On Wed, 2016-01-27 at 11:04 +0100, Steffen Trumtrar wrote: > Hi! > > Mimi Zohar writes: > > > On Mon, 2015-11-09 at 16:18 +0100, Steffen Trumtrar wrote: > >> Hi! > >> > >> The RFC Patch attached after this cover letter is mostly for illustration > >> purposes, so please don't waste too much time reviewing the code ;-) > >> > >> For context I'll try to describe the problem that this patch tries to solve. > >> > >> I need to be able to boot an EVM signed (and dongled) rootfs. The CAAM on > >> the i.MX6 has support for an OTP key and can en/decrypt data. > >> It also has a feature for generating red blobs: basically a chunk of data, > >> that is encrypted with the OTP key, which can be saved on some medium as a > >> secret to decrypt the EVM HMAC secret for one specific device. > >> > >> To open the rootfs, the secret is handed from the bootloader to the kernel > >> as a base64 encoded string via the cmdline to an initramfs. > >> In the initramfs the sysfs file "modifier" is set to something starting with > >> "kernel:evm" and the base64 string is written to the sysfs file "blob". > >> The CAAM than decodes the red blob and, in case of "kernel:evm", initializes > >> the EVM or otherwise writes the result to "payload" if the modifier starts > >> with "user:". Therefore a blob that was generated for EVM never leaves the > >> kernel on decryption. > >> Generation of blobs goes like: echoing "modifier" to something and echoing > >> the payload to "payload". The red blob can than be read from "blob". > >> > >> > >> So, the sysfs interface is not the best option, I guess. The question is: > >> What is the right approach for a setup like this? > >> I need to: > >> - be able to encrypt the secret and store it somewhere > >> - to load the stored secret and decrypt it later > >> - initialize IMA/EVM with the secret > >> > >> Would something like > >> - security/keys/encrypted-keys/encrypted.c > >> be the correct approach? > > > > Instead of using the CAAM for OTP encrypting/decrypting, can it be used > > to load the EVM key directly? Dmitry's patches, which will be > > upstreamed in 4.5 > > > https://git.kernel.org/cgit/linux/kernel/git/zohar/linux-integrity.git/log/?h=for-next-4.5? adds support for a crypto device to directly load the EVM key. > > > > The patches look good and I use them for loading the EVM key from the > CAAM driver. But I still need the OTP decryption functionality. > The key data that I hand to evm_set_key must be device specific but I > don't want to use the fused OTP in the CAAM directly. > The OTP is used to protect multiple random keys. Therefore I need to > generate encrypted blobs that I can store on some unsecure memory > (EEPROM, NAND,...) and be able to hand that later back to the CAAM > module, to then get back an IMA/EVM, ecryptfs, $something key. > > > FYI, the EVM key is an encrypted key, which encrypts/decrypts either a > > trusted or user type key. > > > So the normal approach would be to have a key in the kernel keyring > and decrypt it with the key loaded with evm_set_key? Sorry, I should have said the encrypted key is encrypted/decrypted using the trusted or user type key. > Can I somehow use the keyring framework as an abstraction around my > blobbing/deblobbing functionality? > So that the "keyring" calls into the crypto driver to decrypt the data > and uses the crypto driver to encrypt the keys when I want to "dump" > them? Definitely. It sounds like you want the equivalent functionality as the TPM based trusted keys using OTP on the CAAM. >From Documentation/security/keys-trusted-encrypted.txt: "Trusted Keys use a TPM both to generate and to seal the keys. Keys are sealed under a 2048 bit RSA key in the TPM, and optionally sealed to specified PCR (integrity measurement) values, and only unsealed by the TPM, if PCRs and blob integrity verifications match." Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html