From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 87A0DEE3F37 for ; Tue, 12 Sep 2023 21:40:57 +0000 (UTC) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=sigma-star.at header.i=@sigma-star.at header.a=rsa-sha256 header.s=google header.b=cUKWTDfK; dkim-atps=neutral Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4RlcTN1333z3c5d for ; Wed, 13 Sep 2023 07:40:56 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=sigma-star.at header.i=@sigma-star.at header.a=rsa-sha256 header.s=google header.b=cUKWTDfK; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sigma-star.at (client-ip=2a00:1450:4864:20::632; helo=mail-ej1-x632.google.com; envelope-from=david@sigma-star.at; receiver=lists.ozlabs.org) Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4RlLWR4VnLz3dCd for ; Tue, 12 Sep 2023 21:11:45 +1000 (AEST) Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-9a9f139cd94so610476766b.2 for ; Tue, 12 Sep 2023 04:11:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; t=1694517101; x=1695121901; darn=lists.ozlabs.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=WMxyxYMtu219LMB4VQwtAfAzEA7xWrv4p6+B3IeeMCg=; b=cUKWTDfKLDWX+TFCpEhLjRFDZRmKCmT7MdBYxwenHDbAKxLzngJb5BTKkQEN6TDdfp dyyWzsEFf9zeQnM3zCOQ/1WUsNYm2KP1c6jngxg9PUowMm8f9LyGROk8WbITra/tmjMe BfQdXpNd8xapc0kTP9JxUsglCKeByBBraRduyET2hs+vKmVKev6hOzqd00xItzZr7gd9 nFNcyAM9O9noksAHzxhsFRReT2ujgAWHAhF4ThuFb83/IpNLXrR7iAOxKFcfh7qB64/P 5w3gJ8Fn/3YY3j2T/tOrXBd5nXlp6IOXA6+Rly1O02VUtZ1UxzrtO1Lvn2Hl4xc5WfHr o7lQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694517101; x=1695121901; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WMxyxYMtu219LMB4VQwtAfAzEA7xWrv4p6+B3IeeMCg=; b=trolcJwAgQoOSkMmHO/Hv/Y9OW1kh/0DjAyBytOofiG1tTy1AB92ivvVdpHfX8P/OP vQDuaJbmF7EqGaVO1Anckm+cgzHHkF/r2ddB7kcAgHOwE6UKTS9CfZ0fZ4lmIsReZjB7 AWymjQXjs3rIJ0drvVzrmKVs3lVDZxQG15mAEGByqauhEqQGzbWETvRCH1m3v3xV0vAR rDWshJBApffLLuRGOFOnzG+ticxaSZAw2FftnAgplmFhHcyMZZs6PqzakICq76j4Fh+x S1dxBJNsvTGC92aGrINUvJysQeiU0WhYpuA5nTIFetzXOLER27vvSlXESQx+UgRwTUsS EdaQ== X-Gm-Message-State: AOJu0YxCwNTOU8p5qi9xkTy6wp3bTzTgL2JXoCUtdMpQx7zfcrU9DNG/ qPYID4LHvlyvR/78Xh47PpbW1w== X-Google-Smtp-Source: AGHT+IGVIXpipGIV3RcKzH1lIoBGyC+f3uy72Hr8eeCBPxmUGKKb6/6xig/ZZuHGDB1u6QZuTruK9g== X-Received: by 2002:a17:906:2895:b0:9a1:b967:aca9 with SMTP id o21-20020a170906289500b009a1b967aca9mr9945956ejd.63.1694517100748; Tue, 12 Sep 2023 04:11:40 -0700 (PDT) Received: from localhost ([82.150.214.1]) by smtp.gmail.com with UTF8SMTPSA id rp6-20020a170907888600b009a9fbeb15f2sm6393915ejc.62.2023.09.12.04.11.38 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 12 Sep 2023 04:11:40 -0700 (PDT) From: David Gstir To: Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Subject: [PATCH v2 0/3] DCP as trusted keys backend Date: Tue, 12 Sep 2023 13:11:11 +0200 Message-ID: <20230912111115.24274-1-david@sigma-star.at> X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Wed, 13 Sep 2023 07:36:32 +1000 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: David Gstir , linux-doc@vger.kernel.org, Catalin Marinas , David Howells , keyrings@vger.kernel.org, Fabio Estevam , Ahmad Fatoum , Paul Moore , Jonathan Corbet , "Rafael J. Wysocki" , James Morris , NXP Linux Team , "Serge E. Hallyn" , "Paul E. McKenney" , Sascha Hauer , sigma star Kernel Team , "Steven Rostedt \(Google\)" , linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, Randy Dunlap , linux-kernel@vger.kernel.org, Li Yang , linux-security-module@vger.kernel.org, linux-crypto@vger.kernel.org, Pengutronix Kernel Team , Tejun Heo , linux-integrity@vger.kernel. org, Shawn Guo Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" This is a revival of the previous patch set submitted by Richard Weinberger: https://lore.kernel.org/linux-integrity/20210614201620.30451-1-richard@nod.at/ v1 -> v2: - Revive and rebase to latest version - Include review comments from Ahmad Fatoum The Data CoProcessor (DCP) is an IP core built into many NXP SoCs such as i.mx6ull. Similar to the CAAM engine used in more powerful SoCs, DCP can AES- encrypt/decrypt user data using a unique, never-disclosed, device-specific key. Unlike CAAM though, it cannot directly wrap and unwrap blobs in hardware. As DCP offers only the bare minimum feature set and a blob mechanism needs aid from software. A blob in this case is a piece of sensitive data (e.g. a key) that is encrypted and authenticated using the device-specific key so that unwrapping can only be done on the hardware where the blob was wrapped. This patch series adds a DCP based, trusted-key backend and is similar in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM. It is of interest for similar use cases as the CAAM patch set, but for lower end devices, where CAAM is not available. Because constructing and parsing the blob has to happen in software, we needed to decide on a blob format and chose the following: struct dcp_blob_fmt { __u8 fmt_version; __u8 blob_key[AES_KEYSIZE_128]; __u8 nonce[AES_KEYSIZE_128]; __le32 payload_len; __u8 payload[]; } __packed; The `fmt_version` is currently 1. The encrypted key is stored in the payload area. It is AES-128-GCM encrypted using `blob_key` and `nonce`, GCM auth tag is attached at the end of the payload (`payload_len` does not include the size of the auth tag). The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated randomly, when sealing/exporting the DCP blob. This patchset was tested with dm-crypt on an i.MX6ULL board. [0] https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fatoum@pengutronix.de/ David Gstir (3): crypto: mxs-dcp: Add support for hardware provided keys KEYS: trusted: Introduce support for NXP DCP-based trusted keys doc: trusted-encrypted: add DCP as new trust source .../admin-guide/kernel-parameters.txt | 13 + .../security/keys/trusted-encrypted.rst | 85 +++++ MAINTAINERS | 9 + drivers/crypto/mxs-dcp.c | 107 +++++- include/keys/trusted_dcp.h | 13 + include/soc/fsl/dcp.h | 19 ++ security/keys/trusted-keys/Kconfig | 9 +- security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_core.c | 6 +- security/keys/trusted-keys/trusted_dcp.c | 313 ++++++++++++++++++ 10 files changed, 563 insertions(+), 13 deletions(-) create mode 100644 include/keys/trusted_dcp.h create mode 100644 include/soc/fsl/dcp.h create mode 100644 security/keys/trusted-keys/trusted_dcp.c -- 2.35.3