On 06/02/2015 09:11 PM, Herbert Xu wrote:
On Tue, Jun 02, 2015 at 01:57:28PM -0500, Jay Monkman wrote:
I have another question. The DCP (and other crypto accelerators on
other SOCs) supports key slots - basically write only RAM that's
used to store keys so they can be used for encrypt/decrypt
operations. DCP supports 4 key slots, other devices have different
numbers. Do you have any suggestion for how to add support for
something like that to the driver?
So these would allow faster switching of keys I presume?
That would be one use, but a more likely use would be to prevent access
to the keys. A system could write keys to the key slots in the
bootloader or in a TrustZone secure world. Then those keys could be used
for crypto operations in Linux without ever exposing them. Key slots can
be written to, but cannot be read from.
Even with keys stored in key slots, other keys may be used. For example,
someone could do:
operation w/ key in slot 1
operation w/ key provided in descriptor
operation w/ key in slot 1
I don't think an LRU scheme would allow something like that.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
