Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3055566pxj; Mon, 14 Jun 2021 13:19:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz1Qv4HgJajVEuTJSldm2s/BqXIl41lPSFuj9ImeOzP5h0dtWhEm0E2ZXdZS5hSVlgE+zfF X-Received: by 2002:a17:906:a043:: with SMTP id bg3mr14822198ejb.444.1623701996133; Mon, 14 Jun 2021 13:19:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623701996; cv=none; d=google.com; s=arc-20160816; b=UkFWRftXRC6aH+aHVmBhnTC6sm2qgqwT6y1GZ+vNo3XrueaKSNfRXkOd5HVI0qwfS3 dSRdFEmsi21cczyyNDDYx6s8lwctTJYAXfZQJ+vlrWzhVDaVtBKvzDM+15ZC+a07blj+ HN+XLvd6BQOyCJeViC66iDV+7kRWOHJeAjzZtSUsXzxCcwU47Uhl9QVsuxlNY6a1sCbz gQM6yuJzlQqm+nYYnFC5fm5EmV3j+CmKk2IkE/bLGAyInsrTzQoIYq6mkvZ1IPwyHapC Ocqqyz/s29L/M37gUFRNcgpB8+D6Od3qa6A7rk8eqKendrTNsTfwtceTC54QakQy4Zg8 hzhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=/rceDEiZwIEHlBNtUSahygy5nlE4DrbxqHU1JZ4Dqzc=; b=cKDNFIeQFjRI/76NXvOdAQJaaqGpkK6lULkpT/+3VkMola3tRolf1qa/eNXEWCohAr jy8BbgQZ3NlJJol6pAe3D0KEMe276Ca4CFTAQcu1psCowoH7EG7I/q1jMCr3Ww59puZr T2v3pLnnjZ08De6n5TMp4l3sOV2YFgjF2+PBH53a6G66oOkoH2F5/efeT016pnTeVOZw iNFlO+rPrknrem8Mz3shtFkJfIYkWiP3B3093snq/w0CInjMzZk/vxtVXk8lrYSbLNJM HiQSe6tDI2AQxveO29qYkbhQxIUpb8WPfrfpRClEzkgIh+m/A8a98yroxlb/ezcDXaZb jYIA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z21si10846540edd.20.2021.06.14.13.19.33; Mon, 14 Jun 2021 13:19:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234511AbhFNUSp (ORCPT + 99 others); Mon, 14 Jun 2021 16:18:45 -0400 Received: from lilium.sigma-star.at ([109.75.188.150]:59080 "EHLO lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233094AbhFNUSo (ORCPT ); Mon, 14 Jun 2021 16:18:44 -0400 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id CD8851817A0D5; Mon, 14 Jun 2021 22:16:36 +0200 (CEST) Received: from lilium.sigma-star.at ([127.0.0.1]) by localhost (lilium.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id LQOMc3Q2a1Ft; Mon, 14 Jun 2021 22:16:35 +0200 (CEST) Received: from lilium.sigma-star.at ([127.0.0.1]) by localhost (lilium.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3Byo3RcpDR1u; Mon, 14 Jun 2021 22:16:34 +0200 (CEST) From: Richard Weinberger To: keyrings@vger.kernel.org Cc: Richard Weinberger , Ahmad Fatoum , David Gstir , David Howells , "David S. Miller" , Fabio Estevam , Herbert Xu , James Bottomley , James Morris , Jarkko Sakkinen , Jonathan Corbet , linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org, linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Mimi Zohar , NXP Linux Team , Pengutronix Kernel Team , Sascha Hauer , "Serge E. Hallyn" , Shawn Guo Subject: [PATCH 0/3] DCP as trusted keys backend Date: Mon, 14 Jun 2021 22:16:17 +0200 Message-Id: <20210614201620.30451-1-richard@nod.at> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org DCP is an IP core found on NXP SoCs such as i.mx6ull. While its bigger brother, CAAM, can directly wrap and unwrap blobs in hardware[0], DCP offers only the bare minimum and the blob mechanism needs aid from software. This series adds support for a new trusted keys backend that makes use of DCP's feature to use hardware keys which can never be read out. [0] https://lore.kernel.org/lkml/cover.56fff82362af6228372ea82e6bd7e586e2= 3f0966.1615914058.git-series.a.fatoum@pengutronix.de/ --- Cc: Ahmad Fatoum Cc: David Gstir Cc: David Howells Cc: "David S. Miller" Cc: Fabio Estevam Cc: Herbert Xu Cc: James Bottomley Cc: James Morris Cc: Jarkko Sakkinen Cc: Jonathan Corbet Cc: keyrings@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-crypto@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: Mimi Zohar Cc: NXP Linux Team Cc: Pengutronix Kernel Team Cc: Richard Weinberger Cc: Sascha Hauer Cc: "Serge E. Hallyn" Cc: Shawn Guo David Gstir (1): doc: trusted-encrypted: add DCP as new trust source Richard Weinberger (2): crypto: mxs-dcp: Add support for hardware provided keys KEYS: trusted: Introduce support for NXP DCP-based trusted keys .../admin-guide/kernel-parameters.txt | 1 + .../security/keys/trusted-encrypted.rst | 84 ++++- MAINTAINERS | 9 + drivers/crypto/mxs-dcp.c | 110 +++++- include/keys/trusted_dcp.h | 13 + include/linux/mxs-dcp.h | 19 + security/keys/trusted-keys/Makefile | 1 + security/keys/trusted-keys/trusted_core.c | 6 +- security/keys/trusted-keys/trusted_dcp.c | 325 ++++++++++++++++++ 9 files changed, 554 insertions(+), 14 deletions(-) create mode 100644 include/keys/trusted_dcp.h create mode 100644 include/linux/mxs-dcp.h create mode 100644 security/keys/trusted-keys/trusted_dcp.c --=20 2.26.2