Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp5336618rwb; Wed, 7 Sep 2022 00:51:20 -0700 (PDT) X-Google-Smtp-Source: AA6agR5JFCv6+mWyC9nCLg0VJ+/74j6+5ZF2egEhwZSR+UH+Z/cUAdJHEN97feQ9MM4HcQBOC1QF X-Received: by 2002:a17:90a:af84:b0:200:4ed3:c9d5 with SMTP id w4-20020a17090aaf8400b002004ed3c9d5mr2643999pjq.234.1662537080185; Wed, 07 Sep 2022 00:51:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662537080; cv=none; d=google.com; s=arc-20160816; b=RTqscmz3ZuPw59t2cb1pt+b1XAjajrGyM3yo8NdsmWDArNRvrovKrT5Mo9lXFLzOPN 6LCdiUhL2QpCjdcOyOceANU/57CzFL2ehfOYv2HURV0wEsfbwEYWr/iIkHm7SRKAHSUz 5sEHAA13iYW03yCuqA/Uzlvu+eLEf2NzBkTfNMxBcPmCwUbAlDl0zbALKpgp2MtInWeJ 5cN2gzWZSf4ELRyMTHxTv115k34aqlijwLjBwmw6jGjKSL2WrOh9qtWVTmIUxtjsBjVE HAVQHxnziJWIYVLButF5QYoTEKuJENC6KGPMnJqaPj7G+0AVfiFn/lLkPrGThJFLN1F8 QJnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=0vhyt6mGlvKatRlgIu0f+c6VRtWSnSVoY5U6wDSdUl4=; b=IHZYBk6lLcsbFw0hbC9QNwAFD4scWdZZHkGFjd9dP/s5wWrUS/8TFlKGXbHibPaysU pMoiHrRhIqIL+BWz0zR9rMlkKdVqo45dYn2ZuIhpWymYozjBg2Tx1ghxm/5j5BxK5RdG CsQmvMRH6noWsumFB1oE0qnYVEylmVC4GmWDPJQDHE0LAmDjIx+jxtu9BJTl8g29/RGP hAwgSinfvyNygEcy6IRUy1iGgO+VinMTN4L+lRem8gyupMzg7+k0dxqPTy8qd8rWtIev bTdn7Z3jzlYnpHtwLZZcOyuOJ5v075Efjax1Etj5pNe8WgfJ2mRNuXmaWngVZ5YptoxN Yzow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=b5adUilY; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y3-20020a056a00180300b0052f60f7e0a1si17750346pfa.5.2022.09.07.00.51.06; Wed, 07 Sep 2022 00:51:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=b5adUilY; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230079AbiIGHq3 (ORCPT + 99 others); Wed, 7 Sep 2022 03:46:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40250 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230039AbiIGHq1 (ORCPT ); Wed, 7 Sep 2022 03:46:27 -0400 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4587A861E9 for ; Wed, 7 Sep 2022 00:46:21 -0700 (PDT) Received: by mail-wm1-x331.google.com with SMTP id m3-20020a05600c3b0300b003a5e0557150so386120wms.0 for ; Wed, 07 Sep 2022 00:46:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date; bh=0vhyt6mGlvKatRlgIu0f+c6VRtWSnSVoY5U6wDSdUl4=; b=b5adUilYN2ScZ7+8j0cwCUVQE7qJ2qTcHvvF13uL2wJfakwkIu8Afu/UfRAa5kKwfZ yXlii2vc7I6tIcv8yh+C3bevEQSXgv0QD4i5X3/MK7Z9ZLFM6EZJ2II0bhLsE+pjtZUv MMukrrmpdnf+H5eBbeEhrBDGyV4nf59JpfD7A2/PmyfGPA1GD4xCZCf1J6ci4CgVc6Rv v2Vbds/nYiutD3Aj2U9lUieXOdl6TnlJI2R5TpExgXgtZZg20m5aWNRY3YkhoVp3EgAr nUisEZ/RPDZ3jtVi3rJea8ZyIxNf1E1+dYc7cCauWDHy4rxYCoNTpjqwoBoCtXZo9O9P sY5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=0vhyt6mGlvKatRlgIu0f+c6VRtWSnSVoY5U6wDSdUl4=; b=4rBhu86GFdQg64W9Kbtc50yDlMMN6UoebOdE2EBVuXAs4HGDUFn0dIYLIzRy5SVdyH vJ2z925nNfzzPHh0wIzuHhIg1ALMsXJmVdrZbdygAlue941IZJtK7724hrFoocH+OADA rJf4G2eMacx46VYR10QoRmTZvr18YtgLdQuHIJZaen9HclTeROdfNgGT5knhcpFGIb3f WTRUrEgPyiRJzkItzljaCMJyMLmQqbOTJJ1lhEHUs+mF4BiAmVmF86MX4ES0dSLkTCg6 osdu0m4t8ogBBRIF/9ITl4S2qEoET2ldZCE3Zof14N2zxiKvNogRgyjEBX6PUJBVUOYp uTGg== X-Gm-Message-State: ACgBeo2bE2cYvZdPXBls5ApEfkz4q7xb6+lxM0Tu86b8wDZ+cTDzzUIL fSGZ1zbE9Rq9mUFahFsRHN1MFA== X-Received: by 2002:a7b:cd11:0:b0:3a8:3f6c:9abf with SMTP id f17-20020a7bcd11000000b003a83f6c9abfmr16172913wmj.30.1662536779781; Wed, 07 Sep 2022 00:46:19 -0700 (PDT) Received: from smtpclient.apple ([82.150.214.1]) by smtp.gmail.com with ESMTPSA id f14-20020a05600c4e8e00b003a5dbdea6a8sm33893887wmq.27.2022.09.07.00.46.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Sep 2022 00:46:19 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\)) Subject: Re: [EXT] [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY From: David Gstir In-Reply-To: <5d67b4d45aa1b2a3d2738c93edaeffdd@walle.cc> Date: Wed, 7 Sep 2022 09:46:17 +0200 Cc: Pankaj Gupta , Ahmad Fatoum , Jarkko Sakkinen , Jason@zx2c4.com, James Bottomley , Mimi Zohar , David Howells , Sumit Garg , john.ernberg@actia.se, James Morris , "Serge E. Hallyn" , Herbert Xu , "David S. Miller" , Jan Luebbe , Eric Biggers , Richard Weinberger , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Sahil Malhotra , Kshitiz Varshney , =?utf-8?Q?Horia_Geant=C4=83?