[PATCH v6 4/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

Ahmad Fatoum a.fatoum at pengutronix.de
Tue Mar 22 07:33:34 UTC 2022


Hello Jarkko,

On 20.03.22 22:02, Jarkko Sakkinen wrote:
> On Wed, Mar 16, 2022 at 05:43:35PM +0100, Ahmad Fatoum wrote:
>> @@ -192,6 +217,19 @@ Usage::
>>  specific to TEE device implementation.  The key length for new keys is always
>>  in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
>>  
>> +Trusted Keys usage: CAAM
>> +------------------------
>> +
>> +Usage::
>> +
>> +    keyctl add trusted name "new keylen" ring
>> +    keyctl add trusted name "load hex_blob" ring
>> +    keyctl print keyid
>> +
>> +"keyctl print" returns an ASCII hex copy of the sealed key, which is in format
>> +specific to CAAM device implementation.  The key length for new keys is always
>> +in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
>> +
>>  Encrypted Keys usage
>>  --------------------
>>  
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index 05fd080b82f3..f13382a14967 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -10647,6 +10647,15 @@ S:	Supported
>>  F:	include/keys/trusted_tee.h
>>  F:	security/keys/trusted-keys/trusted_tee.c
>>  
>> +KEYS-TRUSTED-CAAM
>> +M:	Ahmad Fatoum <a.fatoum at pengutronix.de>
>> +R:	Pengutronix Kernel Team <kernel at pengutronix.de>
>> +L:	linux-integrity at vger.kernel.org
>> +L:	keyrings at vger.kernel.org
>> +S:	Maintained
>> +F:	include/keys/trusted_caam.h
>> +F:	security/keys/trusted-keys/trusted_caam.c
>> +
>>  KEYS/KEYRINGS
>>  M:	David Howells <dhowells at redhat.com>
>>  M:	Jarkko Sakkinen <jarkko at kernel.org>
> 
> Documentation and MAINTAINERS updates must be separate patches.

I will do so for v7. Does this patch look otherwise ok to you?

Thanks,
Ahmad

> 
> BR, Jarkko
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



More information about the Linux-security-module-archive mailing list