From patchwork Wed Mar 27 08:24:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gstir X-Patchwork-Id: 783734 Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B155932182 for ; Wed, 27 Mar 2024 08:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711527920; cv=none; b=QjZQpb+f9A+DSUXPg0DIxzxDrisNbtTPwhjCOIk4UeZp/tgNxVh+pIoWlQt2Qp8ntW2ds7mhztU5KtZXkeVtjTsRGRZZYwYftXDewwqvPD7t3uOiEIoZnTfheO/tERxnRkJ0+ZlPEoNkWMyTss7T/6ccEw5Bo/8l6LY4eljRzh0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711527920; c=relaxed/simple; bh=C4f+kFBy0hAQAYDAa01rmYY1nrmGyMmYFu2esSN4yes=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ptM1Z5dgd2peWa0FN9Q3eEjbg6bKNkuNizHgruQhqF+QcHJfcXpzORy3Gtuye17w+nR6huEtp7lzvghAKKJhBfuBcSFkKp8GzY3AxnRa6EdXPzNzPXmFmZLpjY8JOYgHIEJZvrE1SpRWvsveSmQFpt2P2jI2RQBhNitILzVWRiE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at; spf=pass smtp.mailfrom=sigma-star.at; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b=JUuOLwHM; arc=none smtp.client-ip=209.85.221.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sigma-star.at Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b="JUuOLwHM" Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-33e285a33bdso3938003f8f.2 for ; Wed, 27 Mar 2024 01:25:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; t=1711527917; x=1712132717; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=41GOPkTc4lXAIZ+9zm1p6sZ+N7KmKdpT4tLVWCOmpjY=; b=JUuOLwHMx9zBO73wuvgAl5783kTwSoGx7XIDdNE/pKn/y4k5mYjOUDWZ5wGjJ1XfyU 777VqNNZZMCSv+lyy9lxlk5WHj0lhQYPFu309JuESmzW1IuX07qf64Bkx9/AF7KvUjdu qtoQ5UAUPnx26nUzyuYDzpc+MQrsmBWl0ZkpreVtKmfK3wTq4a9JNhYWuVg9/0DOC8rK /D0KJQmelwHXLc9mO9UWjdoYN/P2AlYqlSD9MKTUEvVZcB7ig3pQ0RRwQD0CRRwJuLeH os6FR4lA7gAwTT/uZ5NSUk/9gO/KTysc/6L5QGshtPCcxWsda6/qBuRZ4bozCMTGgmwG 65jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711527917; x=1712132717; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=41GOPkTc4lXAIZ+9zm1p6sZ+N7KmKdpT4tLVWCOmpjY=; b=OOyhOHF5iuWFw5V/rYqODYSo6b6KFMPiqoBPmoF/Hpp8ypBy/1uK6Bjp76/uKMOeQX jYfN3m6Hgos29xA/xsonfdv2Uj0QHiMl0Grk60h/VX1z2Nydhv0wR4ihP0PZBGgJS4Bq 45fk1HfYY3hb+tNwoUf8tmt+cJGukqf02qKIsUWdFnLa/vvihWoYUDa9wi8WIhAvqr6o JapeSBqPII9Zz1AFGwJ0AKxKrHry+/624VvelK6+oEoycODgMYuPYrCY+9gbVDf0Eyih D5ehZv/sW4dZvgo4ufLP9AAKK7I/IQrrqphv0o3+4wS6XnSzAMWop89KYFOGJd07FVaE W/Eg== X-Forwarded-Encrypted: i=1; AJvYcCVGeZxz5LaLZpRzZiV2LiE6Og5F1cvAF7peET60oZ1FmDyjpJIkbRxqpKrW0N1+xHAdpkVkfRU6PhX9Gjz16+xat4bpPW8g7bycfPNY X-Gm-Message-State: AOJu0YxA95RK7KFOUouVcu+fMs2/WFvfhJEEtCof4G7zb3BVI/g6N4Be 6qeu8unjbYTuX+pqMZma9n7auZ6BDL6Y8nbxQgCnf9hKhb540loRWpdd6pfKWEc= X-Google-Smtp-Source: AGHT+IHlYgiwwFkkQ0bYRo4ux1xbHOrikHhT8qJd8DY/AJq8DdShBZcoa1JSm1RCgDbg3Zs77MGl0Q== X-Received: by 2002:adf:fd51:0:b0:33e:8c7e:608c with SMTP id h17-20020adffd51000000b0033e8c7e608cmr2580372wrs.13.1711527917000; Wed, 27 Mar 2024 01:25:17 -0700 (PDT) Received: from localhost ([82.150.214.1]) by smtp.gmail.com with UTF8SMTPSA id x4-20020a5d60c4000000b00341ce1b64f0sm6951265wrt.17.2024.03.27.01.25.