Received: by 2002:ab2:3319:0:b0:1ef:7a0f:c32d with SMTP id i25csp378503lqc; Thu, 7 Mar 2024 23:17:57 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVbUSWo9BjY6keM5nmsQ99cCSSrA2wn/FPwFpznewTP2Vk7IsXjXAdEVZQv0SEb9VahLJGKuozXJ4LgVbF8yNHugqc5/w30CPxGU7QBgA== X-Google-Smtp-Source: AGHT+IEM9LD9qODZ9VZu0aqrB8BU6mNHwAuEdbCwROiKS/ykSJG6x9dWT7aPFrLExbLcTCeA3Vn4 X-Received: by 2002:a0c:f8c1:0:b0:68f:f2b2:922c with SMTP id h1-20020a0cf8c1000000b0068ff2b2922cmr10446544qvo.13.1709882277742; Thu, 07 Mar 2024 23:17:57 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709882277; cv=pass; d=google.com; s=arc-20160816; b=EZ1H8tYJ/YXXY2VTOHRqgxI8/DfpY5tjD3lNLnZyccwIUEwDXhgXKsE7Iu5+fEK9iO CTEKEMr8Cuo+TzCvqaFZqwmcYGfVuA3UDwaPzvWwpHkvRA7u6O8qxRUMfrQ8q9URdEL+ kwf6BEzzBo1fYc727H4t0S9HDCL8yjRtqFRuhIlysr0eH4+6D07ovOmp8NJ2rQILA+Ep eUvKinWfEKuGzY65Gmw0hpO4s5LBf2zm/8EWGmWcKygwJOHcvf1u6Lf5ujw2GyGy19Cp IUWspKtXpgzlUk3n/Kz8EX9/044kl3FnvLnRi/p0zghr1kpU3Gu60K3UYKGJequRlO6x 9LsA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=7YvX8bPEV2BI0BpF/k+pwUbl0NZXlnKf36uLhchuK3c=; fh=HW+ZxKyJGSNhiND/DnyYraheTHYyudnZZDKU5xuvyf4=; b=UZa7z+j+BhaXDIOtV5UG8xk2UxmeerrdD0DOxFb0xVaRcUpnIsx2K2tBWlFaVuoo0M ar0D2Z4LyXs5K4+XXezylOaKwfMNhOh3MpEKMzfJ4dl+qyNEWIoeISZmuKvzGablsnJv Ll9wAJblnsVkrBWYz7fPP8Cv00vUbZiCSml1CkTZmFyhEHYILDrjrqElITfSzxSsMP6o KkoMuGjGRXSL0Lj+TSf8W3miEA1J+oXGgull3LOLS9d5BwLDWx73yuWtPeDyJ+avr+4a kyBMV9yWmzA+t8YZ5KkBTwQOrto2HBqmFHBEdDHevJmvzpNeaHS+lRl2H1OJaX80mITt xjZw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=wY2EXBE3; arc=pass (i=1 spf=pass spfdomain=sigma-star.at dkim=pass dkdomain=sigma-star.at dmarc=pass fromdomain=sigma-star.at); spf=pass (google.com: domain of linux-crypto+bounces-2575-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2575-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id iw11-20020a0562140f2b00b006903929aaeasi18406410qvb.36.2024.03.07.23.17.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Mar 2024 23:17:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-2575-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=wY2EXBE3; arc=pass (i=1 spf=pass spfdomain=sigma-star.at dkim=pass dkdomain=sigma-star.at dmarc=pass fromdomain=sigma-star.at); spf=pass (google.com: domain of linux-crypto+bounces-2575-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2575-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 7A1D21C21C7B for ; Fri, 8 Mar 2024 07:17:57 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 282724EB52; Fri, 8 Mar 2024 07:17:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b="wY2EXBE3" X-Original-To: linux-crypto@vger.kernel.org Received: from mail-ej1-f43.google.com (mail-ej1-f43.google.com [209.85.218.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3FE94E1D0 for ; Fri, 8 Mar 2024 07:17:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.43 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709882270; cv=none; b=Uzrr6Nk0jpxfjoqDumJycJGe8mT6PeNnDyBq6Tx90nrkmC/DhydO9fNW/uA97gWi1AY1zWKGnzFMiKoqAul9rQrcNBG6vOneb1FCod9YxyGHZUH+2d7a6nUGK6LOauHbUlVeQn8rgM++Zkmt8rtW7hC2mzJvNw86v2slxR4kfXo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709882270; c=relaxed/simple; bh=7YvX8bPEV2BI0BpF/k+pwUbl0NZXlnKf36uLhchuK3c=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc: Message-Id:References:To; b=tPadfrWSu7BaGqxISgpa9UB49xdClQArU9wtON9DTVZ+E4drg3rIWXS9gaJncz6FwkUvxVX1TUAw6YxltdEdQQJCGy0W84taBXYk/2b7yzfs7Cy5UVm+598VudYd3Z73+3nPPdsiHR2/rgTcjn30BUSUaPCUM0O74wpgNyNS7D4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at; spf=pass smtp.mailfrom=sigma-star.at; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b=wY2EXBE3; arc=none smtp.client-ip=209.85.218.