Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp6592105rdb; Fri, 15 Dec 2023 03:07:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IGvBYfsg0ztqKtYOlnnyq2rbCPnjt4iIRX+eSczWFjRixwfZ9pTUJjlla8wQ18/UhY4vdNR X-Received: by 2002:a05:6a20:daa0:b0:18b:37b4:cb6b with SMTP id iy32-20020a056a20daa000b0018b37b4cb6bmr7411626pzb.27.1702638440449; Fri, 15 Dec 2023 03:07:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702638440; cv=none; d=google.com; s=arc-20160816; b=O3YU2QxvU4x1s9tORbSowYZjrsa9DaPaO+VmWB5+fa137HPvS7kYNj+SFA9WLzbNdo KZFAa0EA/j89VZq12Y0GNWx01AK8Q2ESiSRvmIU4UIwoNeBRYG3YQWmYCyzuwQUaPlcM 158N/5drZm0EDX0G+UX5qUudcMtZK40c7VBmNGwoYinjohKOM7SK4BeMfpoUMpl/NKZt LR8NGdoG7tDYnjq0Zd4fZIc7k4jLGX+auIyXDl5S0k7Gqy1enUov59Nn7PUxCln59plp icFjpOvlEQU+nBuTdfjmqpAJW3+/+Zsg/DEeB2oQQGOTVY54knh94ILJ44GiaxQv3tld yiVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=e0mM/JbamBen+sgEh+34qkP0fLUHeVvVfzD3UP7gEeI=; fh=D0fL8Rlm7r9i2z777IOQAJq8yKVVG09dvNFwvrN06jc=; b=Fqo8VIwI9cjBBzNzGb1nWlHGC6E4A9ZxY7ANIGqh8cW4rXy6ICVS3pvwhK5fEuKnrM /3GAZQYZErVZ2m8sPyOM5o2zzQ+Fj5jVs/9n7XSe4+CuEAgr8osuoMVCLP1vDV7As9O/ y6rUxamYg+fN2g51WJXIO2u0rH1Qj5PRT5cLwarUKUy49qKIn7m0M3r6ehJoydIBg8G+ qdb6fyFyy8Oafam0d79cw0tDLaCTC59uNzdHQUhrax3zHT/riV9KtUTOECKks7RYB1ti k3ZOHvLP5VHZnCE1BTuJxaCM4UAbezKik345BaZaLd5PXk8/URw5J7zqmfRL+j+8f6iZ YHaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=QpDNtclq; spf=pass (google.com: domain of linux-kernel+bounces-794-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-794-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id z24-20020a17090ad79800b0028b185b0277si1908777pju.42.2023.12.15.03.07.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Dec 2023 03:07:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-794-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=QpDNtclq; spf=pass (google.com: domain of linux-kernel+bounces-794-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-794-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 1A9492859A9 for ; Fri, 15 Dec 2023 11:07:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7762724A15; Fri, 15 Dec 2023 11:07:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b="QpDNtclq" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 330EA208BD for ; Fri, 15 Dec 2023 11:07:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sigma-star.at Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-40c517d0de5so5873135e9.0 for ; Fri, 15 Dec 2023 03:07:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; t=1702638425; x=1703243225; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=e0mM/JbamBen+sgEh+34qkP0fLUHeVvVfzD3UP7gEeI=; b=QpDNtclq6+f7MgZUkkzizGWtFxw75Ei6kPnCA3XQEbCQ2N4CXzHlmlx14N5ThaE684 99hglRjV4/Jc8cTy/mQ8B0XJIvLqu9YcQ3xmnefks0C/BWuvkcSu1Rcg26sGWAH1pIV2 ozeq/4i1rvcgA8+2b7BSDiIBml5X7aB5cFsXQ4Z0h6+blX5oyyJHkRW9YJQHEVLLO4nF IA+aG/o+4p1F8Bz8exxBy/egLMMD8gLMlM7RKbO3AXz6emywe3Fz6dqITkzLz3L2KxyG /suNDBF8JNrkYH00UpsvvutZqYCJL8i/WELlCZylNFylCcEKYIphGNOgnRvjsmCmfdvQ KR3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702638425; x=1703243225; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e0mM/JbamBen+sgEh+34qkP0fLUHeVvVfzD3UP7gEeI=; b=hE+cNiZNs6D0VcSC4/WsMF3vvCbTdW9yy9kSifZ3Z9nOGVIYtrQvjldelS5kIAOdzP 3zN+LHuDYxwnunwS9cWAF7ij3H7Gnn/t0iNFzbe1Mwp8QrIhhQbYAq3jzNiPGlg4t4wT +vc0f35cTLrlbbHQj6eY+Mg8MlOtLE2ASHPvvToSbJMkREILsiWm806V+ns6T14FxPHn k9q1dXkRMdFafTkvzudfJLhkf+gb1F9Dywnx5Ox/9tdOstPM2unofkuNQQyWtHhIVwjc eo3UEGxffcTvETI8VqYrOMg2UKU/JcDO2XycSoTsDgKmuQDZ7VdZjglXbwio+HebVGwo 4BbA== X-Gm-Message-State: AOJu0YxUoZYaaGhMqXKJkGW+ghkDldRZhR9J7uvQuuVwYqQhySSam/Ry Swpn2OznOWOZul4AYO6dLqYh0w== X-Received: by 2002:a05:600c:1ca3:b0:40b:473d:6b82 with SMTP id k35-20020a05600c1ca300b0040b473d6b82mr5540341wms.12.1702638425073; Fri, 15 Dec 2023 03:07:05 -0800 (PST) Received: from localhost (clnet-p106-198.ikbnet.co.at. [83.175.106.198]) by smtp.gmail.com with UTF8SMTPSA id p1-20020a05600c1d8100b0040b47c69d08sm30969642wms.18.2023.12.15.03.07.04 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 15 Dec 2023 03:07:04 -0800 (PST) From: David Gstir To: Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Cc: David Gstir , Shawn Guo , Jonathan Corbet , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Ahmad Fatoum , sigma star Kernel Team , David Howells , Li Yang , Paul Moore , James Morris , "Serge E. Hallyn" , "Paul E. McKenney" , Randy Dunlap , Catalin Marinas , "Rafael J. Wysocki" , Tejun Heo , "Steven Rostedt (Google)" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-security-module@vger.kernel.org Subject: [PATCH v5 0/6] DCP as trusted keys backend Date: Fri, 15 Dec 2023 12:06:27 +0100 Message-ID: <20231215110639.45522-1-david@sigma-star.at> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This is a revival of the previous patch set submitted by Richard Weinberger: https://lore.kernel.org/linux-integrity/20210614201620.30451-1-richard@nod.at/ v4 is here: https://lore.kernel.org/keyrings/20231024162024.51260-1-david@sigma-star.at/ v4 -> v5: - Make Kconfig for trust source check scalable as suggested by Jarkko Sakkinen - Add Acked-By from Herbert Xu to patch #1 - thanks! v3 -> v4: - Split changes on MAINTAINERS and documentation into dedicated patches - Use more concise wording in commit messages as suggested by Jarkko Sakkinen v2 -> v3: - Addressed review comments from Jarkko Sakkinen v1 -> v2: - Revive and rebase to latest version - Include review comments from Ahmad Fatoum The Data CoProcessor (DCP) is an IP core built into many NXP SoCs such as i.mx6ull. Similar to the CAAM engine used in more powerful SoCs, DCP can AES- encrypt/decrypt user data using a unique, never-disclosed, device-specific key. Unlike CAAM though, it cannot directly wrap and unwrap blobs in hardware. As DCP offers only the bare minimum feature set and a blob mechanism needs aid from software. A blob in this case is a piece of sensitive data (e.g. a key) that is encrypted and authenticated using the device-specific key so that unwrapping can only be done on the hardware where the blob was wrapped. This patch series adds a DCP based, trusted-key backend and is similar in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM. It is of interest for similar use cases as the CAAM patch set, but for lower end devices, where CAAM is not available. Because constructing and parsing the blob has to happen in software, we needed to decide on a blob format and chose the following: struct dcp_blob_fmt { __u8 fmt_version; __u8 blob_key[AES_KEYSIZE_128]; __u8 nonce[AES_KEYSIZE_128]; __le32 payload_len; __u8 payload[]; } __packed; The `fmt_version` is currently 1. The encrypted key is stored in the payload area. It is AES-128-GCM encrypted using `blob_key` and `nonce`, GCM auth tag is attached at the end of the payload (`payload_len` does not include the size of the auth tag). The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated randomly, when sealing/exporting the DCP blob. This patchset was tested with dm-crypt on an i.MX6ULL board. [0] https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fatoum@pengutronix.de/ David Gstir (6): crypto: mxs-dcp: Add support for hardware-bound keys KEYS: trusted: improve scalability of trust source config KEYS: trusted: Introduce NXP DCP-backed trusted keys MAINTAINERS: add entry for DCP-based trusted keys docs: document DCP-backed trusted keys kernel params docs: trusted-encrypted: add DCP as new trust source .../admin-guide/kernel-parameters.txt | 13 + .../security/keys/trusted-encrypted.rst | 85 +++++ MAINTAINERS | 9 + drivers/crypto/mxs-dcp.c | 104 +++++- include/keys/trusted_dcp.h | 11 + include/soc/fsl/dcp.h | 17 + security/keys/trusted-keys/Kconfig | 18 +- security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_core.c | 6 +- security/keys/trusted-keys/trusted_dcp.c | 311 ++++++++++++++++++ 10 files changed, 562 insertions(+), 14 deletions(-) create mode 100644 include/keys/trusted_dcp.h create mode 100644 include/soc/fsl/dcp.h create mode 100644 security/keys/trusted-keys/trusted_dcp.c -- 2.35.3