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 27 Mar 2024 01:25:16 -0700 (PDT) From: David Gstir To: Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Cc: David Gstir , Shawn Guo , Jonathan Corbet , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Ahmad Fatoum , sigma star Kernel Team , David Howells , Li Yang , Paul Moore , James Morris , "Serge E. Hallyn" , "Paul E. McKenney" , Randy Dunlap , Catalin Marinas , "Rafael J. Wysocki" , Tejun Heo , "Steven Rostedt (Google)" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-security-module@vger.kernel.org Subject: [PATCH v7 2/6] KEYS: trusted: improve scalability of trust source config Date: Wed, 27 Mar 2024 09:24:48 +0100 Message-ID: <20240327082454.13729-3-david@sigma-star.at> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240327082454.13729-1-david@sigma-star.at> References: <20240327082454.13729-1-david@sigma-star.at> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Enabling trusted keys requires at least one trust source implementation (currently TPM, TEE or CAAM) to be enabled. Currently, this is done by checking each trust source's config option individually. This does not scale when more trust sources like the one for DCP are added, because the condition will get long and hard to read. Add config HAVE_TRUSTED_KEYS which is set to true by each trust source once its enabled and adapt the check for having at least one active trust source to use this option. Whenever a new trust source is added, it now needs to select HAVE_TRUSTED_KEYS. Signed-off-by: David Gstir --- security/keys/trusted-keys/Kconfig | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig index dbfdd8536468..553dc117f385 100644 --- a/security/keys/trusted-keys/Kconfig +++ b/security/keys/trusted-keys/Kconfig @@ -1,3 +1,6 @@ +config HAVE_TRUSTED_KEYS + bool + config TRUSTED_KEYS_TPM bool "TPM-based trusted keys" depends on TCG_TPM >= TRUSTED_KEYS @@ -9,6 +12,7 @@ config TRUSTED_KEYS_TPM select ASN1_ENCODER select OID_REGISTRY select ASN1 + select HAVE_TRUSTED_KEYS help Enable use of the Trusted Platform Module (TPM) as trusted key backend. Trusted keys are random number symmetric keys, @@ -20,6 +24,7 @@ config TRUSTED_KEYS_TEE bool "TEE-based trusted keys" depends on TEE >= TRUSTED_KEYS default y + select HAVE_TRUSTED_KEYS help Enable use of the Trusted Execution Environment (TEE) as trusted key backend. @@ -29,10 +34,11 @@ config TRUSTED_KEYS_CAAM depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS select CRYPTO_DEV_FSL_CAAM_BLOB_GEN default y + select HAVE_TRUSTED_KEYS help Enable use of NXP's Cryptographic Accelerator and Assurance Module (CAAM) as trusted key backend. -if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM -comment "No trust source selected!" +if !HAVE_TRUSTED_KEYS + comment "No trust source selected!" endif From patchwork Wed Mar 27 08:24:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gstir X-Patchwork-Id: 783733 Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A97DF41757 for ; Wed, 27 Mar 2024 08:25:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711527925; cv=none; b=Yoxh96yqpBuDZpED216UUk17m6cY6C4QnlP9zuwbQkmunDBbmWAHxqgindiucr6tZNi50Znvt+GJNDi7VYZkiNgqph4b2F7i5LafAbGuz11v2R8RJUQnKtAX5nNAQxyhkdXKUZlTpVhRf353lL++uASQzY0RmgT7rQwg0ZLzNzg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711527925; c=relaxed/simple; bh=Khyeg1/xj46k+x5xR7s8vWgC8Y2GcoM7MOqDayZ6owQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=f8C/bwKIIti0HTsyaZZ7R3Gr/DPYErx5HLJacsDVWSt/pKNX27AxFC6Po7K7SP8S0+eoBPPoglFYTNatCzvS8UE+kTaCnAEW0FclomqnXa2i4j3dwqxB6IlXbI5T78IfmL1sZhc389hYYNRaN+TKs2xA345uaZOVXMWGt0ZIVOc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at; spf=pass smtp.mailfrom=sigma-star.at; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b=jilZifSA; arc=none smtp.client-ip=209.85.221.