[PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
a.fatoum at pengutronix.de
Wed Mar 17 14:08:01 UTC 2021
Hello Richard,
On 17.03.21 00:10, Richard Weinberger wrote:
> On Tue, Mar 16, 2021 at 6:24 PM Ahmad Fatoum <a.fatoum at pengutronix.de> wrote:
>> This series has been tested with dmcrypt[5] on an i.MX6DL.
>
> Do have this series also in a git repo to pull from?
> I'd like to give it a test on various systems.
Yes, please pull git://git.pengutronix.de/afa/linux
Branch v5.12/topic/trusted-source-caam
It includes these three patches on top of Jarkko's linux-tpmdd/master.
>> Looking forward to your feedback.
>
> Thanks for working on this! David and I will have a closer look these days.
Great. Here is a simple testing regiment that could help you getting started:
# First boot
DEV=/dev/loop0
ALGO=aes-cbc-essiv:sha256
KEYNAME=kmk
BLOCKS=20
mount -o remount,rw /
fallocate -l $((BLOCKS*512)) ~/loop0.img
losetup -P $DEV ~/loop0.img
KEY="$(keyctl add trusted $KEYNAME 'new 32' @s)"
keyctl pipe $KEY >~/kmk.blob
TABLE="0 $BLOCKS crypt $ALGO :32:trusted:$KEYNAME 0 $DEV 0 1 allow_discards"
echo $TABLE | dmsetup create mydev
echo $TABLE | dmsetup load mydev
dd if=/dev/zero of=/dev/mapper/mydev || true
echo "It works!" 1<> /dev/mapper/mydev
cryptsetup close mydev
# Second boot
DEV=/dev/loop0
ALGO=aes-cbc-essiv:sha256
KEYNAME=kmk
BLOCKS=20
losetup -P $DEV ~/loop0.img
keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s
TABLE="0 $BLOCKS crypt $ALGO :32:trusted:$KEYNAME 0 $DEV 0 1 allow_discards"
echo $TABLE | dmsetup create mydev
echo $TABLE | dmsetup load mydev
# Should print that It works!
hexdump -C /dev/mapper/mydev
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the Linux-security-module-archive
mailing list