-by: David Oberhollenzer
Signed-off-by: David Gstir
---
drivers/crypto/mxs-dcp.c | 107 +++
include/soc/fsl/dcp.h| 19 +++
2 files changed, 115 insertions(+), 11 deletions(-)
create mode 100644 include/soc/fsl/dcp.h
diff --git a/drivers/crypto/mxs-dcp.c b
key. A new `blob_key` and `nonce` are generated
randomly, when sealing/exporting the DCP blob.
This patchset was tested with dm-crypt on an i.MX6ULL board.
[0]
https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
David Gstir (3):
crypto: mxs-dcp: Add support for hardw
ure they can burn their own unique key
into the OTP fuse and set the use_otp_key module parameter.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
.../admin-guide/ker
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
.../security/keys/trusted-encrypted.rst | 85 +++
1 file changed, 85 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst
b/Documentation/security/keys/trusted-encrypted.rst
index
Hi Jarkko,
thanks for the review!
> On 12.09.2023, at 19:32, Jarkko Sakkinen wrote:
>
> On Tue Sep 12, 2023 at 2:11 PM EEST, David Gstir wrote:
[...]
>> - /* Payload contains the key. */
>> - desc->control0 |= MXS_DCP_CONTROL0_PAYLOAD_KEY;
>> + if (key_referen
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
.../security/keys/trusted-encrypted.rst | 85 +++
1 file changed, 85 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst
b/Documentation/security/keys/trusted-encrypted.rst
index
-by: David Oberhollenzer
Signed-off-by: David Gstir
---
drivers/crypto/mxs-dcp.c | 104 ++-
include/soc/fsl/dcp.h| 17 +++
2 files changed, 110 insertions(+), 11 deletions(-)
create mode 100644 include/soc/fsl/dcp.h
diff --git a/drivers/crypto/mxs-dcp.c b
d.
[0]
https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
David Gstir (3):
crypto: mxs-dcp: Add support for hardware provided keys
KEYS: trusted: Introduce support for NXP DCP-based trusted keys
doc: trusted-encrypted: add DCP as new trust source
.../admin
ure they can burn their own unique key
into the OTP fuse and set the use_otp_key module parameter.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
.../admin-guide/ker
Jarkko,
> On 25.09.2023, at 17:22, Jarkko Sakkinen wrote:
>
> On Mon Sep 18, 2023 at 5:18 PM EEST, David Gstir wrote:
>> DCP is capable to performing AES with hardware-bound keys.
>> These keys are not stored in main memory and are therefore not directly
>> accessi
Jarkko,
> On 25.09.2023, at 17:34, Jarkko Sakkinen wrote:
>
> On Mon Sep 18, 2023 at 5:18 PM EEST, David Gstir wrote:
>> DCP (Data Co-Processor) is the little brother of NXP's CAAM IP.
>>
>> Beside of accelerated crypto operations, it also offers support for
&g
UE device key. A new `blob_key` and `nonce` are generated
randomly, when sealing/exporting the DCP blob.
This patchset was tested with dm-crypt on an i.MX6ULL board.
[0]
https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
David Gstir (5):
crypto: mxs-dcp: Ad
-by: David Gstir
---
drivers/crypto/mxs-dcp.c | 104 ++-
include/soc/fsl/dcp.h| 17 +++
2 files changed, 110 insertions(+), 11 deletions(-)
create mode 100644 include/soc/fsl/dcp.h
diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
index
Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
include/keys/trusted_dcp.h| 11 +
security/keys/trusted-keys/Kconfig| 9 +-
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_core.c | 6 +-
security/keys
This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip
found in smaller i.MX SoCs.
Signed-off-by: David Gstir
---
MAINTAINERS | 9 +
1 file changed, 9 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 90f13281d297..988d01226131 100644
--- a/MAINTAINERS
+++ b
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
.../security/keys/trusted-encrypted.rst | 85 +++
1 file changed, 85 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst
b/Documentation/security/keys/trusted-encrypted.rst
index
Hi,
> On 15.12.2023, at 12:06, David Gstir wrote:
>
> This is a revival of the previous patch set submitted by Richard Weinberger:
> https://lore.kernel.org/linux-integrity/20210614201620.30451-1-rich...@nod.at/
>
> v4 is here:
> https://lore.kernel.org/keyrings/2023
MX6ULL board.
[0]
https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
David Gstir (6):
crypto: mxs-dcp: Add support for hardware-bound keys
KEYS: trusted: improve scalability of trust source config
KEYS: trusted: Introduce NXP DCP-backed trusted keys
MAINTAINER
This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip
found in smaller i.MX SoCs.
Signed-off-by: David Gstir
---
MAINTAINERS | 9 +
1 file changed, 9 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 90f13281d297..988d01226131 100644
--- a/MAINTAINERS
+++ b
Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
include/keys/trusted_dcp.h| 11 +
security/keys/trusted-keys/Kconfig| 8 +
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_core.c | 6 +-
security/keys/trusted
-by: David Gstir
Acked-by: Herbert Xu
---
drivers/crypto/mxs-dcp.c | 104 ++-
include/soc/fsl/dcp.h| 17 +++
2 files changed, 110 insertions(+), 11 deletions(-)
create mode 100644 include/soc/fsl/dcp.h
diff --git a/drivers/crypto/mxs-dcp.c b/drivers
Checking if at least one valid trust source is selected does not scale
and becomes hard to read. This improves this in preparation for the DCP
trust source.
Signed-off-by: David Gstir
---
security/keys/trusted-keys/Kconfig | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
.../security/keys/trusted-encrypted.rst | 85 +++
1 file changed, 85 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst
b/Documentation/security/keys/trusted-encrypted.rst
index
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
Hi Jarkko,
> On 30.04.2024, at 13:48, Kshitiz Varshney wrote:
>
> Hi David,
>
>> -Original Message-----
>> From: David Gstir
>> Sent: Monday, April 29, 2024 5:05 PM
>> To: Kshitiz Varshney
>>
>> Did you get around to
Hi Kshitiz,
> On 09.04.2024, at 11:48, Kshitiz Varshney wrote:
>
> Hi Jarkko,
>
>
>> -Original Message-
>> From: Jarkko Sakkinen
>> Sent: Wednesday, April 3, 2024 9:18 PM
>> To: David Gstir ; Mimi Zohar ;
>> James Bottomley ; Herb
Hi Jarkko,
> On 07.03.2024, at 20:30, Jarkko Sakkinen wrote:
[...]
>> +
>> +static int trusted_dcp_init(void)
>> +{
>> + int ret;
>> +
>> + if (use_otp_key)
>> + pr_info("Using DCP OTP key\n");
>> +
>> + ret = test_for_zero_key();
>> + if (ret) {
>> + pr_err("Test for zero'ed keys failed:
Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
include/keys/trusted_dcp.h| 11 +
security/keys/trusted-keys/Kconfig| 8 +
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_core.c | 6 +-
security/keys/trusted
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip
found in smaller i.MX SoCs.
Signed-off-by: David Gstir
Acked-by: Jarkko Sakkinen
---
MAINTAINERS | 9 +
1 file changed, 9 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 976a5cea1577..ca7f42ca9338 100644
Jarkko,
> On 04.03.2024, at 23:48, Jarkko Sakkinen wrote:
>
> On Fri Dec 15, 2023 at 1:06 PM EET, David Gstir wrote:
>> This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip
>> found in smaller i.MX SoCs.