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sigma-star.at Received: by mail-ej1-f43.google.com with SMTP id a640c23a62f3a-a44cdb2d3a6so256939966b.2 for ; Thu, 07 Mar 2024 23:17:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; t=1709882267; x=1710487067; darn=vger.kernel.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=7YvX8bPEV2BI0BpF/k+pwUbl0NZXlnKf36uLhchuK3c=; b=wY2EXBE3RgnvRgIRgvNXAu0XaxznWS/lRKYE/yZan4fyg5gNzBdcUrM04WdkGqHVB2 mjQZaq4d1yfvCqEuFK90mCV88VaUxF7hXrtsiJjPs70czaeKzim1k14JncL+ocDaEgcn 2UMDciaIaSSChda5IM78oSxkGOBtmHfXsGbWkkjYnG+UtJyMITmL+a21fGtdgm1LIFfY hoghNkLCbD0R3yj1h6fMTBEa4p6aP33cgR+h/MHI/v0YR7xWVh+rHKSLoF9D1/xZW6t1 p6e3rtX0xTONQuGCN5B5niLgD3J4t9L8WA5FiopdLHuJjKJD31MDladddp3JQPUcIZ2M +I6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709882267; x=1710487067; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7YvX8bPEV2BI0BpF/k+pwUbl0NZXlnKf36uLhchuK3c=; b=K0QRHSHpMemtwyfwfNL4LU+DhF740SHn+y1MqLFypAHY3RYvZL6PCGXGmaGQDcvk16 s2Igg3rTPXo2AWQi6Drt23MOxhQ74OEOyGbR/DAqEtaqjzj+Mbh/i1q/7WtJTxC3c2Ls Mg/6UQe/LAzRGc5jpXnHTCohOcEAP8LF+DbNcEoyx8iAZT4ZI01oK68VuNBoMLFqiKG1 S0F+7W/2v4mEqvV4tPubQLGePcuXMvl/pwBGG2ZTpEuEDoQaUiZwEMUgLFWojEwHbewX dJIVWqRp2m2g7ScMpr2oSZbni6cmhsUbAo+IvHyxslhQDiOyxC3rq3u5SZXSLIUjqOr4 2+NQ== X-Forwarded-Encrypted: i=1; AJvYcCU3+8VzY5QSNF+VQrHYeiO7jh3uJL4u7X7ukUSsPlLFFttEzqufeFQH3uYl+KMSVEV5MlemzcKuFAA74Nu+2xJw/0K7jNR83veO0OZ0 X-Gm-Message-State: AOJu0YzqoQN8qDE4ogJUsBHO5Z+hF7Fro4LuiZmC/KxLL98FqWE+i1Kr 7Xue7/sJ+banvL82wG2AHKprhY0jOs6p1SVkb8Cqiy8h3FhTRUXHwGQR3nWJ/NM= X-Received: by 2002:a17:906:339a:b0:a44:ff95:3911 with SMTP id v26-20020a170906339a00b00a44ff953911mr11831490eja.66.1709882267100; Thu, 07 Mar 2024 23:17:47 -0800 (PST) Received: from smtpclient.apple (clnet-p106-198.ikbnet.co.at. [83.175.106.198]) by smtp.gmail.com with ESMTPSA id f27-20020a170906085b00b00a44ef54b6b6sm6582541ejd.58.2024.03.07.23.17.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Mar 2024 23:17:46 -0800 (PST) Content-Type: text/plain; charset=utf-8 Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\)) Subject: Re: [PATCH v6 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys From: David Gstir In-Reply-To: Date: Fri, 8 Mar 2024 08:17:35 +0100 Cc: Mimi Zohar , James Bottomley , Herbert Xu , "David S. Miller" , Shawn Guo , Jonathan Corbet , Sascha Hauer , "kernel@pengutronix.de" , Fabio Estevam , NXP Linux Team , Ahmad Fatoum , sigma star Kernel Team , David Howells , Li Yang , Paul Moore , James Morris , "Serge E. Hallyn" , "Paul E. McKenney" , Randy Dunlap , Catalin Marinas , "Rafael J. Wysocki" , Tejun Heo , "Steven Rostedt (Google)" , linux-doc@vger.kernel.org, "linux-kernel@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, "linux-security-module@vger.kernel.org" , Richard Weinberger , David Oberhollenzer Content-Transfer-Encoding: quoted-printable Message-Id: <655221B7-634C-4493-A781-CF014DFFC8BF@sigma-star.at> References: <20240307153842.80033-1-david@sigma-star.at> <20240307153842.80033-4-david@sigma-star.at> To: Jarkko Sakkinen X-Mailer: Apple Mail (2.3774.400.31) Hi Jarkko, > On 07.03.2024, at 20:30, Jarkko Sakkinen wrote: [...] >> + >> +static int trusted_dcp_init(void) >> +{ >> + int ret; >> + >> + if (use_otp_key) >> + pr_info("Using DCP OTP key\n"); >> + >> + ret =3D test_for_zero_key(); >> + if (ret) { >> + pr_err("Test for zero'ed keys failed: %i\n", ret); >=20 > I'm not sure whether this should err or warn. >=20 > What sort of situations can cause the test the fail (e.g. > adversary/interposer, bad configuration etc.). This occurs when the hardware is not in "secure mode". I.e. it=E2=80=99s = a bad configuration issue. Once the board is properly configured, this will never trigger again. Do you think a warning is better for this then? Thanks, - David