On Mon, Dec 09, 2024 at 02:35:29PM -0600, Bartosz Golaszewski wrote: > On Mon, 9 Dec 2024 21:15:16 +0100, Eric Biggers <ebiggers@xxxxxxxxxx> said: > > On Mon, Dec 09, 2024 at 04:00:18PM +0100, Bartosz Golaszewski wrote: > >> > >> I haven't gotten to the bottom of this yet but the > >> FS_IOC_ADD_ENCRYPTION_KEY ioctl doesn't work due to the SCM call > >> returning EINVAL. Just FYI. I'm still figuring out what's wrong. > >> > >> Bart > >> > > > > Can you try the following? > > > > diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c > > index 180220d663f8b..36f3ddcb90207 100644 > > --- a/drivers/firmware/qcom/qcom_scm.c > > +++ b/drivers/firmware/qcom/qcom_scm.c > > @@ -1330,11 +1330,11 @@ int qcom_scm_derive_sw_secret(const u8 *eph_key, size_t eph_key_size, > > sw_secret_size, > > GFP_KERNEL); > > if (!sw_secret_buf) > > return -ENOMEM; > > > > - memcpy(eph_key_buf, eph_key_buf, eph_key_size); > > + memcpy(eph_key_buf, eph_key, eph_key_size); > > desc.args[0] = qcom_tzmem_to_phys(eph_key_buf); > > desc.args[1] = eph_key_size; > > desc.args[2] = qcom_tzmem_to_phys(sw_secret_buf); > > desc.args[3] = sw_secret_size; > > > > > > That's better, thanks. Now it's fscryptctl set_policy that fails like this: > > ioctl(3, FS_IOC_SET_ENCRYPTION_POLICY, 0xffffcaf8bb20) = -1 EINVAL > (Invalid argument) > Yes, as I mentioned I decided to drop the new encryption policy flag and go back to just relying on the key. I assume you were using https://github.com/ebiggers/fscryptctl/tree/wip-wrapped-keys? I have pushed out an updated version of that that should work. - Eric
