Received: by 2002:ab2:788f:0:b0:1ee:8f2e:70ae with SMTP id b15csp646678lqi; Thu, 7 Mar 2024 07:39:10 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCU4L+D7CqH+bJeXEreeCIQitl7BZgrfpEsit+M/7UNcnVc1l+u5eH8sLPaoYt7JJphTzrrkPT75LsGg/PfnoVp5KxhFU6KF0UcdkDn0Bg== X-Google-Smtp-Source: AGHT+IGiZIf+Yc2NCjk/TIYFdFa5RazBe0V8EanxCgDlL7/iMkASzOBX7TibXA8SMD8Vbg03M3Sx X-Received: by 2002:a05:6e02:170d:b0:365:2429:f615 with SMTP id u13-20020a056e02170d00b003652429f615mr21912706ill.8.1709825949818; Thu, 07 Mar 2024 07:39:09 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709825949; cv=pass; d=google.com; s=arc-20160816; b=J2vcesvLFXaur2Fr2CGSo9RjNCWrFBSQPTNZD02O3AARoqVibQkMw900ApRi4/1XT1 BXpMGrDF2DOU6Wjz2e0xiUY1rVTDX7dojWzPFOs3LnXS5PbCpD/EDUUcIJRD2JOK32/1 dAsmeb6dXAWT5lZ8Wfdubtftjab+U2uxFacxB5nGQRnPYz7AAqcdM59LLlLMXRma59L2 zpUOlHsF4UdsxXF/6DG86qy1J2U8AUHAqQva7+Cx4Du7RnjGL+DFBQSwDloWB32nrxb8 ep0gs6xgrxkHjX7O0/Mycpsidu09CYIanbjR85LgSPo4XwSeGQi9ZmIQx9q3u4JpKYzf 8aYg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=/sb7JCKnQxY6+bofS2F9a3HSfL3HCYhaNmIrccEydSM=; fh=s1DSbQaXLzqj8kQQbC21QRkVljzFay4xcXU7ziy04kk=; b=Q7s0jrTJJsd4LWxqJ1/tbbW9hOzvz8/t4ynS4G1IDNNwgG/9iV1u3VhlI10Mzj2evW H0MNVM0Tz6UDMaQR+Dxe5iVx/5I7vj1Z8QjCpmQky7mG6SURPXvziYnAskHiBSZZz+jb s0pcusMa/O4x9njvUIZkVWiQ2UXdtUpBh3UFlrs9KIfU7uDH6nR2MnE8DLHivPGM69oR F80yiKIYG/0toHNYDrOo4UqVNATeQRXZ0McsEfWP7oYedO+nFLBcV2dGgRlJclyWEYS0 rCQmqZWAFBahiwyWIW2Tny7b4/ldY2hiwm8qTrdPrd8DsV3SFjWm0QY6FClEfXF2GTRT Vc0g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=C5ezOgzI; arc=pass (i=1 spf=pass spfdomain=sigma-star.at dkim=pass dkdomain=sigma-star.at dmarc=pass fromdomain=sigma-star.at); spf=pass (google.com: domain of linux-kernel+bounces-95818-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-95818-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id y15-20020a63e24f000000b005dc6e684fd7si13798323pgj.451.2024.03.07.07.39.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Mar 2024 07:39:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-95818-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=C5ezOgzI; arc=pass (i=1 spf=pass spfdomain=sigma-star.at dkim=pass dkdomain=sigma-star.at dmarc=pass fromdomain=sigma-star.at); spf=pass (google.com: domain of linux-kernel+bounces-95818-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-95818-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 72F00283D5D for ; Thu, 7 Mar 2024 15:39:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3260412F593; Thu, 7 Mar 2024 15:38:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b="C5ezOgzI" Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3279C12F36C for ; Thu, 7 Mar 2024 15:38:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.51 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709825936; cv=none; b=c2LthoLomiynenu01f+ywAPHA9DCPXNcmnt8nhTTeWlFCRFmjDuaAkHnkbAJh1LZeH0xKMSr0JZXC1NI8N8F2Ru6UB7uBGa+Nmww25pBxXZdGx7EfA5vi9uDh9G7kfhr0FZ+3uDJbyPspys9UwKa1M7zsXpuXYrwyxpkTRzCzTo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709825936; c=relaxed/simple; bh=B+JmF0tJIPj3wbY1chvm0GN/4OtyptRfp48hjdeKYqs=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=JHwctBvXGPA7xcF0cb5iyMTo/7F/vbxxLCkzghSRlM8RKD4ybU9iDTai4oDXVuWwzs+3wl2usO91M04TZrHM91SxkvC4r+u3AmqDsvKKlNnBdYveDWHhERx3UfQJPaaZck9BKstjF/5+u2014yGIAYmhKa/ktvPtEcDjjU2GVG4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at; spf=pass smtp.mailfrom=sigma-star.at; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b=C5ezOgzI; arc=none smtp.client-ip=209.85.208.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sigma-star.at Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-563cb3ba9daso1183001a12.3 for ; Thu, 07 Mar 2024 07:38:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; t=1709825932; x=1710430732; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=/sb7JCKnQxY6+bofS2F9a3HSfL3HCYhaNmIrccEydSM=; b=C5ezOgzIi6rea2A+1g/wIpDEIUn/QGgeB6eqLfZphCm0P/xF2Tsx7asKp4PAX1Qki/ ITWJtLlroqffuaFbBUTEJdjK43SKk3YCTlHZwSXFNgHiz7scN036VzBWdNFqiw0P97bq 4EPKWI8XqfybWpzklfU42L09JspuzgBE53iJceEeRT8TZ318jKeE4XfsOaPtLZvDSOm6 bpA7h9MNqquh31ZFe3mwqgl3cQkTuXg2AVpMiyqQzgKh0eaCUTIA1iKuhin0LsH+8oLD xWXqI6Yu/vzuM0Baxfd7SeTMiiNJuUcMIVd1KKOE0rjSJJNnUetTl+cRUrFiTC6Hp8sR Nevg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709825932; x=1710430732; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/sb7JCKnQxY6+bofS2F9a3HSfL3HCYhaNmIrccEydSM=; b=myNL6M2MSrABa0YTMGbSzbNgcwq5UJFb59cf31dbwmcG3nVhabMJ29xeuAkF0S7XOL IDQJfysLcf8Ql2Rk3MHMIKd4GNguXp1CviJ1wdxsiHF4ME3ZPBJU8LTdqyFOrRSkwH0P oxoCLywqdEWx5fyyie/32Nks0OS1nEoVwrTuC9/1CDG2kHS9R9MwcBpT9OzzBXb5p3GQ uGpHmUz9X0nneWQGCl/HPT834xE8Mm7A9PWsZv+Lm1Nwgy7sdpZ3WlSMmxpnx1IYZG8/ XQ6q1TltqNjy0jaZBIyedhN6D45NvW2+wPgbV9ltwXwNAX5kGjOp3SaQtXMjMeRzeEfh oI3w== X-Forwarded-Encrypted: i=1; AJvYcCWAp3mucrAVk+/7ac/LSyYWN0GLPsrN1QGq+4SE9fJGcgtZrYa3ThtFSiRTGmV+o5UqmzCFHcPCT+Wvqu76aFlvRmbArwo10y1NdVWS X-Gm-Message-State: AOJu0Yy2gxDQazyVl/blOXD7wnLqNtfZnp9radA0hw+Y7uDjdFzMaqJB j2bcXpf8kTucyROZ9uhyuF8hsPFE4t55saiVdIF1bw1b7smedZSSUBsPtU8jtMA= X-Received: by 2002:a50:cc4b:0:b0:568:231e:31dd with SMTP id n11-20020a50cc4b000000b00568231e31ddmr104652edi.30.1709825932678; Thu, 07 Mar 2024 07:38:52 -0800 (PST) Received: from localhost ([82.150.214.1]) by smtp.gmail.com with UTF8SMTPSA id g2-20020a056402114200b0056735c5e9eesm5178879edw.75.2024.03.07.07.38.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Mar 2024 07:38:52 -0800 (PST) From: David Gstir To: Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Cc: David Gstir , Shawn Guo , Jonathan Corbet , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Ahmad Fatoum , sigma star Kernel Team , David Howells , Li Yang , Paul Moore , James Morris , "Serge E. Hallyn" , "Paul E. McKenney" , Randy Dunlap , Catalin Marinas , "Rafael J. Wysocki" , Tejun Heo , "Steven Rostedt (Google)" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-security-module@vger.kernel.org Subject: [PATCH v5 0/6] DCP as trusted keys backend Date: Thu, 7 Mar 2024 16:38:27 +0100 Message-ID: <20240307153842.80033-1-david@sigma-star.at> X-Mailer: git-send-email 2.44.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This is a revival of the previous patch set submitted by Richard Weinberger: https://lore.kernel.org/linux-integrity/20210614201620.30451-1-richard@nod.at/ v5 is here: https://lore.kernel.org/keyrings/20231215110639.45522-1-david@sigma-star.at/ v5 -> v6: - Cleaned up coding style and commit messages to make the whole series more coherent as suggested by Jarkko Sakkinen - Added Acked-By from Jarkko Sakkinen to patch #4 - thanks! - Rebased against next-20240307 v4 -> v5: - Make Kconfig for trust source check scalable as suggested by Jarkko Sakkinen - Add Acked-By from Herbert Xu to patch #1 - thanks! v3 -> v4: - Split changes on MAINTAINERS and documentation into dedicated patches - Use more concise wording in commit messages as suggested by Jarkko Sakkinen v2 -> v3: - Addressed review comments from Jarkko Sakkinen v1 -> v2: - Revive and rebase to latest version - Include review comments from Ahmad Fatoum The Data Co-Processor (DCP) is an IP core built into many NXP SoCs such as i.mx6ull. Similar to the CAAM engine used in more powerful SoCs, DCP can AES- encrypt/decrypt user data using a unique, never-disclosed, device-specific key. Unlike CAAM though, it cannot directly wrap and unwrap blobs in hardware. As DCP offers only the bare minimum feature set and a blob mechanism needs aid from software. A blob in this case is a piece of sensitive data (e.g. a key) that is encrypted and authenticated using the device-specific key so that unwrapping can only be done on the hardware where the blob was wrapped. This patch series adds a DCP based, trusted-key backend and is similar in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM. It is of interest for similar use cases as the CAAM patch set, but for lower end devices, where CAAM is not available. Because constructing and parsing the blob has to happen in software, we needed to decide on a blob format and chose the following: struct dcp_blob_fmt { __u8 fmt_version; __u8 blob_key[AES_KEYSIZE_128]; __u8 nonce[AES_KEYSIZE_128]; __le32 payload_len; __u8 payload[]; } __packed; The `fmt_version` is currently 1. The encrypted key is stored in the payload area. It is AES-128-GCM encrypted using `blob_key` and `nonce`, GCM auth tag is attached at the end of the payload (`payload_len` does not include the size of the auth tag). The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated randomly, when sealing/exporting the DCP blob. This patchset was tested with dm-crypt on an i.MX6ULL board. [0] https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fatoum@pengutronix.de/ David Gstir (6): crypto: mxs-dcp: Add support for hardware-bound keys KEYS: trusted: improve scalability of trust source config KEYS: trusted: Introduce NXP DCP-backed trusted keys MAINTAINERS: add entry for DCP-based trusted keys docs: document DCP-backed trusted keys kernel params docs: trusted-encrypted: add DCP as new trust source .../admin-guide/kernel-parameters.txt | 13 + .../security/keys/trusted-encrypted.rst | 85 +++++ MAINTAINERS | 9 + drivers/crypto/mxs-dcp.c | 104 +++++- include/keys/trusted_dcp.h | 11 + include/soc/fsl/dcp.h | 20 ++ security/keys/trusted-keys/Kconfig | 18 +- security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_core.c | 6 +- security/keys/trusted-keys/trusted_dcp.c | 309 ++++++++++++++++++ 10 files changed, 563 insertions(+), 14 deletions(-) create mode 100644 include/keys/trusted_dcp.h create mode 100644 include/soc/fsl/dcp.h create mode 100644 security/keys/trusted-keys/trusted_dcp.c -- 2.35.3