Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp738030pxf;
        Wed, 10 Mar 2021 16:53:31 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxV9D1j30WQXogh68R2WV1BXOnzp/wazl7yoZ7yz8b3gutHRhn635lo5adLu2aNulDkkeQO
X-Received: by 2002:a05:6402:3089:: with SMTP id de9mr6131701edb.10.1615424011202;
        Wed, 10 Mar 2021 16:53:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1615424011; cv=none;
        d=google.com; s=arc-20160816;
        b=bxzkt7wmzyWRXJzECaem/1r5UQj5S33ByjTkmaSz3eiyl05MqiinEuYcYj1DN/wcXs
         GxNdPLjW50C8g3l+sE6lGwA7zR41z5gH+oe9eTuWLjsb+CqhFJH9UBBBZFKe+07xPmU1
         XltG0JaGJuE9lkCiatYTn86sQKqtdeByyX1a035xmJTrL0o3kv87oEaEPhRagSx0v9Il
         RUQpSUmsxfyYKqUPboy+kIAA7vVFok1zBiCrugLCpfW6RGNYIDarx5Z8qWpiDvx7t8Ff
         K3BQLfb2H1A/wc8H0/Kg6duQRbCiwsZJHmwJQgMkColyKDCwKTVz9PWlmO7ZqGzvsoFo
         1UyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=ox3YbRagycUxmw78NTFqQ+S7fDqtoh07jucOaJdw1fo=;
        b=zhPT9AQuHxlv9iXn6K2O00mnDbu2kCkbkelEFyYKwmJhSX2gvHD3yaYi+rCcIthpzA
         DONoL+PXkLTIlE5Bwh/RbcDnSWZ7BANExgSe214+805ry/cn9hLRkKoxdk9pruUhX5AJ
         4gwt9Tb5L0ssHWPNQIX0TKx0iS1ylYCNuyKdAXoAz+OuTVN0p2luLKde7n5EnK8QpuS6
         EsRomE5N1kzUHQlC97LtdFpYoSoQRBGlCklj9e4ehdEB1bB1oEWOJf42bVCSMRj0xwmc
         m+EA+ADAeQsl/c6drSU+BlHiKhUDUdE+LTx5kCmMGwSl9R4uLMqgFP90hH4LbfNE0k5B
         oVjA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=gVxWSX3G;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g19si627739ejf.52.2021.03.10.16.53.09;
        Wed, 10 Mar 2021 16:53:31 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=gVxWSX3G;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229747AbhCKAtk (ORCPT <rfc822;m15259695263@gmail.com>
        + 99 others); Wed, 10 Mar 2021 19:49:40 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52836 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229562AbhCKAtV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Mar 2021 19:49:21 -0500
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 331EBC061760
        for <linux-kernel@vger.kernel.org>; Wed, 10 Mar 2021 16:49:21 -0800 (PST)
Received: by mail-lj1-x236.google.com with SMTP id e20so165782ljn.6
        for <linux-kernel@vger.kernel.org>; Wed, 10 Mar 2021 16:49:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=ox3YbRagycUxmw78NTFqQ+S7fDqtoh07jucOaJdw1fo=;
        b=gVxWSX3GBSMyahq/hWU0tB+mLUCX21zWMy0Y4QPm7WGghRLuDygp+2XrwCt5ARRPmg
         1AqC8Gpk+8lGbA40j/v9mxJflQkHNOSxeW/x9peiDgKOua4ck2K5RYD3xFcMJFrdoZ0T
         qUW/FbL4LCQZUgA1kFbRg0mw5D5FdqATt1uWuP6utIK0QOWgtKFtZzYaeYBobg7PU5WS
         gbvYN7IyE4g6X7GFOP2jpVAcMHq4Ox1fwbFMxv+5t14oCsCLn3Uj+bbi6PrIZPDLPtSL
         NDStu6t58b+POgN3O6H6E09HKKFDDKAbJ3lpyc2dvQbDGvMMWOOJCMzXJABEZUiTNetc
         OEqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=ox3YbRagycUxmw78NTFqQ+S7fDqtoh07jucOaJdw1fo=;
        b=EXkuXMdMf2KuG1q/RqjwVoay4eJL5wYJztyKkiOz8Ch4DW/sPj96YhoSz+xHWY5rRX
         C3n936roREPcLobWX1o0tAHxkRW9CytJ3v0Rb3FTpePcuhkj1lkNDmrKl1GWQrK5ybxr
         4hpj2oqeTjMALlDD5GpIoDDK1ervTdDQhfVeer8SzgRRHn5vJpO7JRPiNi9gMhSrQ5bv
         J28iaHTZE68/yBTbOvXi4JeYFbIjecB9C1mU8x/I7QuHhwIGfX7QT6H0koEs958/S6V2
         dIYeND7JG3jo8ixYf+ZSysvNiGlc/TtbpkNg12ELiOV+KcGwBsHuP6t+ffq4yvKuGEN1
