Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp4011028rwb; Tue, 6 Sep 2022 00:41:47 -0700 (PDT) X-Google-Smtp-Source: AA6agR7ZtZKWceiTkgSLMTM+gAz9Cwa3cVt6g4Xd6kz3UchdM+c2ggHUK3PXjicX5/M1lv5om4Wu X-Received: by 2002:a17:902:d4ca:b0:16f:8311:54b0 with SMTP id o10-20020a170902d4ca00b0016f831154b0mr53401784plg.108.1662450106807; Tue, 06 Sep 2022 00:41:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662450106; cv=none; d=google.com; s=arc-20160816; b=w08GU/3ZK+93IH/f8SJAt1N+JT4NKP1tmeZzBz+tFLfTqIeccDeSXQy7fMCPL7xXpt Zn5elt00CqN+AUPdb53q5tvbp/eRl/ln7PcrT258fS4Tw+yYbssL3mst72yFmoNyUX60 BbqCm7fgg9EI0n6Zg5IcZkK0aZbBBDRSIFbq/uwZ09vJqsot7BH1oo4tODmO8PrwEYT8 NI9qQZIqCYqlh21WVCGn6W7WYUzG/iTFSY1qD2lKNRJXuT4ZqAWizGTtRPg+vkP4e4+V 7cttKbghbbwok2XX4RZztklOZTKo2FlAMBbVLNeQNapS1WX+u8npfI6U3acftaGckNYl Udzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:message-id:user-agent :references:in-reply-to:subject:cc:to:from:date:mime-version :dkim-signature; bh=myPv8B55ZEW05OB+S9pWiPrxR+s0aF+7aFKm/XD78HY=; b=hwofrFjTQIh6sWBxqoahzmrfm/b+H8rW+iSqccujJ528YJBo6oiPEgeVUC7jYHCddN ybwUCjTzBuoTN3oez0I75F89TuR89+ZaALHkjvHS0wn0bjb6SaXcXIgIIbc+G3cnmh7J wjb99Yp3lSgoGUDnZ910mLAoyCwWbtM2+CwB5DSDsotC7K2QJgIiCjhWX8JugcQbeMB4 VbHbO0rMyqINvFmG+sLKrE8d2bC+Sm1K9FBENPg3OwM8eI0GOI4caxy0/BTJnsnANPMe PmlmfUrjeuS6Sk1zBigj+239+KFQgoqjtPc35rnbCeFmtoWEzNpYtKSmcDvIUpvAh5Ea jYow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@walle.cc header.s=mail2022082101 header.b=h7cs+Br+; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=walle.cc Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c10-20020a631c4a000000b0041c506dde92si9870955pgm.636.2022.09.06.00.41.30; Tue, 06 Sep 2022 00:41:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@walle.cc header.s=mail2022082101 header.b=h7cs+Br+; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=walle.cc Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238897AbiIFHU4 (ORCPT + 99 others); Tue, 6 Sep 2022 03:20:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38730 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238880AbiIFHUy (ORCPT ); Tue, 6 Sep 2022 03:20:54 -0400 X-Greylist: delayed 493 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 06 Sep 2022 00:20:52 PDT Received: from mail.3ffe.de (0001.3ffe.de [159.69.201.130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACB826567E; Tue, 6 Sep 2022 00:20:52 -0700 (PDT) Received: from 3ffe.de (0001.3ffe.de [IPv6:2a01:4f8:c0c:9d57::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.3ffe.de (Postfix) with ESMTPSA id EBDF820E7; Tue, 6 Sep 2022 09:12:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walle.cc; s=mail2022082101; t=1662448354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=myPv8B55ZEW05OB+S9pWiPrxR+s0aF+7aFKm/XD78HY=; b=h7cs+Br+GYOgEzdUyybaY6Litl/DVXOqlyaCC3x+VljpHK2U+n5HWxh9W+DjpzwfEyOQ1w wK6epONrj1e71rI1GKxBbvpi1G0xKi0jaEJAw8nCLpTqgB5sGjYZJtLDA4H4K6XQrk7B62 M+o9vZ7xwYQ7tt9O8PScxqHiEIt71/mBRahS0uQ1dkzry5ykx6Dv38eo7kYoudflXbUr9p GIUY/pW4HmfLdLrMwmEMaKSim1sZYuqwcR4l5Y26xgeOti7tDLbeLOyufl3nxVf4L95LbH XGpQp0o9H9YALg+3bYjQSjKapyqC3nEpudOGQXC65xwynwAp8vU17wovHEzDkg== MIME-Version: 1.0 Date: Tue, 06 Sep 2022 09:12:33 +0200 From: Michael Walle To: Pankaj Gupta Cc: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Subject: Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> User-Agent: Roundcube Webmail/1.4.13 Message-ID: <047746e1134d5bdce699d8c021f849b6@walle.cc> X-Sender: michael@walle.cc Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, Am 2022-09-06 08:51, schrieb Pankaj Gupta: > Hardware Bound key(HBK), is never acessible as plain key outside of the > hardware boundary. Thus, it is un-usable, even if somehow fetched > from kernel memory. It ensures run-time security. > > This patchset adds generic support for classing the Hardware Bound Key, > based on: > > - Newly added flag-'is_hbk', added to the tfm. > > Consumer of the kernel crypto api, after allocating > the transformation, sets this flag based on the basis > of the type of key consumer has. > > - This helps to influence the core processing logic > for the encapsulated algorithm. > > - This flag is set by the consumer after allocating > the tfm and before calling the function crypto_xxx_setkey(). > > First implementation is based on CAAM. > > NXP built CAAM IP is the Cryptographic Acceleration and Assurance > Module. > This is contain by the i.MX and QorIQ SoCs by NXP. > > CAAM is a suitable backend (source) for kernel trusted keys. > This backend source can be used for run-time security as well > by generating the hardware bound key. > > Along with plain key, the CAAM generates black key. A black key is an > encrypted key, which can only be decrypted inside CAAM. Hence, CAAM's > black key can only be used by CAAM. Thus it is declared as a hardware > bound key. What is the difference to the current trusted keys with CAAM? When I tested the patch series back then, I wasn't able to import a sealed key on another board with the same SoC. -michael