Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp875454rwb; Thu, 6 Oct 2022 05:48:21 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5O3P/xlofh3T0krnnzne61hxbRN7+yPvLjEeTymkMRUn99r5N95fdURbSFf1AFfz44b971 X-Received: by 2002:a17:907:7602:b0:78d:23a9:8ff4 with SMTP id jx2-20020a170907760200b0078d23a98ff4mr3619811ejc.569.1665060501682; Thu, 06 Oct 2022 05:48:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665060501; cv=none; d=google.com; s=arc-20160816; b=vx/1tI1Ih239nO34DebV1mMRTFndCy3JySxCxn6iEWsvGZR6zsnmrRDMpvYOG3xzw1 F3hURN+nFa8MbEAFKf+qO3hOXEZy0Yk67MFaPXfR4DCCakw/y6Ag3PHY674mp1oggzJr la7TsplbQWCasnlCt879VDxNjU1zl9JIDRvv+izKyRKsyukpe8EADrl107yzMK6BFgn3 kaXgMNJGsL/dcIxOYRm8DKLCMWaa80/vVUlZUHsrNX0kBcwyusMFwKr+ZN94Hk6a9JoC dB4IhaIdr8S8DjbdJ/a9gjGqK8VSsB6iHEB53t3CCO/AhB1EOSOSPov33uL8JhrAnVTi 7QQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:reply-to:message-id:subject:cc:to:from:date :feedback-id:dkim-signature:dkim-signature; bh=WjfN3TnG3qyIp+b77nmfwa/0mGwvYTAgTe3PiH8ciEE=; b=rJwjiMOxQJkAku8qq0IDTinbR6C3vGaEbBPr8r7sZiFeR07DttfZFfWtiBiR2NF8g4 fFoNOF+Fl8tgIxt5Du4VaMCr96xqbKd2pJrsswxl1ig2VsrcgNhYeEJJmo0kPbKY4EaR KHq80Pc7Na7+TQAy776TfnWge6LrrCMwEc+xBFsgygvpp/dmGsYjVRs1hekti0+qVWP9 yRCACa9LjFyzRF7wJhqveZr+FlczadTm5PCF+Lb4UgrGlw/Z75YA7u+nzONYh8+tEoD6 hCmdEiFHhziVLPudtKDtD7hG9q8yi/OyXh5n7L2/JKeoNSIwMFvp2zD1M7m4x4kUdTrl Wc5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@benboeckel.net header.s=fm1 header.b="Wcl/t60R"; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=BFZYF9gX; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nb28-20020a1709071c9c00b0078164647095si16918357ejc.68.2022.10.06.05.47.52; Thu, 06 Oct 2022 05:48:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@benboeckel.net header.s=fm1 header.b="Wcl/t60R"; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=BFZYF9gX; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231243AbiJFMlt (ORCPT + 99 others); Thu, 6 Oct 2022 08:41:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230371AbiJFMls (ORCPT ); Thu, 6 Oct 2022 08:41:48 -0400 Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2879B8F950; Thu, 6 Oct 2022 05:41:48 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 99075320090D; Thu, 6 Oct 2022 08:41:45 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Thu, 06 Oct 2022 08:41:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benboeckel.net; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to :reply-to:sender:subject:subject:to:to; s=fm1; t=1665060105; x= 1665146505; bh=WjfN3TnG3qyIp+b77nmfwa/0mGwvYTAgTe3PiH8ciEE=; b=W cl/t60RHccMRbIHxNtZppCSGv+KOGIG8iyciTRiIkmxlKm/MZBBKvbwiAnpxaD8T BwL//MpPzgRNUqF6OJY2t+baiVRpJtI+o/bSz+Il9b+RjJ1CZxQFZ8vSjg+YxUG+ MqJ+2PeL8zO4ukHP/NwRBww7XIypeJ5yh4anM0wCFdI/0SyYfUPlzkDqVBLtHk9p iVGmZLsULN7JTDF4EAdRzprGOm6nInRsIhN18gVLnm668myEORgmwkbzqOloHy9m xUHvVSnXxPAK5hdPgAYmzw4pZ8Jn4lIg0WVEAQplL9Ot5a3B1QmGs53uSP9ga7ZL 6q6kvnoKOek0NAw1EiyJQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1665060105; x=1665146505; bh=WjfN3TnG3qyIp +b77nmfwa/0mGwvYTAgTe3PiH8ciEE=; b=BFZYF9gXLkSbDZHyxHzhBjPsY0R0t WHiUm2vlPDiOXSkd8tuR/ov0+L3wREOdmJSgXTwxBBYeBlQfeQM70z46pfJvP1+A sYnhMWMG4lgmrCevaW5n/7Q3v/2MSDPOSZ44tMC5eymjFPcdFNLdYFe/oKq89Ie3 Ir7tqxFfCIR8jLPin5rvtpjtOTOIGqB1A51DacMV+pWzE08SzeRp36z/REhWf1PN 2Op5dYFPm+Xc3wv6eamrpVSZMv0rEIDI6wUtWib1F9BLjcq9oogZuD6wuaiMZrfb WULL9CLod1fyHtnG/vIsKnLAyQtAcbCb2rfLsAIKMrbFSVGWpEdSCrdDw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfeeihedgheehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkrhhfgggtuggjfgesthdtredttderjeenucfhrhhomhepuegv nhcuuehovggtkhgvlhcuoehmvgessggvnhgsohgvtghkvghlrdhnvghtqeenucggtffrrg htthgvrhhnpeduteehgfefudfffeelfffhheejgfdvfffhledvueekudeuieegueejieff vdeigeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hmvgessggvnhgsohgvtghkvghlrdhnvght X-ME-Proxy: Feedback-ID: iffc1478b:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 6 Oct 2022 08:41:43 -0400 (EDT) Date: Thu, 6 Oct 2022 08:42:32 -0400 From: Ben Boeckel To: Pankaj Gupta Cc: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Subject: Re: [PATCH v0 6/8] KEYS: trusted: caam based black key Message-ID: Reply-To: list.lkml.keyrings@me.benboeckel.net References: <20221006130837.17587-1-pankaj.gupta@nxp.com> <20221006130837.17587-7-pankaj.gupta@nxp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20221006130837.17587-7-pankaj.gupta@nxp.com> User-Agent: Mutt/2.2.7 (2022-08-07) X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Oct 06, 2022 at 18:38:35 +0530, Pankaj Gupta wrote: > - CAAM supports two types of black keys: > -- Plain key encrypted with ECB > -- Plain key encrypted with CCM What is a "black key"? Is this described in the documentation or local comments at all? (I know I'm unfamiliar with CAAM, but maybe this should be mentioned somewhere?). > Note: Due to robustness, default encytption used for black key is CCM. ^^^^^^^^^^ encryption What "robustness"? Surely there's some more technical details involved here? > - A black key blob is generated, and added to trusted key payload. > This is done as part of sealing operation, that was triggered as a result of: > -- new key generation > -- load key, It seems that "black keys" are what the uapi calls "hw". I think this should be mentioned in the commit message (and CAAM docs). What do other keytypes do if `hw` is requested and it's not possible (say, `big_key`)? Thanks, --Ben