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sigma-star.at Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b="jilZifSA" Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-33ed4dd8659so355902f8f.0 for ; Wed, 27 Mar 2024 01:25:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; t=1711527921; x=1712132721; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=D9xm7Qk02wEciH96RlDxlZxQKfuGKusC1XnJuVX2I7s=; b=jilZifSA0iN1SrolUjvpXuZdUSREt4vOG1vvZElJI66kWn1c0UvRC8J3xuMfE5j/EL r/UEc19EbP4sNVB6jQifBOeiBpJyFCDUrl42iWZqrzAUyIkUkuCv+UC5CFmFPUqzjEL4 V8o81v7roOSpTlR+/hFd3Andy0ieNvp572SnFsmSq5FlJI8g7Ul7K+HZTz/BF41XnC8Y CVenx5jOnSZwTUTKVJXLLyE9LivIoqfaX3IpLc3HtNX9XViH0Y7Vbi1EtjDei1542onX fvqFPMsayTMNz3ZBVucyjzLbQrV1yTX/L5kozBLcceVf6rhhdvwMu49PpM5dmm981owA 9auQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711527921; x=1712132721; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D9xm7Qk02wEciH96RlDxlZxQKfuGKusC1XnJuVX2I7s=; b=UmERONGG2quoN4kqpx79UeJmHkJ5A2ogzN99wNsBX/EOmDQLscJ/2GNGF+LAKQO2V2 TnGP7NC2IC1kXUVxvHrsNQ3ozftVk92GKL76iL3ryNOEBbuyoWPXCvHL+B74IQ9nkbkq bf+5hrFSye/Fn73fVvGwc+rC+IQCwnTV3ejvO5gO0rD77zPTYDdwIIHGBpO2L4RXjdSz weo4KG0n0F2LhWOOa7JDqTGCM5gA3R2pizaR0OxVgh2I+Fbmmcv1WhrywG2eV3UOySF9 g5V1T3HZvecj3TsmraHo4gEcP55RjUhh/QY7ulm5Sf1XJP0810f7RgM8N5QZXW3NjZmt jV6w== X-Forwarded-Encrypted: i=1; AJvYcCUVFm1Pn9w9X6YJ3lFo5pn4ZfOpJRpmafVfo3pSLPpNIXPPDzcIxT6h5PYohbdDCLMwMO/u0+wxwbDRCpJ9PM2fQMFbM1xDYb82l8/S X-Gm-Message-State: AOJu0Yyc59fYMHdVUGDrvxQsG1ShacbPq4i1j1fXvEdS8FfLIPhAKmtx wbYKMZHSuNLR6/oPyyq8J3id+CifLEShNT9sd72qgCaxKeJappuo3FuLMkc05nY= X-Google-Smtp-Source: AGHT+IEi6DJCe+eRQesc9WaCfXzgJ1OMWtJfkq8NT9bPs2vNWQls9qa5Cc9KIdoWDe4T00OA6qEG8g== X-Received: by 2002:a5d:67c6:0:b0:33e:764b:ab17 with SMTP id n6-20020a5d67c6000000b0033e764bab17mr3298532wrw.14.1711527921136; Wed, 27 Mar 2024 01:25:21 -0700 (PDT) Received: from localhost ([82.150.214.1]) by smtp.gmail.com with UTF8SMTPSA id cl1-20020a5d5f01000000b0033e72e104c5sm13308800wrb.34.2024.03.27.01.25.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 27 Mar 2024 01:25:20 -0700 (PDT) From: David Gstir To: Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Cc: David Gstir , Shawn Guo , Jonathan Corbet , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Ahmad Fatoum , sigma star Kernel Team , David Howells , Li Yang , Paul Moore , James Morris , "Serge E. Hallyn" , "Paul E. McKenney" , Randy Dunlap , Catalin Marinas , "Rafael J. Wysocki" , Tejun Heo , "Steven Rostedt (Google)" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-security-module@vger.kernel.org Subject: [PATCH v7 4/6] MAINTAINERS: add entry for DCP-based trusted keys Date: Wed, 27 Mar 2024 09:24:50 +0100 Message-ID: <20240327082454.13729-5-david@sigma-star.at> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240327082454.13729-1-david@sigma-star.at> References: <20240327082454.13729-1-david@sigma-star.at> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip found in smaller i.MX