Received: by 2002:ab2:3350:0:b0:1f4:6588:b3a7 with SMTP id o16csp2137735lqe; Tue, 9 Apr 2024 10:28:52 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUhGQYhn1E4hVNZaSVT2dV8kNvb8QpvsWZnjANm9ts8BybTTBM1lxL/aMMn4Cx2f3it0pYeaf2+hbdXg3koeY6QoBnKU7rknstGcWD1QQ== X-Google-Smtp-Source: AGHT+IGB80vIn4IHSgEUDb/fjthellcHHIJ53JdZNAkqpvKxZW5jhsjVgGz4fXk2D4/okj26nHy8 X-Received: by 2002:a05:620a:1258:b0:789:e28c:d73 with SMTP id a24-20020a05620a125800b00789e28c0d73mr278013qkl.49.1712683731976; Tue, 09 Apr 2024 10:28:51 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712683731; cv=pass; d=google.com; s=arc-20160816; b=D1e+HstVfhPczkVsjW8jeDcxSJZrkd2544W7JyaxUaz4jF8xx+C+PGxZiaXfG+IEWC GvIg457VTzne1X9ZTFzuDWxmg4thJZRVwbW9ZadoQwOAhiWpwDjdk+nivhty7oSRDeOA 0KTOsaAR2PiB629VYpPSOpyswPw/5+1Z1QZ6m/YWojVPfflQL1AxNdEFuEKKkK+xZ4yN ewIasHSUvi3iyTUievUpnUWEJ32M+mWdIP/91xqqUsUxEE8ns6nHl3Ln56eSYJQPF9gB +5UAC8/zWT3uDsVWbaUR5VbFYA3BBReEPdjhUfeTAtRp0VwrnpSd04Cy/zBd7smZ0InW viCg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id; bh=UBye21GSataCZwdAQD/VvMiEAaKSCh+5k1t6L9WkbVE=; fh=exKPy94Xffe94veNaqpB4SI2OoOU+dk6iZuiUiSMzF8=; b=E/osA4BXP5YnQHvzh7YK0M3kGHPcrXwoqFbUwwlX8xoB93E4ErvbCsSMB3bju5NCQZ 0AC7vQBP2Zm0xO3fTuI5EeCoRpbSFsAaYTeQRWskE63jbsoa/rlYvsE8rSOPP1t/I3M3 UUtAzu5dqHjxeO2nWvrqdulAw3zzrq+I0jbHvZv8pqpTO7hk2VXBV0I2Kp9B3r9ZDi4Z bxLZvjzl1LfYPmwS5iHIPl/YXz4Ykd/zLo8s/BB09otmygdCR58lN0fVUIK14g9n1t61 9kXvZGESNcvEZCWfadS4S2vHL/ntERxPrX3flFGJyeioR2T1dY2BDvEnw71P48j4Rujp 2NcQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=pengutronix.de); spf=pass (google.com: domain of linux-crypto+bounces-3430-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3430-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id g6-20020a05620a40c600b0078bc2fa71eesi12387591qko.43.2024.04.09.10.28.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 10:28:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3430-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=pengutronix.de); spf=pass (google.com: domain of linux-crypto+bounces-3430-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3430-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id AE8B51C22F87 for ; Tue, 9 Apr 2024 17:28:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 368DB156897; Tue, 9 Apr 2024 17:28:41 +0000 (UTC) X-Original-To: linux-crypto@vger.kernel.org Received: from metis.whiteo.stw.pengutronix.de (metis.whiteo.stw.pengutronix.de [185.203.201.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 94645156888 for ; Tue, 9 Apr 2024 17:28:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.203.201.7 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712683721; cv=none; b=KCueXDfnTtcPTIkAAlKkeW+lxSnXqhnNZ9xCmYl5IFF61J267dX8e9bc37GGxcEUOvZbpguC6ADJloE4umKvAc87C0XJvx0iqok7zPsBGIU5W6/VPr+DFywrW4jS8LCGLLZIdzlWm7d6DfDdpRYY1NsfMjXxtlcxBZ6fEKGQReo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712683721; c=relaxed/simple; bh=eHo/igXZcq8HeXdyeAD2kiUayElbdwtoFad+ENVCRhc=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=PR5kPhxxSn7e/ufZjdrFCMkRo78qEAkmM3VB7Dcq0xN33imcNYfx7OyuqpRm4N/i86gZmYbZGz52N4T4UblmvPP+WxTWJOFN1J45NNEpDyXQj859SfS30ORArjfvgL9OFM0c2CskvIvQJmCr0an3rkxFx8nV1/WE6Aa1rHP0dBs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de; spf=pass smtp.mailfrom=pengutronix.de; arc=none smtp.client-ip=185.203.201.7 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pengutronix.de Received: from ptz.office.stw.pengutronix.de ([2a0a:edc0:0:900:1d::77] helo=[127.0.0.1]) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1ruFGD-0001dT-16; Tue, 09 Apr 2024 19:27:53 +0200 Message-ID: <4c6164e5-bcfd-4172-a76e-db989f729a8a@pengutronix.de> Date: Tue, 9 Apr 2024 19:27:44 +0200 Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [EXT] [PATCH v8 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys Content-Language: en-US To: Kshitiz Varshney , David Gstir , Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Cc: "linux-doc@vger.kernel.org" , Gaurav Jain , Catalin Marinas , David Howells , "keyrings@vger.kernel.org" , Fabio Estevam , Paul Moore , Jonathan Corbet , Richard Weinberger , "Rafael J. Wysocki" , James Morris , dl-linux-imx , "Serge E. Hallyn" , "Paul E. McKenney" , Sascha Hauer , Pankaj Gupta , sigma star Kernel Team , "Steven Rostedt (Google)" , David Oberhollenzer , "linux-arm-kernel@lists.infradead.org" , "linuxppc-dev@lists.ozlabs.org" , Randy Dunlap , "linux-kernel@vger.kernel.org" , Li Yang , "linux-security-module@vger.kernel.org" , "linux-crypto@vger.kernel.org" , Pengutronix Kernel Team , Tejun Heo , "linux-integrity@vger.kernel.org" , Shawn Guo , Varun Sethi References: <20240403072131.54935-1-david@sigma-star.at> <20240403072131.54935-4-david@sigma-star.at> From: Ahmad Fatoum In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 2a0a:edc0:0:900:1d::77 X-SA-Exim-Mail-From: a.fatoum@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-crypto@vger.kernel.org Hello Kshitiz, On 09.04.24 12:54, Kshitiz Varshney wrote: > Hi David, >> + b->fmt_version = DCP_BLOB_VERSION; >> + get_random_bytes(b->nonce, AES_KEYSIZE_128); >> + get_random_bytes(b->blob_key, AES_KEYSIZE_128); > > We can use HWRNG instead of using kernel RNG. Please refer drivers/char/hw_random/imx-rngc.c imx-rngc can be enabled and used to seed the kernel entropy pool. Adding direct calls into imx-rngc here only introduces duplicated code at no extra benefit. Cheers, Ahmad -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |