[PATCH v6 4/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

Jarkko Sakkinen jarkko at kernel.org
Tue Mar 22 08:17:33 UTC 2022


On Tue, Mar 22, 2022 at 08:33:34AM +0100, Ahmad Fatoum wrote:
> Hello Jarkko,
> 
> On 20.03.22 22:02, Jarkko Sakkinen wrote:
> > On Wed, Mar 16, 2022 at 05:43:35PM +0100, Ahmad Fatoum wrote:
> >> @@ -192,6 +217,19 @@ Usage::
> >>  specific to TEE device implementation.  The key length for new keys is always
> >>  in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
> >>  
> >> +Trusted Keys usage: CAAM
> >> +------------------------
> >> +
> >> +Usage::
> >> +
> >> +    keyctl add trusted name "new keylen" ring
> >> +    keyctl add trusted name "load hex_blob" ring
> >> +    keyctl print keyid
> >> +
> >> +"keyctl print" returns an ASCII hex copy of the sealed key, which is in format
> >> +specific to CAAM device implementation.  The key length for new keys is always
> >> +in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
> >> +
> >>  Encrypted Keys usage
> >>  --------------------
> >>  
> >> diff --git a/MAINTAINERS b/MAINTAINERS
> >> index 05fd080b82f3..f13382a14967 100644
> >> --- a/MAINTAINERS
> >> +++ b/MAINTAINERS
> >> @@ -10647,6 +10647,15 @@ S:	Supported
> >>  F:	include/keys/trusted_tee.h
> >>  F:	security/keys/trusted-keys/trusted_tee.c
> >>  
> >> +KEYS-TRUSTED-CAAM
> >> +M:	Ahmad Fatoum <a.fatoum at pengutronix.de>
> >> +R:	Pengutronix Kernel Team <kernel at pengutronix.de>
> >> +L:	linux-integrity at vger.kernel.org
> >> +L:	keyrings at vger.kernel.org
> >> +S:	Maintained
> >> +F:	include/keys/trusted_caam.h
> >> +F:	security/keys/trusted-keys/trusted_caam.c
> >> +
> >>  KEYS/KEYRINGS
> >>  M:	David Howells <dhowells at redhat.com>
> >>  M:	Jarkko Sakkinen <jarkko at kernel.org>
> > 
> > Documentation and MAINTAINERS updates must be separate patches.
> 
> I will do so for v7. Does this patch look otherwise ok to you?
> 
> Thanks,
> Ahmad

I don't give heads ups. It's improperly constructed patch, i.e. I won't
review it in this from.

BR, Jarkko



More information about the Linux-security-module-archive mailing list