Hi Jarkko,
> -Original Message-
> From: Jarkko Sakkinen
> Sent: Wednesday, April 3, 2024 9:18 PM
> To: David Gstir ; Mimi Zohar ;
> James Bottomley ; Herbert Xu
> ; David S. Miller
> Cc: Shawn Guo ; Jonathan Corbet
> ; Sascha Hauer ; Pengutronix
> Kernel Team ; Fabio Estevam
> ; dl-linux-imx ; Ahmad Fatoum
> ; sigma star Kernel Team
> ; David Howells ; Li
> Yang ; Paul Moore ; James
> Morris ; Serge E. Hallyn ; Paul E.
> McKenney ; Randy Dunlap ;
> Catalin Marinas ; Rafael J. Wysocki
> ; Tejun Heo ; Steven Rostedt
> (Google) ; linux-...@vger.kernel.org; linux-
> ker...@vger.kernel.org; linux-integr...@vger.kernel.org;
> keyri...@vger.kernel.org; linux-cry...@vger.kernel.org; linux-arm-
> ker...@lists.infradead.org; linuxppc-dev@lists.ozlabs.org; linux-security-
> mod...@vger.kernel.org; Richard Weinberger ; David
> Oberhollenzer
> Subject: [EXT] Re: [PATCH v8 6/6] docs: trusted-encrypted: add DCP as new
> trust source
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
>
>
> On Wed Apr 3, 2024 at 10:21 AM EEST, David Gstir wrote:
> > Update the documentation for trusted and encrypted KEYS with DCP as
> > new trust source:
> >
> > - Describe security properties of DCP trust source
> > - Describe key usage
> > - Document blob format
> >
> > Co-developed-by: Richard Weinberger
> > Signed-off-by: Richard Weinberger
> > Co-developed-by: David Oberhollenzer
> >
> > Signed-off-by: David Oberhollenzer
> > Signed-off-by: David Gstir
> > ---
> > .../security/keys/trusted-encrypted.rst | 53 +++
> > security/keys/trusted-keys/trusted_dcp.c | 19 +++
> > 2 files changed, 72 insertions(+)
> >
> > diff --git a/Documentation/security/keys/trusted-encrypted.rst
> > b/Documentation/security/keys/trusted-encrypted.rst
> > index e989b9802f92..f4d7e162d5e4 100644
> > --- a/Documentation/security/keys/trusted-encrypted.rst
> > +++ b/Documentation/security/keys/trusted-encrypted.rst
> > @@ -42,6 +42,14 @@ safe.
> > randomly generated and fused into each SoC at manufacturing time.
> > Otherwise, a common fixed test key is used instead.
> >
> > + (4) DCP (Data Co-Processor: crypto accelerator of various i.MX
> > + SoCs)
> > +
> > + Rooted to a one-time programmable key (OTP) that is generally
> burnt
> > + in the on-chip fuses and is accessible to the DCP encryption
> > engine
> only.
> > + DCP provides two keys that can be used as root of trust: the OTP
> key
> > + and the UNIQUE key. Default is to use the UNIQUE key, but
> > selecting
> > + the OTP key can be done via a module parameter
> (dcp_use_otp_key).
> > +
> >* Execution isolation
> >
> > (1) TPM
> > @@ -57,6 +65,12 @@ safe.
> >
> > Fixed set of operations running in isolated execution environment.
> >
> > + (4) DCP
> > +
> > + Fixed set of cryptographic operations running in isolated
> > execution
> > + environment. Only basic blob key encryption is executed there.
> > + The actual key sealing/unsealing is done on main processor/kernel
> space.
> > +
> >* Optional binding to platform integrity state
> >
> > (1) TPM
> > @@ -79,6 +93,11 @@ safe.
> > Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs
> > for platform integrity.
> >
> > + (4) DCP
> > +
> > + Relies on Secure/Trusted boot process (called HAB by vendor) for
> > + platform integrity.
> > +
> >* Interfaces and APIs
> >
> > (1) TPM
> > @@ -94,6 +113,11 @@ safe.
> >
> > Interface is specific to silicon vendor.
> >
> > + (4) DCP
> > +
> > + Vendor-specific API that is implemented as part of the DCP crypto
> driver in
> > + ``drivers/crypto/mxs-dcp.c``.
> > +
> >* Threat model
> >
> > The strength and appropriateness of a particular trust source
> > for a given @@ -129,6 +153,13 @@ selected trust source:
> > CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure
> the device
> > is probed.
> >
> > + * DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)
> > +
> > + The DCP hardware device itself does not provide a dedicated RNG
> interface,
> > + so