Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp135528iob; Tue, 17 May 2022 21:27:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxB6xkq/Y+ZoY6ZhK/ifNKN7MT8skcuDHAO6IiP8khRq+NTRlLjHur1SEy3n0VQmfL4Th7K X-Received: by 2002:a17:902:7ecf:b0:161:3f64:253a with SMTP id p15-20020a1709027ecf00b001613f64253amr21315080plb.34.1652848022964; Tue, 17 May 2022 21:27:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652848022; cv=none; d=google.com; s=arc-20160816; b=bHDt5oU2bmSubEw4cvE3nMsg2UBI++wmzr/jo1PnDwlUh+VIr1iMHu/7cuZ4R/LlK9 Rjh7occDhvBrMlD63pXVBk84hUkKVgYA7aQa/XEW0ECCzyACCjs8oX4sX8lydMO+FDPN M/MYNN8+fLnegvEgtlxeya+FOHfXuzIKGqKZfGoPgjhK/uov0T3wzieT3pmsfWyXRF9O 0Eu4uSuBLM7bIiaPL6/+ePznVbU9HXf8u8K8DiStQDUY0MDrsETA4+7b8faw0K5nVK8v TqEj/EBZac74K/1Os4V9FncAcUVF0/SFixBgwkArbBKA0wB6Z4qWocw9m0UFbcDJ+jKt yWww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=sJA5HNvoKyXLH7X+0lH0WPS92sWNHhiOLepPwbTZTr0=; b=Kh5CKBUWOeQ1gov6KdUmXQJdsYdLgOzt7o0SUW98I8uGqVV5g8f+4b5NYWCEYjTz7V HSKjR5dRudZBpdR6TbbRMkyejaF0ceomJhpTniIiLyr6NcSItrXJO1kng/y4zgQ7SdSL dz1rg3hVW38ux7d8CVKt7lQF3hnKWyRYc7eqRSKgyfBXUmwuQRTlqoa65j1lFnyPGndN wVdzc/bCvFAqrdRrZRP41KGYJn9Fx50SaO7JvgHRgpbr7zTUqnXIBz9oSvXYlp0Kt4QA 3wHhy91rsyaYokMYuBbCPcTwm15p068FDTiO1eRdVtgJ3ZFklcKV7tZH8VMFp8fBZDCx fC0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Rw71t49D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id k13-20020aa788cd000000b0050d5d6ea474si1880841pff.85.2022.05.17.21.27.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 May 2022 21:27:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Rw71t49D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id DC5158CB2B; Tue, 17 May 2022 20:50:19 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241053AbiEQPxo (ORCPT + 99 others); Tue, 17 May 2022 11:53:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350650AbiEQPxl (ORCPT ); Tue, 17 May 2022 11:53:41 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E60BA227; Tue, 17 May 2022 08:53:40 -0700 (PDT) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 24HFmXiL021978; Tue, 17 May 2022 15:53:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=sJA5HNvoKyXLH7X+0lH0WPS92sWNHhiOLepPwbTZTr0=; b=Rw71t49D8PqBOCh7jHat+NZ4UIMN23nIXWrZ/4ykLbBObKnoTIMa4lXUd+vsir1tKhIi LgqwcTHVhmnnfcFEHe23JeV8J6XhiSjUMkg73QXzGXcR/5Tf2r6VI825ACmk/ouqoomW mD0Eucns4l4qWvWKrLCtUhlDS5ALhoNWaJZq4XeYGhdVjaPlSxKd/tk1+dMcqndtRCjd fVcn1N+N4OcxMNUf08F+23mfeKBaasC98wLbDDuOD4t7DQEo246tl+GWcnYhEO/SOD9v 6CMGvcfn4Tdhp+MkeYyM/DuBeL8jJgzXEAHKfDy55Y6V4WoLuXrTl2NGlV047tfamqR5 eQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3g4ebt8nyn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 May 2022 15:53:04 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 24HFn7gO025135; Tue, 17 May 2022 15:53:03 GMT Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3g4ebt8nxq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 May 2022 15:53:03 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 24HFqWIp032749; Tue, 17 May 2022 15:53:01 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma02fra.de.ibm.com with ESMTP id 3g2428kk1y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 May 2022 15:53:01 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 24HFqwcd43254228 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 17 May 2022 15:52:58 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AEC6BA404D; Tue, 17 May 2022 15:52:58 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ABE4AA4040; Tue, 17 May 2022 15:52:55 +0000 (GMT) Received: from sig-9-65-95-105.ibm.com (unknown [9.65.95.105]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 17 May 2022 15:52:55 +0000 (GMT) Message-ID: <1c6a5ce2564c29a06eca255072a379351a5fc026.camel@linux.ibm.com> Subject: Re: [PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material From: Mimi Zohar To: Ahmad Fatoum , James Bottomley , Jarkko Sakkinen , David Howells Cc: kernel@pengutronix.de, Sumit Garg , Pankaj Gupta , David Gstir , Michael Walle , John Ernberg , James Morris , "Serge E. Hallyn" , Horia =?UTF-8?Q?Geant=C4=83?= , Herbert Xu , "David S. Miller" , Jan Luebbe , Eric Biggers , Richard Weinberger , Franck LENORMAND , Matthias Schiffer , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Date: Tue, 17 May 2022 11:52:55 -0400 In-Reply-To: <20220513145705.2080323-3-a.fatoum@pengutronix.de> References: <20220513145705.2080323-1-a.fatoum@pengutronix.de> <20220513145705.2080323-3-a.fatoum@pengutronix.de> Content-Type: text/plain; charset="ISO-8859-15" X-Mailer: Evolution 3.28.5 (3.28.5-18.el8) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: SE_jucLUMk1vHaVn0CtxN-mL7pixtwk2 X-Proofpoint-GUID: WeggiYsQgcZKsHI4Vh9DhvROgGdOew6I X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.874,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-05-17_03,2022-05-17_02,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 suspectscore=0 phishscore=0 lowpriorityscore=0 clxscore=1011 spamscore=0 malwarescore=0 bulkscore=0 mlxscore=0 mlxlogscore=848 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2205170095 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2022-05-13 at 16:57 +0200, Ahmad Fatoum wrote: > static int __init init_trusted(void) > { > + int (*get_random)(unsigned char *key, size_t key_len); > int i, ret = 0; > > for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) { > @@ -322,6 +333,28 @@ static int __init init_trusted(void) > strlen(trusted_key_sources[i].name))) > continue; > > + /* > + * We always support trusted.rng="kernel" and "default" as > + * well as trusted.rng=$trusted.source if the trust source > + * defines its own get_random callback. > + */ While TEE trusted keys support was upstreamed, there was a lot of discussion about using kernel RNG. One of the concerns was lack of or insuffiencent entropy during early boot on embedded devices. This concern needs to be clearly documented in both Documentation/admin- guide/kernel-parameters.txt and Documentation/security/keys/trusted- encrypted.rst. thanks, Mimi > + get_random = trusted_key_sources[i].ops->get_random; > + if (trusted_rng && strcmp(trusted_rng, "default")) { > + if (!strcmp(trusted_rng, "kernel")) { > + get_random = kernel_get_random; > + } else if (strcmp(trusted_rng, trusted_key_sources[i].name) || > + !get_random) { > + pr_warn("Unsupported RNG. Supported: kernel"); > + if (get_random) > + pr_cont(", %s", trusted_key_sources[i].name); > + pr_cont(", default\n"); > + return -EINVAL; > + } > + } > + > + if (!get_random) > + get_random = kernel_get_random; > + > static_call_update(trusted_key_init, > trusted_key_sources[i].ops->init);