Re: [PATCH v2 07/10] qcom_scm: scm call for create, prepare and import keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 21, 2023 at 09:11:13PM -0700, Eric Biggers wrote:
> On Fri, Jul 21, 2023 at 08:40:32PM -0700, Bjorn Andersson wrote:
> > On Wed, Jul 19, 2023 at 10:04:21AM -0700, Gaurav Kashyap wrote:
> > > Storage encryption has two IOCTLs for creating, importing
> > > and preparing keys for encryption. For wrapped keys, these
> > > IOCTLs need to interface with the secure environment, which
> > > require these SCM calls.
> > > 
> > > generate_key: This is used to generate and return a longterm
> > >               wrapped key. Trustzone achieves this by generating
> > > 	      a key and then wrapping it using hwkm, returning
> > > 	      a wrapped keyblob.
> > > import_key:   The functionality is similar to generate, but here,
> > >               a raw key is imported into hwkm and a longterm wrapped
> > > 	      keyblob is returned.
> > > prepare_key:  The longterm wrapped key from import or generate
> > >               is made further secure by rewrapping it with a per-boot
> > > 	      ephemeral wrapped key before installing it to the linux
> > > 	      kernel for programming to ICE.
> > > 
> > > Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
> > > ---
> > >  drivers/firmware/qcom_scm.c            | 222 +++++++++++++++++++++++++
> > >  drivers/firmware/qcom_scm.h            |   3 +
> > >  include/linux/firmware/qcom/qcom_scm.h |  10 ++
> > >  3 files changed, 235 insertions(+)
> > > 
> > > diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
> > > index 51062d5c7f7b..44dd1857747b 100644
> > > --- a/drivers/firmware/qcom_scm.c
> > > +++ b/drivers/firmware/qcom_scm.c
> > > @@ -1210,6 +1210,228 @@ int qcom_scm_derive_sw_secret(const u8 *wrapped_key, u32 wrapped_key_size,
> > >  }
> > >  EXPORT_SYMBOL(qcom_scm_derive_sw_secret);
> > >  
> > > +/**
> > > + * qcom_scm_generate_ice_key() - Generate a wrapped key for encryption.
> > > + * @longterm_wrapped_key: the wrapped key returned after key generation
> > 
> > "longterm" was long enough that you didn't feel it made sense in the
> > description ;)
> > 
> > Jokes aside, please follow the convention described in:
> > https://www.kernel.org/doc/html/v4.10/process/coding-style.html#naming
> > 
> > "key" or "wrapped_key" sounds sufficient to me.
> 
> The naming I use in my most recent patchset that adds support for
> hardware-wrapped inline encryption keys to the block layer and fscrypt
> (https://lore.kernel.org/linux-block/20221216203636.81491-1-ebiggers@xxxxxxxxxx/),
> which this patchset is based on, is 'lt_key' for a longterm wrapped key and
> 'eph_key' for an ephemerally-wrapped key.
> 

Excellent, using familiar names is good!

Regards,
Bjorn



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux