkb7nSDbGG9gHeorL4dnInFTNlQg5hTAHekKaCnIcmCvJorc5zNUhymF9+7oCHhZ9 XiJVb3TBeaeAU5Rmbbz1nzOjHI+L43BLMqI1vqW1Vc+AhNkj03bnnJNPjO7aHDxB7pkGuItv6Nera tdbIsYn6D+3HkENZkDcg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rs2qK-0000000GoDa-3LCk; Wed, 03 Apr 2024 15:48:04 +0000 Received: from sin.source.kernel.org ([2604:1380:40e1:4800::1]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rs2qI-0000000GoBn-0QT5 for linux-arm-kernel@lists.infradead.org; Wed, 03 Apr 2024 15:48:03 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 6DB3ACE2B77; Wed, 3 Apr 2024 15:48:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 13591C433C7; Wed, 3 Apr 2024 15:47:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712159279; bh=rrCR4x657hJj+9Z7FfIwTOL0bKqYr1iVATWuKVnBvdc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=dYo0Q27dSQQ3Ch8t1bv/4TDEGdVvlFtZiK/Zz2pAtDrV2dGg+D+XOJblloji6lf8f AT/1G9mjWsRaJTEV3z+NlLz40f+kBk5nFmcrUtgEA41qda5WwW4i8s4RLr/MzdF5zi YoTjxsD9V0zKYX4yL4N07X1LoysvapSXkS7G6OsnvSJFKJeNikI8cMxk3axKsNBB+y P6Adfksr8JnIG1LemgmEFRN0C6BpU/ZKYmBXXWJOohD4naX0Imdw+22KIlCXUWOohl YL80cR6IKID87Ymp816wKnW4iT/VyBYwP0nq6oFeuIpysRTK4u+RGJb+IBGt3Xt9x0 vxIbwg0cDWVFw== Mime-Version: 1.0 Date: Wed, 03 Apr 2024 18:47:51 +0300 Message-Id: From: "Jarkko Sakkinen" To: "David Gstir" , "Mimi Zohar" , "James Bottomley" , "Herbert Xu" , "David S. Miller" Cc: "Shawn Guo" , "Jonathan Corbet" , "Sascha Hauer" , "Pengutronix Kernel Team" , "Fabio Estevam" , "NXP Linux Team" , "Ahmad Fatoum" , "sigma star Kernel Team" , "David Howells" , "Li Yang" , "Paul Moore" , "James Morris" , "Serge E. Hallyn" , "Paul E. McKenney" , "Randy Dunlap" , "Catalin Marinas" , "Rafael J. Wysocki" , "Tejun Heo" , "Steven Rostedt (Google)" , , , , , , , , , "Richard Weinberger" , "David Oberhollenzer" Subject: Re: [PATCH v8 6/6] docs: trusted-encrypted: add DCP as new trust source X-Mailer: aerc 0.17.0 References: <20240403072131.54935-1-david@sigma-star.at> <20240403072131.54935-7-david@sigma-star.at> In-Reply-To: <20240403072131.54935-7-david@sigma-star.at> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240403_084802_563702_0D9A3FCC X-CRM114-Status: GOOD ( 28.03 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed Apr 3, 2024 at 10:21 AM EEST, David Gstir wrote: > Update the documentation for trusted and encrypted KEYS with DCP as new > trust source: > > - Describe security properties of DCP trust source > - Describe key usage > - Document blob format > > Co-developed-by: Richard Weinberger > Signed-off-by: Richard Weinberger > Co-developed-by: David Oberhollenzer > Signed-off-by: David Oberhollenzer > Signed-off-by: David Gstir > --- > .../security/keys/trusted-encrypted.rst | 53 +++++++++++++++++++ > security/keys/trusted-keys/trusted_dcp.c | 19 +++++++ > 2 files changed, 72 insertions(+) > > diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst > index e989b9802f92..f4d7e162d5e4 100644 > --- a/Documentation/security/keys/trusted-encrypted.rst > +++ b/Documentation/security/keys/trusted-encrypted.rst > @@ -42,6 +42,14 @@ safe. > randomly generated and fused into each SoC at manufacturing time. > Otherwise, a common fixed test key is used instead. > > + (4) DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs) > + > + Rooted to a one-time programmable key (OTP) that is generally burnt > + in the on-chip fuses and is accessible to the DCP encryption engine only. > + DCP provides two keys that can be used as root of trust: the OTP key > + and the UNIQUE key. Default is to use the UNIQUE key, but selecting > + the OTP key can be done via a module parameter (dcp_use_otp_key). > + > * Execution isolation > > (1) TPM > @@ -57,6 +65,12 @@ safe. > > Fixed set of operations running in isolated execution environment. > > + (4) DCP > + > + Fixed set of cryptographic operations running in isolated execution > + environment. Only basic blob key encryption is executed there. > + The actual key sealing/unsealing is done on main processor/kernel space. > + > * Optional binding to platform integrity state > > (1) TPM > @@ -79,6 +93,11 @@ safe. > Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs > for platform integrity. > > + (4) DCP > + > + Relies on Secure/Trusted boot process (called HAB by vendor) for > + platform integrity. > + > * Interfaces and APIs > > (1) TPM > @@ -94,6 +113,11 @@ safe. > > Interface is specific to silicon vendor. > > + (4) DCP > + > + Vendor-specific API that is implemented as part of the DCP crypto driver in > + ``drivers/crypto/mxs-dcp.c``. > + > * Threat model > > The strength and appropriateness of a particular trust source for a given > @@ -129,6 +153,13 @@ selected trust source: > CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure the device > is probed. > > + * DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs) > + > + The DCP hardware device itself does not provide a dedicated RNG interface, > + so the kernel default RNG is used. SoCs with DCP like the i.MX6ULL do have > + a dedicated hardware RNG that is independent from DCP which can be enabled > + to back the kernel RNG. > + > Users may override this by specifying ``trusted.rng=kernel`` on the kernel > command-line to override the used RNG with the kernel's random number pool. > > @@ -231,6 +262,19 @@ Usage:: > CAAM-specific format. The key length for new keys is always in bytes. > Trusted Keys can be 32 - 128 bytes (256 - 1024 bits). > > +Trusted Keys usage: DCP > +----------------------- > + > +Usage:: > + > + keyctl add trusted name "new keylen" ring > + keyctl add trusted name "load hex_blob" ring > + keyctl print keyid > + > +"keyctl print" returns an ASCII hex copy of the sealed key, which is in format > +specific to this DCP key-blob implementation. The key length for new keys is > +always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits). > + > Encrypted Keys usage > -------------------- > > @@ -426,3 +470,12 @@ string length. > privkey is the binary representation of TPM2B_PUBLIC excluding the > initial TPM2B header which can be reconstructed from the ASN.1 octed > string length. > + > +DCP Blob Format > +--------------- > + > +.. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c > + :doc: dcp blob format > + > +.. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c > + :identifiers: struct dcp_blob_fmt > diff --git a/security/keys/trusted-keys/trusted_dcp.c b/security/keys/trusted-keys/trusted_dcp.c > index 16c44aafeab3..b5f81a05be36 100644 > --- a/security/keys/trusted-keys/trusted_dcp.c > +++ b/security/keys/trusted-keys/trusted_dcp.c > @@ -19,6 +19,25 @@ > #define DCP_BLOB_VERSION 1 > #define DCP_BLOB_AUTHLEN 16 > > +/** > + * DOC: dcp blob format > + * > + * The Data Co-Processor (DCP) provides hardware-bound AES keys using its > + * AES encryption engine only. It does not provide direct key sealing/unsealing. > + * To make DCP hardware encryption keys usable as trust source, we define > + * our own custom format that uses a hardware-bound key to secure the sealing > + * key stored in the key blob. > + * > + * Whenever a new trusted key using DCP is generated, we generate a random 128-bit > + * blob encryption key (BEK) and 128-bit nonce. The BEK and nonce are used to > + * encrypt the trusted key payload using AES-128-GCM. > + * > + * The BEK itself is encrypted using the hardware-bound key using the DCP's AES > + * encryption engine with AES-128-ECB. The encrypted BEK, generated nonce, > + * BEK-encrypted payload and authentication tag make up the blob format together > + * with a version number, payload length and authentication tag. > + */ > + > /** > * struct dcp_blob_fmt - DCP BLOB format. > * Reviewed-by: Jarkko Sakkinen I can only test that this does not break a machine without the hardware feature. Is there anyone who could possibly peer test these patches? BR, Jarkko _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel