From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: "Marek Behún" <kabel@kernel.org>
Cc: "Gregory CLEMENT" <gregory.clement@bootlin.com>,
"Arnd Bergmann" <arnd@arndb.de>,
soc@kernel.org, arm@kernel.org,
"Andy Shevchenko" <andy@kernel.org>,
"Hans de Goede" <hdegoede@redhat.com>,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
linux-crypto@vger.kernel.org,
"Dan Carpenter" <dan.carpenter@linaro.org>
Subject: Re: [PATCH v10 7/9] platform: cznic: turris-omnia-mcu: Add support for digital message signing via debugfs
Date: Fri, 10 May 2024 11:52:56 +0100 [thread overview]
Message-ID: <2024051007-rendering-borrowing-ffc5@gregkh> (raw)
In-Reply-To: <20240510101819.13551-8-kabel@kernel.org>
On Fri, May 10, 2024 at 12:18:17PM +0200, Marek Behún wrote:
> Add support for digital message signing with private key stored in the
> MCU. Boards with MKL MCUs have a NIST256p ECDSA private key created
> when manufactured. The private key is not readable from the MCU, but
> MCU allows for signing messages with it and retrieving the public key.
>
> As described in a similar commit 50524d787de3 ("firmware:
> turris-mox-rwtm: support ECDSA signatures via debugfs"):
> The optimal solution would be to register an akcipher provider via
> kernel's crypto API, but crypto API does not yet support accessing
> akcipher API from userspace (and probably won't for some time, see
> https://www.spinics.net/lists/linux-crypto/msg38388.html).
>
> Therefore we add support for accessing this signature generation
> mechanism via debugfs for now, so that userspace can access it.
Having a "real" user/kernel api in debugfs feels wrong here, why would
you not do this properly? On most, if not all, systems, debugfs is
locked down so you do not have access to it, as it is only there for
debugging. So how is a user supposed to use this feature if they can't
get access to it?
And debugfs files can be changed at any time, so how can you ensure that
your new api will always be there?
In other words, please solve this properly, do not just add a hack into
debugfs that no one can use as that is not a good idea.
thanks,
greg k-h
next prev parent reply other threads:[~2024-05-10 10:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-10 10:18 [PATCH v10 0/9] Turris Omnia MCU driver Marek Behún
2024-05-10 10:18 ` [PATCH v10 6/9] platform: cznic: turris-omnia-mcu: Add support for MCU provided TRNG Marek Behún
2024-05-10 10:18 ` [PATCH v10 7/9] platform: cznic: turris-omnia-mcu: Add support for digital message signing via debugfs Marek Behún
2024-05-10 10:52 ` Greg Kroah-Hartman [this message]
2024-05-10 11:31 ` Marek Behún
2024-05-10 11:37 ` Greg Kroah-Hartman
2024-05-10 11:50 ` Marek Behún
2024-05-10 12:52 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024051007-rendering-borrowing-ffc5@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=andy@kernel.org \
--cc=arm@kernel.org \
--cc=arnd@arndb.de \
--cc=dan.carpenter@linaro.org \
--cc=gregory.clement@bootlin.com \
--cc=hdegoede@redhat.com \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=kabel@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=soc@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox