From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A230DC25B6B for ; Wed, 25 Oct 2023 17:49:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232688AbjJYRth (ORCPT ); Wed, 25 Oct 2023 13:49:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229978AbjJYRtg (ORCPT ); Wed, 25 Oct 2023 13:49:36 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B990181; Wed, 25 Oct 2023 10:49:33 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 96A26C433C8; Wed, 25 Oct 2023 17:49:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1698256173; bh=CeyTBZs2xeQb0TaJ5m+PpCM8nU28HSwaY1ik5tYD5o0=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=nadt9RxLEqdHQTzPCvB13pBQ1Ju+RhH3NuQ+TT+dsOEsLlKYWgzWmdZbyM7HjHxsG R7PqnTwS5jDxcU0LCHA15oW67sHKbxeTFWDFsZkNjS6wPoDme83JMnIAkPZg+iMOiG gvM89z6zDpLOCUhfgShobVv5NtRtt4igElnNjJJ596qVQ+FJAdlCIlJVfWw15kw+fH f5I8rbfwXSh5SoR2cWdwEa/TzVEJcmGZb6bAlUNACxoItcxlsz1b14qIJ0v05LDXT/ /IOHbguBYqKOkVKZvQ+XVSmfCas70j1oqYv3vTtDp6JapFQpKWQ/rNR8apP0znKWAp pOMIzfudAr/HA== Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Wed, 25 Oct 2023 20:49:24 +0300 Message-Id: Cc: "Shawn Guo" , "Jonathan Corbet" , "Sascha Hauer" , "Pengutronix Kernel Team" , "Fabio Estevam" , "NXP Linux Team" , "Ahmad Fatoum" , "sigma star Kernel Team" , "David Howells" , "Li Yang" , "Paul Moore" , "James Morris" , "Serge E. Hallyn" , "Paul E. McKenney" , "Randy Dunlap" , "Catalin Marinas" , "Rafael J. Wysocki" , "Tejun Heo" , "Steven Rostedt (Google)" , , , , , , , , , "Richard Weinberger" , "David Oberhollenzer" Subject: Re: [PATCH v4 2/5] KEYS: trusted: Introduce NXP DCP-backed trusted keys From: "Jarkko Sakkinen" To: "David Gstir" , "Mimi Zohar" , "James Bottomley" , "Herbert Xu" , "David S. Miller" X-Mailer: aerc 0.15.2 References: <20231024162024.51260-1-david@sigma-star.at> <20231024162024.51260-3-david@sigma-star.at> In-Reply-To: <20231024162024.51260-3-david@sigma-star.at> Precedence: bulk List-ID: On Tue Oct 24, 2023 at 7:20 PM EEST, David Gstir wrote: > DCP (Data Co-Processor) is the little brother of NXP's CAAM IP. > Beside of accelerated crypto operations, it also offers support for > hardware-bound keys. Using this feature it is possible to implement a blo= b > mechanism similar to what CAAM offers. Unlike on CAAM, constructing and > parsing the blob has to happen in software (i.e. the kernel). > > The software-based blob format used by DCP trusted keys encrypts > the payload using AES-128-GCM with a freshly generated random key and non= ce. > The random key itself is AES-128-ECB encrypted using the DCP unique > or OTP key. > > The DCP trusted key blob format is: > /* > * struct dcp_blob_fmt - DCP BLOB format. > * > * @fmt_version: Format version, currently being %1 > * @blob_key: Random AES 128 key which is used to encrypt @payload, > * @blob_key itself is encrypted with OTP or UNIQUE device key= in > * AES-128-ECB mode by DCP. > * @nonce: Random nonce used for @payload encryption. > * @payload_len: Length of the plain text @payload. > * @payload: The payload itself, encrypted using AES-128-GCM and @blob_ke= y, > * GCM auth tag of size AES_BLOCK_SIZE is attached at the end o= f it. > * > * The total size of a DCP BLOB is sizeof(struct dcp_blob_fmt) + @payload= _len + > * AES_BLOCK_SIZE. > */ > struct dcp_blob_fmt { > __u8 fmt_version; > __u8 blob_key[AES_KEYSIZE_128]; > __u8 nonce[AES_KEYSIZE_128]; > __le32 payload_len; > __u8 payload[]; > } __packed; > > By default the unique key is used. It is also possible to use the > OTP key. While the unique key should be unique it is not documented how > this key is derived. Therefore selection the OTP key is supported as > well via the use_otp_key module parameter. > > Co-developed-by: Richard Weinberger > Signed-off-by: Richard Weinberger > Co-developed-by: David Oberhollenzer > Signed-off-by: David Oberhollenzer > Signed-off-by: David Gstir > --- > include/keys/trusted_dcp.h | 11 + > security/keys/trusted-keys/Kconfig | 9 +- > security/keys/trusted-keys/Makefile | 2 + > security/keys/trusted-keys/trusted_core.c | 6 +- > security/keys/trusted-keys/trusted_dcp.c | 311 ++++++++++++++++++++++ > 5 files changed, 337 insertions(+), 2 deletions(-) > create mode 100644 include/keys/trusted_dcp.h > create mode 100644 security/keys/trusted-keys/trusted_dcp.c > > diff --git a/include/keys/trusted_dcp.h b/include/keys/trusted_dcp.h > new file mode 100644 > index 000000000000..9aaa42075b40 > --- /dev/null > +++ b/include/keys/trusted_dcp.h > @@ -0,0 +1,11 @@ > +/* SPDX-License-Identifier: GPL-2.0-only */ > +/* > + * Copyright (C) 2021 sigma star gmbh > + */ > + > +#ifndef TRUSTED_DCP_H > +#define TRUSTED_DCP_H > + > +extern struct trusted_key_ops dcp_trusted_key_ops; > + > +#endif > diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-k= eys/Kconfig > index dbfdd8536468..c6b80b7e5c78 100644 > --- a/security/keys/trusted-keys/Kconfig > +++ b/security/keys/trusted-keys/Kconfig > @@ -33,6 +33,13 @@ config TRUSTED_KEYS_CAAM > Enable use of NXP's Cryptographic Accelerator and Assurance Module > (CAAM) as trusted key backend. > =20 > -if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM > +config TRUSTED_KEYS_DCP > + bool "DCP-based trusted keys" > + depends on CRYPTO_DEV_MXS_DCP >=3D TRUSTED_KEYS > + default y > + help > + Enable use of NXP's DCP (Data Co-Processor) as trusted key backend. > + > +if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM && !TRUS= TED_KEYS_DCP This does not scale tbh. I'd suggest to add additional patch before adding the new key type, which clears this up a little bit. First: config HAVE_TRUSTED_KEYS bool And then following this pattern to all trusted key types: config TRUSTED_KEYS_DCP bool "DCP-based trusted keys" depends on CRYPTO_DEV_MXS_DCP >=3D TRUSTED_KEYS default y select HAVE_TRUSTED_KEYS help Enable use of NXP's DCP (Data Co-Processor) as trusted key backend. And finally: if !HAVE_TRUSTED_KEYS comment "No trust source selected!" endif BR, Jarkko