>>
>> Signed-off-by: David
2080323-1-a.fat...@pengutronix.de/
David Gstir (6):
crypto: mxs-dcp: Add support for hardware-bound keys
KEYS: trusted: improve scalability of trust source config
KEYS: trusted: Introduce NXP DCP-backed trusted keys
MAINTAINERS: add entry for DCP-based trusted keys
docs: document DCP-backed trus
will
give userspace full access to use keys. In scenarios with untrustworthy
userspace, this will enable en-/decryption oracles.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
HAVE_TRUSTED_KEYS which is set to true by each trust source
once its enabled and adapt the check for having at least one active trust
source to use this option. Whenever a new trust source is added, it now
needs to select HAVE_TRUSTED_KEYS.
Signed-off-by: David Gstir
---
security/keys/trusted-keys/Kconfig
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
.../security/keys/trusted-encrypted.rst | 85 +++
1 file changed, 85 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst
b/Documentation/security/keys/trusted-encrypted.rst
index
Jarkko,
> On 27.03.2024, at 16:40, Jarkko Sakkinen wrote:
>
> On Wed Mar 27, 2024 at 10:24 AM EET, David Gstir wrote:
>> Update the documentation for trusted and encrypted KEYS with DCP as new
>> trust source:
>>
>> - Describe security properties of DCP tru
Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
Reviewed-by: Jarkko Sakkinen
---
include/keys/trusted_dcp.h| 11 +
security/keys/trusted-keys/Kconfig| 8 +
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_core.c
-by: David Gstir
Tested-by: Jarkko Sakkinen # for TRUSTED_KEYS_TPM
Reviewed-by: Jarkko Sakkinen
---
security/keys/trusted-keys/Kconfig | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/security/keys/trusted-keys/Kconfig
b/security/keys/trusted-keys/Kconfig
index
QUE device key. A new `blob_key` and `nonce` are generated
randomly, when sealing/exporting the DCP blob.
This patchset was tested with dm-crypt on an i.MX6ULL board.
[0]
https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
David Gstir (6):
crypto: mxs-dcp: Add support fo
will
give userspace full access to use keys. In scenarios with untrustworthy
userspace, this will enable en-/decryption oracles.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
.../security/keys/trusted-encrypted.rst | 53 +++
security/keys/trusted-keys/trusted_dcp.c | 19 +++
2 files changed, 72 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst
b
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
Reviewed
This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip
found in smaller i.MX SoCs.
Signed-off-by: David Gstir
Acked-by: Jarkko Sakkinen
---
MAINTAINERS | 9 +
1 file changed, 9 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 976a5cea1577..ca7f42ca9338 100644
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
will
give userspace full access to use keys. In scenarios with untrustworthy
userspace, this will enable en-/decryption oracles.
Co-developed-by: Richard Weinberger
Signed-off-by: Richard Weinberger
Co-developed-by: David Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
ernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
David Gstir (6):
crypto: mxs-dcp: Add support for hardware-bound keys
KEYS: trusted: improve scalability of trust source config
KEYS: trusted: Introduce NXP DCP-backed trusted keys
MAINTAINERS: add entry for DCP-based t
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
---
.../security/keys/trusted-encrypted.rst | 85 +++
1 file changed, 85 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst
b/Documentation/security/keys/trusted-encrypted.rst
index
-by: David Gstir
---
security/keys/trusted-keys/Kconfig | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/security/keys/trusted-keys/Kconfig
b/security/keys/trusted-keys/Kconfig
index dbfdd8536468..553dc117f385 100644
--- a/security/keys/trusted-keys/Kconfig
+++ b
This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip
found in smaller i.MX SoCs.
Signed-off-by: David Gstir
Acked-by: Jarkko Sakkinen
---
MAINTAINERS | 9 +
1 file changed, 9 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 976a5cea1577..ca7f42ca9338 100644
Oberhollenzer
Signed-off-by: David Oberhollenzer
Signed-off-by: David Gstir
Reviewed-by: Jarkko Sakkinen
---
include/keys/trusted_dcp.h| 11 +
security/keys/trusted-keys/Kconfig| 8 +
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_core.c
51 matches
Mail list logo