From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from metis.whiteo.stw.pengutronix.de (metis.whiteo.stw.pengutronix.de [185.203.201.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7BB9156860 for ; Tue, 9 Apr 2024 17:28:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.203.201.7 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712683720; cv=none; b=BfX9hPp4UDwy6seMzuUg2BjbXWHw1ddvTytzUl5zzoqc9bv3Fwhdd9Brt3LGGTGQ/ZfnEndGBRLOwLvfHK5SjJedxQwC7OtbnxxKTz8xDZWBC5hTAzWORM6JRJNETRNmglJKmy41u4AwVXyT9ic35l3DXSVQzb67fEWZx5RpzVc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712683720; c=relaxed/simple; bh=eHo/igXZcq8HeXdyeAD2kiUayElbdwtoFad+ENVCRhc=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=thSPL+MMZTz8is5//9pvqZu88NjB5kxR8up0f164OBDxP77CY9ydFC/Kia10+Eday1zsKr2KhTVNiF7tjLjpNNoI8nZQriRM0V0IFyoJF/vN7afKM1eoBQ5Dw4d4eCyb2ByA5SpWTrngsFdgI7aQxTcoZK0I1RLwC97tXz29gUs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de; spf=pass smtp.mailfrom=pengutronix.de; arc=none smtp.client-ip=185.203.201.7 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pengutronix.de Received: from ptz.office.stw.pengutronix.de ([2a0a:edc0:0:900:1d::77] helo=[127.0.0.1]) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1ruFGD-0001dT-16; Tue, 09 Apr 2024 19:27:53 +0200 Message-ID: <4c6164e5-bcfd-4172-a76e-db989f729a8a@pengutronix.de> Date: Tue, 9 Apr 2024 19:27:44 +0200 Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [EXT] [PATCH v8 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys Content-Language: en-US To: Kshitiz Varshney , David Gstir , Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Cc: "linux-doc@vger.kernel.org" , Gaurav Jain , Catalin Marinas , David Howells , "keyrings@vger.kernel.org" , Fabio Estevam , Paul Moore , Jonathan Corbet , Richard Weinberger , "Rafael J. Wysocki" , James Morris , dl-linux-imx , "Serge E. Hallyn" , "Paul E. McKenney" , Sascha Hauer , Pankaj Gupta , sigma star Kernel Team , "Steven Rostedt (Google)" , David Oberhollenzer , "linux-arm-kernel@lists.infradead.org" , "linuxppc-dev@lists.ozlabs.org" , Randy Dunlap , "linux-kernel@vger.kernel.org" , Li Yang , "linux-security-module@vger.kernel.org" , "linux-crypto@vger.kernel.org" , Pengutronix Kernel Team , Tejun Heo , "linux-integrity@vger.kernel.org" , Shawn Guo , Varun Sethi References: <20240403072131.54935-1-david@sigma-star.at> <20240403072131.54935-4-david@sigma-star.at> From: Ahmad Fatoum In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 2a0a:edc0:0:900:1d::77 X-SA-Exim-Mail-From: a.fatoum@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-security-module@vger.kernel.org Hello Kshitiz, On 09.04.24 12:54, Kshitiz Varshney wrote: > Hi David, >> + b->fmt_version = DCP_BLOB_VERSION; >> + get_random_bytes(b->nonce, AES_KEYSIZE_128); >> + get_random_bytes(b->blob_key, AES_KEYSIZE_128); > > We can use HWRNG instead of using kernel RNG. Please refer drivers/char/hw_random/imx-rngc.c imx-rngc can be enabled and used to seed the kernel entropy pool. Adding direct calls into imx-rngc here only introduces duplicated code at no extra benefit. Cheers, Ahmad -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |