[PATCH v3 2/3] KEYS: trusted: Introduce support for NXP DCP-based trusted keys
David Gstir
david at sigma-star.at
Wed Sep 27 06:33:01 UTC 2023
Jarkko,
> On 25.09.2023, at 17:34, Jarkko Sakkinen <jarkko at kernel.org> wrote:
>
> On Mon Sep 18, 2023 at 5:18 PM EEST, David Gstir wrote:
>> DCP (Data Co-Processor) is the little brother of NXP's CAAM IP.
>>
>> Beside of accelerated crypto operations, it also offers support for
>> hardware-bound keys. Using this feature it is possible to implement a blob
>> mechanism just like CAAM offers. Unlike on CAAM, constructing and
>> parsing the blob has to happen in software.
>>
>> We chose the following format for the blob:
>
> Who is we?
The authors of this patch. But I’ll rephrase that to get rid
of the academic paper style.
> And there is no choosing anything if the below structure if hardware
> defined (not software defined):
The below structure is actually software-defined by this patch.
Contrary to CAAM, DCP does not have a key blob feature.
DCP’s hardware-bound UNIQUE or OTP key is used to bind
these key blobs to a specific DCP chip.
>
>> /*
>> * struct dcp_blob_fmt - DCP BLOB format.
>> *
>> * @fmt_version: Format version, currently being %1
>> * @blob_key: Random AES 128 key which is used to encrypt @payload,
>> * @blob_key itself is encrypted with OTP or UNIQUE device key in
>> * AES-128-ECB mode by DCP.
>> * @nonce: Random nonce used for @payload encryption.
>> * @payload_len: Length of the plain text @payload.
>> * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key,
>> * GCM auth tag of size AES_BLOCK_SIZE is attached at the end of it.
>> *
>> * The total size of a DCP BLOB is sizeof(struct dcp_blob_fmt) + @payload_len +
>> * AES_BLOCK_SIZE.
>> */
>> struct dcp_blob_fmt {
>> __u8 fmt_version;
>> __u8 blob_key[AES_KEYSIZE_128];
>> __u8 nonce[AES_KEYSIZE_128];
>> __le32 payload_len;
>> __u8 payload[];
>> } __packed;
>>
>> @payload is the key provided by trusted_key_ops->seal().
>>
>> By default the UNIQUE device key is used, it is also possible to use
>> the OTP key. While the UNIQUE device key should be unique it is not
>> entirely clear whether this is the case due to unclear documentation.
>> If someone wants to be sure they can burn their own unique key
>> into the OTP fuse and set the use_otp_key module parameter.
>>
>> Co-developed-by: Richard Weinberger <richard at nod.at>
>> Signed-off-by: Richard Weinberger <richard at nod.at>
>> Co-developed-by: David Oberhollenzer <david.oberhollenzer at sigma-star.at>
>> Signed-off-by: David Oberhollenzer <david.oberhollenzer at sigma-star.at>
>> Signed-off-by: David Gstir <david at sigma-star.at>
>> ---
>> .../admin-guide/kernel-parameters.txt | 13 +
>
> Separate commit for this.
>
>> MAINTAINERS | 9 +
>
> Ditto (i.e. total two additional patches).
Will do for v4!
Thanks,
- David
More information about the Linux-security-module-archive
mailing list