Herbert,
On Mon, Jun 14, 2021 at 10:18 PM Richard Weinberger <[email protected]> wrote:
>
> DCP is capable to performing AES with hardware-bound keys.
> These keys are not stored in main memory and are therefore not directly
> accessible by the operating system.
>
> So instead of feeding the key into DCP, we need to place a
> reference to such a key before initiating the crypto operation.
> Keys are referenced by a one byte identifiers.
>
> DCP supports 6 different keys: 4 slots in the secure memory area,
> a one time programmable key which can be burnt via on-chip fuses
> and an unique device key.
>
> Using these keys is restricted to in-kernel users that use them as building
> block for other crypto tools such as trusted keys. Allowing userspace
> (e.g. via AF_ALG) to use these keys to crypt or decrypt data is a security
> risk, because there is no access control mechanism.
>
> Cc: Ahmad Fatoum <[email protected]>
> Cc: David Gstir <[email protected]>
> Cc: David Howells <[email protected]>
> Cc: "David S. Miller" <[email protected]>
> Cc: Fabio Estevam <[email protected]>
> Cc: Herbert Xu <[email protected]>
> Cc: James Bottomley <[email protected]>
> Cc: James Morris <[email protected]>
> Cc: Jarkko Sakkinen <[email protected]>
> Cc: Jonathan Corbet <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
> Cc: Mimi Zohar <[email protected]>
> Cc: NXP Linux Team <[email protected]>
> Cc: Pengutronix Kernel Team <[email protected]>
> Cc: Richard Weinberger <[email protected]>
> Cc: Sascha Hauer <[email protected]>
> Cc: "Serge E. Hallyn" <[email protected]>
> Cc: Shawn Guo <[email protected]>
> Co-developed-by: David Gstir <[email protected]>
> Signed-off-by: David Gstir <[email protected]>
> Signed-off-by: Richard Weinberger <[email protected]>
> ---
> drivers/crypto/mxs-dcp.c | 110 ++++++++++++++++++++++++++++++++++-----
> include/linux/mxs-dcp.h | 19 +++++++
> 2 files changed, 117 insertions(+), 12 deletions(-)
> create mode 100644 include/linux/mxs-dcp.h
This patch was judged as not applicable in your patchwork.
Is something missing? How can we proceed?
--
Thanks,
//richard
On Fri, Jun 25, 2021 at 02:21:16PM +0200, Richard Weinberger wrote:
>
> This patch was judged as not applicable in your patchwork.
> Is something missing? How can we proceed?
I'm happy to take this patch. I marked it as not applicable
mainly because the other two patches didn't have acks and I'm
not sure if they were meant for the crypto tree or not.
Would you like me to take just the first patch?
Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert,
On Fri, Jun 25, 2021 at 2:29 PM Herbert Xu <[email protected]> wrote:
> > This patch was judged as not applicable in your patchwork.
> > Is something missing? How can we proceed?
>
> I'm happy to take this patch. I marked it as not applicable
> mainly because the other two patches didn't have acks and I'm
> not sure if they were meant for the crypto tree or not.
Maybe we have a chicken/egg situation and integrity folks wait for you. ;-)
> Would you like me to take just the first patch?
IMHO all three patches should go through the integrity tree.
Given that you're fine with the first patch, can you please ack it?
--
Thanks,
//richard