SoCs. Signed-off-by: David Gstir Acked-by: Jarkko Sakkinen --- MAINTAINERS | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 976a5cea1577..ca7f42ca9338 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12019,6 +12019,15 @@ S: Maintained F: include/keys/trusted_caam.h F: security/keys/trusted-keys/trusted_caam.c +KEYS-TRUSTED-DCP +M: David Gstir +R: sigma star Kernel Team +L: linux-integrity@vger.kernel.org +L: keyrings@vger.kernel.org +S: Supported +F: include/keys/trusted_dcp.h +F: security/keys/trusted-keys/trusted_dcp.c + KEYS-TRUSTED-TEE M: Sumit Garg L: linux-integrity@vger.kernel.org From patchwork Wed Mar 27 08:24:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gstir X-Patchwork-Id: 783732 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF9C44BA94 for ; Wed, 27 Mar 2024 08:25:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711527928; cv=none; b=hVIJJp6hPooWV37s027KQcxqF7m+R48harhohs5BcrhTp/0CjfWH6UaN6XlZ3YCtZFKaYqESBAsp6yKdj5BTQX4NJX4FSFjLPlB0x8WerhPgDn7vVxbxyDtOoH+LH3dex+4ZaXyDcK88w6sxntDdoyjR4Xotkby/o3MkOHqzoTw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711527928; c=relaxed/simple; bh=FDOPf3xlGpDAEZuAPeTmAaGWnb+6zG3xNnz2qq7Ohj4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jlhmpjEbJ72y1C+iLqiUA1Da7YPfVxj5qc5tKu/OTAIWmIRx5YjFRoBgzQNjVczbKBvCrYId2p530NuzE4HDHa0Zb3OZVmHZr9r+W6ZwugiiGrdhSu+X5GJ1m+Ec1g3SgL3TS/4BUnbq8SNEFH8xxmKoWN2axNSsKJiLMqx3n7I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at; spf=pass smtp.mailfrom=sigma-star.at; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b=XfvN7Gbh; arc=none smtp.client-ip=209.85.128.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sigma-star.at Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sigma-star.at Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sigma-star.at header.i=@sigma-star.at header.b="XfvN7Gbh" Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-41495dce900so624045e9.0 for ; Wed, 27 Mar 2024 01:25:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; t=1711527925; x=1712132725; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=otEyEh5HNjpSjKJb9y7tWHyWPlbFploqEwD1jDd84X0=; b=XfvN7Gbh77ezLOEcJ8eRipMXL7+5qJjKmYm/ORphg7HV0Zr6k29AN3D7cq7v9B2GM2 tPbjFpIm/2337sSUvtuMU1LbZAfp3arcsBfnJrSv4ZgNUz5tGDZUsY7fZmv/jsrFRXzl JXHXlFQPCGzDBjY/rhafpZkF8WTd2XaeNiObcl/PRJV0+00RHkgDKfGgIabM7JftFsOn F5Oy9jP1NVcMhbaAKZ8IyMmB4IRzMCqIrcYjQNmXRPiRFLyd3G81MtZ5iKFhAnMLELeq 5K1/KXID2vQar9Z4KtaRj+GG4wBjna+9EF/JFO2tt23tBq3B0aJ7KlpgRM/qAmN/ARIo 3JFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711527925; x=1712132725; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=otEyEh5HNjpSjKJb9y7tWHyWPlbFploqEwD1jDd84X0=; b=CgXOE+jikIlJSMgbCUamK5JEiSl9za2QmN79hMFVxW9EuhQQFizfba47oM213E8Y3V 7jFZ6IdWx+YmYJW2pTDgbTyowvDqM3lQkMvISDSwtUJF8KOi9v5DCV0GW2HbcO29ahkY v7ux/4plXAdQWBoqWchIyteBczAOLDVkcfHOFbCSLRN7120bYujg5w0gAW/455proWCo Vbfjgf9jxlT+2TQS7EyX+z1252pceLNeJ7b957/ND1EhLdHhSQ6sqSd+s51W0R6jZ5uS ejjDeV1RkDHbhJQ3qwtRe/o18Uon3ak8uXHJ5sdMCYFe4dnm52O8gm7d92cjrWcxatrM yhuA== X-Forwarded-Encrypted: i=1; AJvYcCUpzJK3exEhGfYRyOCgdNjNQSoBiQRZxIFHkzGlZcbGF9q0SgE/WM9D7EZqRMyQ2Ln+vKhMYM9accHyiw2wmVlHzTvDdJdCcdmDi50t X-Gm-Message-State: AOJu0YxNKVd6ZoLb24D52fnvqxY1q65Vu72xQ9xIkIIP0AJIF547Ue5L Uyw6FFN5IgCZ2Epnm07ogUbSOwEfx2goqraj827/ihsf3g5n8TI3A0SNj2lT9+Q= X-Google-Smtp-Source: AGHT+IG7wR0nbB0jDKSCAusOIuwb3AuuIwFZ056wKDFtuOvUrA17eWCc0lIQ1zSgLo9xL9Vo01c6zQ== X-Received: by 2002:a05:600c:6543:b0:414:8f85:6e50 with SMTP id dn3-20020a05600c654300b004148f856e50mr3234755wmb.19.1711527925056; Wed, 27 Mar 2024 01:25:25 -0700 (PDT) Received: from localhost ([82.150.214.1]) by smtp.gmail.com with UTF8SMTPSA id u8-20020a05600c19c800b0041478393b8fsm1367979wmq.42.2024.03.27.01.25.