From: Jay Monkman <jay.monkman@freescale.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Marek Vasut <marex@denx.de>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: Crypto driver -DCP
Date: Wed, 3 Jun 2015 15:02:13 -0500 [thread overview]
Message-ID: <556F5D45.9020809@freescale.com> (raw)
In-Reply-To: <20150603021135.GA2451@gondor.apana.org.au>
On 06/02/2015 09:11 PM, Herbert Xu wrote:
> On Tue, Jun 02, 2015 at 01:57:28PM -0500, Jay Monkman wrote:
>>
>> I have another question. The DCP (and other crypto accelerators on
>> other SOCs) supports key slots - basically write only RAM that's
>> used to store keys so they can be used for encrypt/decrypt
>> operations. DCP supports 4 key slots, other devices have different
>> numbers. Do you have any suggestion for how to add support for
>> something like that to the driver?
>
> So these would allow faster switching of keys I presume?
That would be one use, but a more likely use would be to prevent access
to the keys. A system could write keys to the key slots in the
bootloader or in a TrustZone secure world. Then those keys could be used
for crypto operations in Linux without ever exposing them. Key slots can
be written to, but cannot be read from.
Even with keys stored in key slots, other keys may be used. For example,
someone could do:
operation w/ key in slot 1
operation w/ key provided in descriptor
operation w/ key in slot 1
I don't think an LRU scheme would allow something like that.
next prev parent reply other threads:[~2015-06-03 20:35 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <554BBD05.3050807@freescale.com>
[not found] ` <201505080220.56630.marex@denx.de>
[not found] ` <55673BF4.3040108@freescale.com>
2015-05-28 18:27 ` Crypto driver -DCP Marek Vasut
[not found] ` <20150529003700.GC14942@gondor.apana.org.au>
2015-05-29 0:40 ` Marek Vasut
2015-05-29 0:45 ` Herbert Xu
2015-05-29 1:00 ` Marek Vasut
2015-05-29 1:23 ` Herbert Xu
2015-05-29 1:29 ` Marek Vasut
2015-05-29 1:32 ` Herbert Xu
2015-05-29 13:02 ` Marek Vasut
2015-05-29 13:30 ` Herbert Xu
2015-06-01 13:24 ` Marek Vasut
2015-06-01 14:50 ` Herbert Xu
2015-06-03 12:54 ` Marek Vasut
2015-06-02 18:57 ` Jay Monkman
2015-06-03 2:11 ` Herbert Xu
2015-06-03 20:02 ` Jay Monkman [this message]
2015-06-04 3:24 ` Herbert Xu
2015-06-04 15:34 ` Marek Vasut
2015-06-05 3:54 ` Herbert Xu
2015-06-05 14:38 ` Marek Vasut
2015-06-08 4:52 ` Herbert Xu
2015-06-08 8:45 ` Marek Vasut
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=556F5D45.9020809@freescale.com \
--to=jay.monkman@freescale.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=marex@denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).