         x+WQ==
X-Gm-Message-State: AOAM530h0jMv8hf5bUWgSgw6+urMSagHMsqFJo1z4nagFgTxOAXbVvK3
        Q03GWgMkMEVRWV0NJHaTXBT5lPnTSnz5rqvCORtIqw==
X-Received: by 2002:a2e:9004:: with SMTP id h4mr3366846ljg.326.1615423759569;
 Wed, 10 Mar 2021 16:49:19 -0800 (PST)
MIME-Version: 1.0
References: <20210303135500.24673-1-alex.bennee@linaro.org>
 <20210303135500.24673-2-alex.bennee@linaro.org> <CAK8P3a0W5X8Mvq0tDrz7d67SfQA=PqthpnGDhn8w1Xhwa030-A@mail.gmail.com>
 <20210305075131.GA15940@goby> <CAK8P3a0qtByN4Fnutr1yetdVZkPJn87yK+w+_DAUXOMif-13aA@mail.gmail.com>
 <CACRpkdb4RkQvDBgTMW_+7yYBsHNRyJZiT5bn04uQJgk7tKGDOA@mail.gmail.com>
 <6c542548-cc16-af68-c755-df52bd13b209@marcan.st> <CAFA6WYOYmTgguVDwpyjnt3gLssqW48qzAkRD_nyPYg0nNhxT2A@mail.gmail.com>
 <beca6bc8-8970-bd01-8de0-6ded1fb69be2@marcan.st> <CAFA6WYMSJxK2CjmoLJ6mdNNEfOQOMVXZPbbFRfah7KLeZNfguw@mail.gmail.com>
In-Reply-To: <CAFA6WYMSJxK2CjmoLJ6mdNNEfOQOMVXZPbbFRfah7KLeZNfguw@mail.gmail.com>
From:   Linus Walleij <linus.walleij@linaro.org>
Date:   Thu, 11 Mar 2021 01:49:08 +0100
Message-ID: <CACRpkdZb5UMyq5qSJE==3ZnH-7fh92q_t4AnE8mPm0oFEJxqpQ@mail.gmail.com>
Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem
To:     Sumit Garg <sumit.garg@linaro.org>
Cc:     Hector Martin <marcan@marcan.st>, Arnd Bergmann <arnd@linaro.org>,
        "open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
        David Howells <dhowells@redhat.com>,
        Jarkko Sakkinen <jarkko@kernel.org>,
        Joakim Bech <joakim.bech@linaro.org>,
        =?UTF-8?B?QWxleCBCZW5uw6ll?= <alex.bennee@linaro.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Maxim Uvarov <maxim.uvarov@linaro.org>,
        Ilias Apalodimas <ilias.apalodimas@linaro.org>,
        Ruchika Gupta <ruchika.gupta@linaro.org>,
        "Winkler, Tomas" <tomas.winkler@intel.com>, yang.huang@intel.com,
        bing.zhu@intel.com, Matti.Moell@opensynergy.com,
        hmo@opensynergy.com, linux-mmc <linux-mmc@vger.kernel.org>,
        linux-scsi <linux-scsi@vger.kernel.org>,
        linux-nvme@vger.kernel.org, Ulf Hansson <ulf.hansson@linaro.org>,
        Arnd Bergmann <arnd.bergmann@linaro.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Mar 10, 2021 at 11:29 AM Sumit Garg <sumit.garg@linaro.org> wrote:

> And RPMB key provisioning
> being a one time process should be carried out carefully during device
> manufacturing only.

For a product use case such as a mobile or chromebook or
set-top box: yes. In this scenario something like TEE possesses
this symmetric key.

But for a random laptop with an NVME containing an RPMB it
may be something the user want to initialize and use to lock down
their machine.

The use case for TPM on laptops is similar: it can be used by a
provider to lock down a machine, but it can also be used by the
random user to store keys. Very few users beside James
Bottomley are capable of doing that (I am not) but they exist.
https://blog.hansenpartnership.com/using-your-tpm-as-a-secure-key-store/

I think we need to think not only of existing use cases but also
possible ones even if there is currently no software for other
use cases. (But maybe that is too ambitious.)

Yours,
Linus Walleij