Re: [PATCH v0 6/8] KEYS: trusted: caam based black key

From: Ben Boeckel
Date: Thu Oct 06 2022 - 08:41:55 EST

Next message: Andrew Jones: "Re: [PATCH] riscv: jump_label: mark arguments as const to satisfy asm constraints"
Previous message: Sebastian Andrzej Siewior: "Re: [PATCH 2/2] random: spread out jitter callback to different CPUs"
In reply to: Pankaj Gupta: "[PATCH v0 6/8] KEYS: trusted: caam based black key"
Next in thread: James Bottomley: "Re: [PATCH v0 6/8] KEYS: trusted: caam based black key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 06, 2022 at 18:38:35 +0530, Pankaj Gupta wrote:
> - CAAM supports two types of black keys:
> -- Plain key encrypted with ECB
> -- Plain key encrypted with CCM

What is a "black key"? Is this described in the documentation or local
comments at all? (I know I'm unfamiliar with CAAM, but maybe this should
be mentioned somewhere?).

> Note: Due to robustness, default encytption used for black key is CCM.
^^^^^^^^^^ encryption

What "robustness"? Surely there's some more technical details involved
here?

> - A black key blob is generated, and added to trusted key payload.
> This is done as part of sealing operation, that was triggered as a result of:
> -- new key generation
> -- load key,

It seems that "black keys" are what the uapi calls "hw". I think this
should be mentioned in the commit message (and CAAM docs).

What do other keytypes do if `hw` is requested and it's not possible
(say, `big_key`)?

Thanks,

--Ben

Next message: Andrew Jones: "Re: [PATCH] riscv: jump_label: mark arguments as const to satisfy asm constraints"
Previous message: Sebastian Andrzej Siewior: "Re: [PATCH 2/2] random: spread out jitter callback to different CPUs"
In reply to: Pankaj Gupta: "[PATCH v0 6/8] KEYS: trusted: caam based black key"
Next in thread: James Bottomley: "Re: [PATCH v0 6/8] KEYS: trusted: caam based black key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]