[PATCH v2 1/2] security/keys/secure_key: Adds the secure key support based on CAAM.
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Thu Jan 23 12:55:52 UTC 2020
On Fri, 2020-01-17 at 12:52 +0100, Maik Otto wrote:
> Hi
>
> I tested both patches in combination with
> [RFC,2/2] dm-crypt: Use any key type which is registered from
> https://patchwork.kernel.org/patch/10835633/ with bug fix
> and an i.MX6Quad (logged device) with Mainline Kernel 4.19.88
>
> The following tests were successful:
> - key generation with CAAM
> keyctl add secure kmk-master "new 64" @s
> - export and import key blob with same controller
> keyctl pipe 332995568 > secure_key.blob
> reboot device
> keyctl add secure kmk-master "load `cat secure_key.blob`" @s
> - import keyblob with an other cpu and same keys for secure boot
> caam_jr 2102000.jr1: caam op done err: 20000c1a
> [ 185.788931] secure_key: key_blob decap fail (-22)
> add_key: Invalid argument
> => failing import was expected: pass
> - use key from keyring in dmcrypt with an sd-card
> dmsetup create test --table "0 106496 crypt aes-xts-plain64
> :64:secure:kmk-master 0 /dev/mmcblk0p3 0"
> write,read reboot and read again
>
> Tested-by: Maik Otto<m.otto at phytec.de>
I cannot find the original patch. Can this patch set be
sent together with a cover letter, which is obviously
missing from the earlier version, please.
/Jarkko
More information about the Linux-security-module-archive
mailing list