[PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
a.fatoum at pengutronix.de
Wed Mar 17 13:58:44 UTC 2021
Hello Jarkko,
On 16.03.21 20:22, Jarkko Sakkinen wrote:
> On Tue, Mar 16, 2021 at 06:01:18PM +0100, Ahmad Fatoum wrote:
>> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP core
>> built into many newer i.MX and QorIQ SoCs by NXP.
>>
>> The CAAM does crypto acceleration, hardware number generation and
>> has a blob mechanism for encapsulation/decapsulation of sensitive material.
>>
>> This blob mechanism depends on a device specific random 256-bit One Time
>> Programmable Master Key that is fused in each SoC at manufacturing
>> time. This key is unreadable and can only be used by the CAAM for AES
>> encryption/decryption of user data.
>>
>> This makes it a suitable backend (source) for kernel trusted keys.
>>
>> Previous commits generalized trusted keys to support multiple backends
>> and added an API to access the CAAM blob mechanism. Based on these,
>> provide the necessary glue to use the CAAM for trusted keys.
>>
>> Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
> Too early to ack, as I've not included the TEE thing to any PR yet.
No problem. I'd be happy to incorporate the feedback I receive in the meantime.
Cheers,
Ahmad
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the Linux-security-module-archive
mailing list