Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp5361188rwb; Wed, 7 Sep 2022 01:21:13 -0700 (PDT) X-Google-Smtp-Source: AA6agR7FbmFoNtoUAgh0UKHygzmF0uC2cZYUQfSEiVnWJk3PqiOS3VVGBhb3NAK3IBYoeYlV6dku X-Received: by 2002:a05:6a00:816:b0:52f:43f9:b644 with SMTP id m22-20020a056a00081600b0052f43f9b644mr2661164pfk.57.1662538873672; Wed, 07 Sep 2022 01:21:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662538873; cv=none; d=google.com; s=arc-20160816; b=Iuhki+0um8ItR2hcw/LVIp9rUcgZkn+rzgDCQdS37rhYtcXgP5N7jry4+HAW/pQ4CB KKgx7mfR4iM1gk22DNt13+MKDxuXDbn+k9e+Xy9uOa/p9iHXpSE0liqW+R8VkFFkMHnz b7HZbJB3ZyQ0PlQbvsPSm+m4OOcw9V6T3d+IXLD1uFEpNzuNeWVk+HhYVAmeB+uoxpj7 y7rrdHy3nH5d6+ewcXpQD3HH/IvXDb6bhYHhNg03Yw/9ZWKpVoSVThPiuvKzkyrQpH7R 6OZo3SgnYnHQJaHBNa+Enk9jbj7D9DXxXH2RCQrdIzI/4RZv4xBuciMLOoOeD76Yd0r2 OH5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:organization:references:in-reply-to:date:cc:to:reply-to :from:subject:message-id; bh=G6Y97SZ8URKuu5a6Ja9aWp6mA5dIvxNppdovi5slp0Y=; b=WrG3GqmI4q/FOsHRqGST7yYuQ/za2Q+QYYIgSb1T1qFczagZFonUm/Tv8OEQWbA/Vx WiPuhe2o3U/twteDFDoAs9aPWiP76KibMHfWOzVozrmmhUToD2P1ajTQI7jhsuXksViY rmoURRrs/jneSYULM9q3q5637hL7ZaYvGWwoFgSW+vghKEC6Ieo+auOp3oRL4w1mpBbb p3J+jcEb6WdUXOmsHhDA85uic2iMmTkmRo8vdhl3Sg+0IO+jLX7jmVwleKGlmBBKDrlh fsPVA6/BCT6fNBKeXKc3HgRg72tUKwwaCJLEeiuS7s0DylSW1OnjF/0Q8RDppjupF+v+ xecg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g26-20020a63521a000000b00434dff14ae1si2077251pgb.231.2022.09.07.01.20.45; Wed, 07 Sep 2022 01:21:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229865AbiIGILM (ORCPT + 99 others); Wed, 7 Sep 2022 04:11:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230111AbiIGILK (ORCPT ); Wed, 7 Sep 2022 04:11:10 -0400 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B9FC6E2DE for ; Wed, 7 Sep 2022 01:11:09 -0700 (PDT) Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oVq8u-0003JH-A5; Wed, 07 Sep 2022 10:10:40 +0200 Received: from localhost ([127.0.0.1]) by ptx.hi.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1oVq8p-0008M0-VS; Wed, 07 Sep 2022 10:10:36 +0200 Message-ID: <843e1f1cbed67ce558e20d1e56a82dfe27732028.camel@pengutronix.de> Subject: Re: [EXT] Re: [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY From: Jan =?ISO-8859-1?Q?L=FCbbe?= Reply-To: jlu@pengutronix.de To: Pankaj Gupta , Jarkko Sakkinen Cc: "a.fatoum@pengutronix.de" , "Jason@zx2c4.com" , "jejb@linux.ibm.com" , "zohar@linux.ibm.com" , "dhowells@redhat.com" , "sumit.garg@linaro.org" , "david@sigma-star.at" , "michael@walle.cc" , "john.ernberg@actia.se" , "jmorris@namei.org" , "serge@hallyn.com" , "herbert@gondor.apana.org.au" , "davem@davemloft.net" , "j.luebbe@pengutronix.de" , "ebiggers@kernel.org" , "richard@nod.at" , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Sahil Malhotra , Kshitiz Varshney , Horia Geanta , Varun Sethi Date: Wed, 07 Sep 2022 10:10:34 +0200 In-Reply-To: References: <20220906065157.10662-1-pankaj.gupta@nxp.com> Organization: Pengutronix Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::c0 X-SA-Exim-Mail-From: jlu@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, 2022-09-07 at 07:22 +0000, Pankaj Gupta wrote: > Even if somehow the key is retrieved from the keyring, the retrieved key  > would be an encrypted key. > This encrypted key can only be decrypted by Hardware, which generated it. > > Hence, the retrieved key is unusable outside of the hardware. NXP's CAAM unit (i.e. on i.MX6) supports several modes of sealed/encrypted keys. The (un)sealing process uses a key that is normally derived from a per-device key in eFUSES. One aspect of these modes is whether the plaintext key material is accessible to the kernel or not. Ahmad's patch set added support for a mode where the CAAM is used to seal plaintext known to the kernel to a "blob" (in CAAM terminology) on export to userspace and the reverse on import. This mode allows the kernel to use the plaintext for dm-crypt, to encrypt other keyrings and similar. The CAAM has another sealing mode, where it will not allow writing of the plaintext key to memory. Instead, it is kept in one of the CAAM-internal key registers. There, it can be used for cryptographic operations (i.e. AES). This way, the plaintext key is protected even from the kernel. The kernel could keep a copy of in sealed form, so it can reload the CAAM's key register when needed. Pankaj, is that the mode you intend to support with this series? Could you describe the high-level use-cases this would be need for, compared to the existing mode where plaintext keys are accessible to the kernel? In which cases would you use each mode? Regards, Jan -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |