[RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt

Franck Lenormand franck.lenormand at nxp.com
Thu Mar 7 13:17:48 UTC 2019


> -----Original Message-----
> From: David Howells <dhowells at redhat.com>
> Sent: Wednesday, March 6, 2019 6:30 PM
> To: Franck Lenormand <franck.lenormand at nxp.com>
> Cc: dhowells at redhat.com; linux-kernel at vger.kernel.org; linux-security-
> module at vger.kernel.org; keyrings at vger.kernel.org; Horia Geanta
> <horia.geanta at nxp.com>; Silvano Di Ninno <silvano.dininno at nxp.com>;
> agk at redhat.com; snitzer at redhat.com; dm-devel at redhat.com;
> jmorris at namei.org; serge at hallyn.com
> Subject: Re: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in
> dmcrypt
> 
> Franck LENORMAND <franck.lenormand at nxp.com> wrote:
> 
> > The capacity to generate or load keys already available in the Linux
> > key retention service does not allows to exploit CAAM capabilities
> > hence we need to create a new key_type. The new key type "caam_tk"
> allows to:
> >  - Create a black key from random
> >  - Create a black key from a red key
> >  - Load a black blob to retrieve the black key
> 
> Is it possible that this could be done through an existing key type, such as the
> asymmetric, trusted or encrypted key typed?
> 
> David

Hello David,

I didn't know about asymmetric key type so I looked it up, from my
observation, it would not be possible to use it for the caam_tk as
we must perform operations on the data provided.
The name " asymmetric " is also misleading for the use we would have.

The trusted and encrypted does not provides the necessary
callbacks to do what we would need or require huge modifications.

I would like, for this series to focus on the change related to
dm-crypt. In effect, it is currently not possible to pass a key
from the asymmetric key type to it.

Franck



More information about the Linux-security-module-archive mailing list