[PATCH v6 4/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Jarkko Sakkinen
jarkko at kernel.org
Tue Mar 22 08:17:33 UTC 2022
On Tue, Mar 22, 2022 at 08:33:34AM +0100, Ahmad Fatoum wrote:
> Hello Jarkko,
>
> On 20.03.22 22:02, Jarkko Sakkinen wrote:
> > On Wed, Mar 16, 2022 at 05:43:35PM +0100, Ahmad Fatoum wrote:
> >> @@ -192,6 +217,19 @@ Usage::
> >> specific to TEE device implementation. The key length for new keys is always
> >> in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
> >>
> >> +Trusted Keys usage: CAAM
> >> +------------------------
> >> +
> >> +Usage::
> >> +
> >> + keyctl add trusted name "new keylen" ring
> >> + keyctl add trusted name "load hex_blob" ring
> >> + keyctl print keyid
> >> +
> >> +"keyctl print" returns an ASCII hex copy of the sealed key, which is in format
> >> +specific to CAAM device implementation. The key length for new keys is always
> >> +in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
> >> +
> >> Encrypted Keys usage
> >> --------------------
> >>
> >> diff --git a/MAINTAINERS b/MAINTAINERS
> >> index 05fd080b82f3..f13382a14967 100644
> >> --- a/MAINTAINERS
> >> +++ b/MAINTAINERS
> >> @@ -10647,6 +10647,15 @@ S: Supported
> >> F: include/keys/trusted_tee.h
> >> F: security/keys/trusted-keys/trusted_tee.c
> >>
> >> +KEYS-TRUSTED-CAAM
> >> +M: Ahmad Fatoum <a.fatoum at pengutronix.de>
> >> +R: Pengutronix Kernel Team <kernel at pengutronix.de>
> >> +L: linux-integrity at vger.kernel.org
> >> +L: keyrings at vger.kernel.org
> >> +S: Maintained
> >> +F: include/keys/trusted_caam.h
> >> +F: security/keys/trusted-keys/trusted_caam.c
> >> +
> >> KEYS/KEYRINGS
> >> M: David Howells <dhowells at redhat.com>
> >> M: Jarkko Sakkinen <jarkko at kernel.org>
> >
> > Documentation and MAINTAINERS updates must be separate patches.
>
> I will do so for v7. Does this patch look otherwise ok to you?
>
> Thanks,
> Ahmad
I don't give heads ups. It's improperly constructed patch, i.e. I won't
review it in this from.
BR, Jarkko
More information about the Linux-security-module-archive
mailing list