= , Varun Sethi Content-Transfer-Encoding: quoted-printable Message-Id: <1E73DC47-9494-453C-899D-CE386336EF8D@sigma-star.at> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> <047746e1134d5bdce699d8c021f849b6@walle.cc> <5d67b4d45aa1b2a3d2738c93edaeffdd@walle.cc> To: Michael Walle X-Mailer: Apple Mail (2.3696.120.41.1.1) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Michael, > On 07.09.2022, at 09:29, Michael Walle wrote: >=20 > Am 2022-09-07 09:22, schrieb Pankaj Gupta: >>> -----Original Message----- >>> From: Michael Walle >>> Sent: Tuesday, September 6, 2022 12:43 PM >>> To: Pankaj Gupta >>> Cc: jarkko@kernel.org; a.fatoum@pengutronix.de; Jason@zx2c4.com; >>> jejb@linux.ibm.com; zohar@linux.ibm.com; dhowells@redhat.com; >>> sumit.garg@linaro.org; david@sigma-star.at; john.ernberg@actia.se; >>> jmorris@namei.org; serge@hallyn.com; herbert@gondor.apana.org.au; >>> davem@davemloft.net; j.luebbe@pengutronix.de; ebiggers@kernel.org; >>> richard@nod.at; keyrings@vger.kernel.org; = linux-crypto@vger.kernel.org; >>> linux-integrity@vger.kernel.org; linux-kernel@vger.kernel.org; = linux- >>> security-module@vger.kernel.org; Sahil Malhotra >>> ; Kshitiz Varshney = ; >>> Horia Geanta ; Varun Sethi >>> Subject: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY >>> Caution: EXT Email >>> Hi, >>> Am 2022-09-06 08:51, schrieb Pankaj Gupta: >>> > Hardware Bound key(HBK), is never acessible as plain key outside = of >>> > the hardware boundary. Thus, it is un-usable, even if somehow = fetched >>> > from kernel memory. It ensures run-time security. >>> > >>> > This patchset adds generic support for classing the Hardware Bound >>> > Key, based on: >>> > >>> > - Newly added flag-'is_hbk', added to the tfm. >>> > >>> > Consumer of the kernel crypto api, after allocating >>> > the transformation, sets this flag based on the basis >>> > of the type of key consumer has. >>> > >>> > - This helps to influence the core processing logic >>> > for the encapsulated algorithm. >>> > >>> > - This flag is set by the consumer after allocating >>> > the tfm and before calling the function crypto_xxx_setkey(). >>> > >>> > First implementation is based on CAAM. >>> > >>> > NXP built CAAM IP is the Cryptographic Acceleration and Assurance >>> > Module. >>> > This is contain by the i.MX and QorIQ SoCs by NXP. >>> > >>> > CAAM is a suitable backend (source) for kernel trusted keys. >>> > This backend source can be used for run-time security as well by >>> > generating the hardware bound key. >>> > >>> > Along with plain key, the CAAM generates black key. A black key is = an >>> > encrypted key, which can only be decrypted inside CAAM. Hence, = CAAM's >>> > black key can only be used by CAAM. Thus it is declared as a = hardware >>> > bound key. >>> What is the difference to the current trusted keys with CAAM? >>> When I tested the patch series back then, I wasn't able to import a = sealed >>> key on another board with the same SoC. >> Currently, keys that are part of trusted key-ring, contains plain = key. >> With this patch-set, these key will become Hw Bound Key, which is not >> a plain key anymore. >> After this patch-set, if somehow the HB-key is retrieved from the >> keyring, the retrieved key would be un-usable without hw. >=20 > This doesn't answer my question why I couldn't import one key on > another board with the same SoC. I don=E2=80=99t believe this is intended to work this way. Each key blob = created by CAAM is bound to a specific device. Being able to decrypt the same blob on another SoC = would open up some attack vectors: Think of a locked down device where I=E2=80=99= m able to=20 extract this key blob. Simply buying a board with the same Soc would = allow me to decrypt this blob by copying it over to my board. Roughly speaking, CAAM key blobs are secure using a key derived from the = device=E2=80=99s master key. This master key can be programmed via eFUSEs. So you=E2=80=99d have = to burn the same master key on both SoCs and it should work. In any way, check the security reference manual for your SoC. It should = explain this in more detail. - David=