[RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY
Jarkko Sakkinen
jarkko at kernel.org
Tue Sep 6 08:58:17 UTC 2022
On Tue, Sep 06, 2022 at 12:21:49PM +0530, Pankaj Gupta wrote:
> Hardware Bound key(HBK), is never acessible as plain key outside of the
~~~~~~~~~
accesible.
> hardware boundary. Thus, it is un-usable, even if somehow fetched
> from kernel memory. It ensures run-time security.
Why is it called "HBK" here and "hw" in the context of keyctl?
> This patchset adds generic support for classing the Hardware Bound Key,
> based on:
>
> - Newly added flag-'is_hbk', added to the tfm.
>
> Consumer of the kernel crypto api, after allocating
> the transformation, sets this flag based on the basis
> of the type of key consumer has.
>
> - This helps to influence the core processing logic
> for the encapsulated algorithm.
>
> - This flag is set by the consumer after allocating
> the tfm and before calling the function crypto_xxx_setkey().
>
> First implementation is based on CAAM.
CAAM is implementation of what exactly?
I'm sorry but I don't know your definition of unusable.
BR, Jarkko
More information about the Linux-security-module-archive
mailing list