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 27 Mar 2024 01:25:24 -0700 (PDT) From: David Gstir To: Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Cc: David Gstir , Shawn Guo , Jonathan Corbet , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Ahmad Fatoum , sigma star Kernel Team , David Howells , Li Yang , Paul Moore , James Morris , "Serge E. Hallyn" , "Paul E. McKenney" , Randy Dunlap , Catalin Marinas , "Rafael J. Wysocki" , Tejun Heo , "Steven Rostedt (Google)" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-security-module@vger.kernel.org, Richard Weinberger , David Oberhollenzer Subject: [PATCH v7 6/6] docs: trusted-encrypted: add DCP as new trust source Date: Wed, 27 Mar 2024 09:24:52 +0100 Message-ID: <20240327082454.13729-7-david@sigma-star.at> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240327082454.13729-1-david@sigma-star.at> References: <20240327082454.13729-1-david@sigma-star.at> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Update the documentation for trusted and encrypted KEYS with DCP as new trust source: - Describe security properties of DCP trust source - Describe key usage - Document blob format Co-developed-by: Richard Weinberger Signed-off-by: Richard Weinberger Co-developed-by: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: David Gstir --- .../security/keys/trusted-encrypted.rst | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst index e989b9802f92..81fb3540bb20 100644 --- a/Documentation/security/keys/trusted-encrypted.rst +++ b/Documentation/security/keys/trusted-encrypted.rst @@ -42,6 +42,14 @@ safe. randomly generated and fused into each SoC at manufacturing time. Otherwise, a common fixed test key is used instead. + (4) DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs) + + Rooted to a one-time programmable key (OTP) that is generally burnt + in the on-chip fuses and is accessible to the DCP encryption engine only. + DCP provides two keys that can be used as root of trust: the OTP key + and the UNIQUE key. Default is to use the UNIQUE key, but selecting + the OTP key can be done via a module parameter (dcp_use_otp_key). + * Execution isolation (1) TPM @@ -57,6 +65,12 @@ safe. Fixed set of operations running in isolated execution environment. + (4) DCP + + Fixed set of cryptographic operations running in isolated execution + environment. Only basic blob key encryption is executed there. + The actual key sealing/unsealing is done on main processor/kernel space. + * Optional binding to platform integrity state (1) TPM @@ -79,6 +93,11 @@ safe. Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs for platform integrity. + (4) DCP + + Relies on Secure/Trusted boot process (called HAB by vendor) for + platform integrity. + * Interfaces and APIs (1) TPM @@ -94,6 +113,11 @@ safe. Interface is specific to silicon vendor. + (4) DCP + + Vendor-specific API that is implemented as part of the DCP crypto driver in + ``drivers/crypto/mxs-dcp.c``. + * Threat model The strength and appropriateness of a particular trust source for a given @@ -129,6 +153,13 @@ selected trust source: CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure the device is probed. + * DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs) + + The DCP hardware device itself does not provide a dedicated RNG interface, + so the kernel default RNG is used. SoCs with DCP like the i.MX6ULL do have + a dedicated hardware RNG that is independent from DCP which can be enabled + to back the kernel RNG. + Users may override this by specifying ``trusted.rng=kernel`` on the kernel command-line to override the used RNG with the kernel's random number pool. @@ -231,6 +262,19 @@ Usage:: CAAM-specific format. The key length for new keys is always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits). +Trusted Keys usage: DCP +----------------------- + +Usage:: + + keyctl add trusted name "new keylen" ring + keyctl add trusted name "load hex_blob" ring + keyctl print keyid + +"keyctl print" returns an ASCII hex copy of the sealed key, which is in format +specific to this DCP key-blob implementation. The key length for new keys is +always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits). + Encrypted Keys usage -------------------- @@ -426,3 +470,44 @@ string length. privkey is the binary representation of TPM2B_PUBLIC excluding the initial TPM2B header which can be reconstructed from the ASN.1 octed string length. + +DCP Blob Format +--------------- + +The Data Co-Processor (DCP) provides hardware-bound AES keys using its +AES encryption engine only. It does not provide direct key sealing/unsealing. +To make DCP hardware encryption keys usable as trust source, we define +our own custom format that uses a hardware-bound key to secure the sealing +key stored in the key blob. + +Whenever a new trusted key using DCP is generated, we generate a random 128-bit +blob encryption key (BEK) and 128-bit nonce. The BEK and nonce are used to +encrypt the trusted key payload using AES-128-GCM. + +The BEK itself is encrypted using the hardware-bound key using the DCP's AES +encryption engine with AES-128-ECB. The encrypted BEK, generated nonce, +BEK-encrypted payload and authentication tag make up the blob format together +with a version number, payload length and authentication tag:: + + /* + * struct dcp_blob_fmt - DCP BLOB format. + * + * @fmt_version: Format version, currently being %1 + * @blob_key: Random AES 128 key which is used to encrypt @payload, + * @blob_key itself is encrypted with OTP or UNIQUE device key in + * AES-128-ECB mode by DCP. + * @nonce: Random nonce used for @payload encryption. + * @payload_len: Length of the plain text @payload. + * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key, + * GCM auth tag of size AES_BLOCK_SIZE is attached at the end of it. + * + * The total size of a DCP BLOB is sizeof(struct dcp_blob_fmt) + @payload_len + + * AES_BLOCK_SIZE. + */ + struct dcp_blob_fmt { + __u8 fmt_version; + __u8 blob_key[AES_KEYSIZE_128]; + __u8 nonce[AES_KEYSIZE_128]; + __le32 payload_len; + __u8 payload[]; + } __packed;