Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp894457rwi; Mon, 10 Oct 2022 08:30:57 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5jH19GEdC42xzP8i4yzPTOjk+ypajGt/x7ny9tldyDy750c0L7m9HsDlMJTOLWGKWthGAO X-Received: by 2002:a17:907:97c2:b0:78d:accc:c0a9 with SMTP id js2-20020a17090797c200b0078dacccc0a9mr6094703ejc.312.1665415857381; Mon, 10 Oct 2022 08:30:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665415857; cv=none; d=google.com; s=arc-20160816; b=PojSi5o/lPSLW6PIjuumSuNavCPzjdHdT3ySkaKlwGFK4h1dyMCqb1M5JdbWthfyLF owTmAEhhkMnkl3en6YTOYf3JtJhplikiHBfQ2AJXGP2ezRbuWIzgP6Pner4tq+RHkCWP O6MRlAHES9wpmBbxVCaIIk7U8zftCuu2PcYZa5jO1ZPrzeW0Gsg6otAeYoEwwuysja2f Ge7uolRZZzOdJ8bWsSBJiFjCqJvjEfqNIIiPb+zO7ziavtpOR4EW5xfWBLNhIm1xojEg EdBWzkoT8KLxTF4aj3dhm8oHyUi22yXb1zgzBS9I+PDEcdcy4Zc4AU0l6c6+H5NrwZcw QEpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=nXnY72mFsROmabRvf0J+Pa5RaskNobc+nX3HeIF4L9E=; b=ViIsY3xwZKxGyg53PNU+Bk1emU7rbB74Sz8gWglgAjhWvHbK5a48l+c1UhTVoOqM/I jPb61aNh9voo/RKVDziUTwKzOvnd2AYpwfhVlQvkB/NOXYno0MVI3O+8T9iWwUBKitBP 5Qa7Q5PQrvZ44dw51HIvANBSX03E+7fRCii2YiKN+vgA9TDh9tzttJBAeCEe2wkhkFat jv7j/eNMZsUeLKUMBDph5udrmI3ghyLJk6kLkA7zCOsk0VBx7so9MeMu+JxfCGcoeXpS FGZnEnP8Q/vHLnMTZ7hUSsCj40f25zTqi5zPZul/OdOv+T58quSBf2KC1CcHfbtPs+NI ZdmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=edLZ0aGR; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a11-20020a170906274b00b0078bf3d147cdsi9585325ejd.257.2022.10.10.08.30.19; Mon, 10 Oct 2022 08:30:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=edLZ0aGR; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229748AbiJJPP6 (ORCPT + 99 others); Mon, 10 Oct 2022 11:15:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47634 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229563AbiJJPP5 (ORCPT ); Mon, 10 Oct 2022 11:15:57 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B85DC5756D; Mon, 10 Oct 2022 08:15:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3C89660F7B; Mon, 10 Oct 2022 15:15:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 49220C433C1; Mon, 10 Oct 2022 15:15:53 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="edLZ0aGR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1665414951; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=nXnY72mFsROmabRvf0J+Pa5RaskNobc+nX3HeIF4L9E=; b=edLZ0aGRKciBgrABCWwLTufhUStuvzwDRVkxkjKFePW+lIvwIpj0q6oKVCBECn48iexD0q f7ldV0FN6C5s9vl2nK7StLKdvr8cL1OjlA2j46fZFDVa+UAmKdnQOqkv/DyQDLX+HIniGg DvENCbC1YiSe+oWCytb5/z0zOJAMvXA= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id b7dc69e1 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 10 Oct 2022 15:15:51 +0000 (UTC) Date: Mon, 10 Oct 2022 09:15:48 -0600 From: "Jason A. Donenfeld" To: Pankaj Gupta Cc: 'Herbert Xu' , "jarkko@kernel.org" , "a.fatoum@pengutronix.de" , "gilad@benyossef.com" , "jejb@linux.ibm.com" , "zohar@linux.ibm.com" , "dhowells@redhat.com" , "sumit.garg@linaro.org" , "david@sigma-star.at" , "michael@walle.cc" , "john.ernberg@actia.se" , "jmorris@namei.org" , "serge@hallyn.com" , "davem@davemloft.net" , "j.luebbe@pengutronix.de" , "ebiggers@kernel.org" , "richard@nod.at" , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Sahil Malhotra , Kshitiz Varshney , Horia Geanta , Varun Sethi Subject: Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm Message-ID: References: <20221006130837.17587-1-pankaj.gupta@nxp.com> <20221006130837.17587-4-pankaj.gupta@nxp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Oct 10, 2022 at 11:15:00AM +0000, Pankaj Gupta wrote: > > Nack. You still have not provided a convincing argument why this is necessary > > since there are plenty of existing drivers in the kernel already providing similar > > features. > > > CAAM is used as a trusted source for trusted keyring. CAAM can expose > these keys either as plain key or HBK(hardware bound key- managed by > the hardware only and never visible in plain outside of hardware). > > Thus, Keys that are inside CAAM-backed-trusted-keyring, can either be > plain key or HBK. So the trusted-key-payload requires additional flag > & info(key-encryption-protocol) to help differentiate it from each > other. Now when CAAM trusted-key is presented to the kernel crypto > framework, the additional information associated with the key, needs > to be passed to the hardware driver. Currently the kernel keyring and > kernel crypto frameworks are associated for plain key, but completely > dis-associated for HBK. This patch addresses this problem. > > Similar capabilities (trusted source), are there in other crypto > accelerators on NXP SoC(s). Having hardware specific crypto algorithm > name, does not seems to be a scalable solution. Do you mean to say that other drivers that use hardware-backed keys do so by setting "cra_name" to something particular? Like instead of "aes" it'd be "aes-but-special-for-this-driver"? If so, that would seem to break the design of the crypto API. Which driver did you see that does this? Or perhaps, more generally, what are the drivers that Herbert is talking about when he mentions the "plenty of existing drivers" that already do this? Jason