On 6.09.2024 8:07 PM, Bartosz Golaszewski wrote: > From: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx> > > Storage encryption has two IOCTLs for creating, importing and preparing > keys for encryption. For wrapped keys, these IOCTLs need to interface > with Qualcomm's Trustzone. Add the following keys: > > generate_key: > This is used to generate and return a longterm wrapped key. Trustzone > achieves this by generating a key and then wrapping it using the > Hawrdware Key Manager (HWKM), returning a wrapped keyblob. > > import_key: > The functionality is similar to generate, but here: a raw key is > imported into the HWKM and a longterm wrapped keyblob is returned. > > prepare_key: > The longterm wrapped key from the import or generate calls is made > further secure by rewrapping it with a per-boot, ephemeral wrapped key > before installing it in the kernel for programming into ICE. > > Tested-by: Neil Armstrong <neil.armstrong@xxxxxxxxxx> > Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx> > [Bartosz: > improve kerneldocs, > fix hex values coding style, > rewrite commit message] > Co-developed-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> > Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> > --- same question as patch 6, lgtm otherwise Konrad
