RFC: turris_mox secure firmware driver: should this be a crypto driver?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Crypto folks,

I am writing a driver to handle the communication with the firmware
running on the secure processor of the Turris Mox router.
I already sent first version of patches to add the needed mailbox
driver.
I do not know where exactly in kernel should this driver reside, so I
am writing this to explain what functionality this driver shall provide
and kindly ask you people to advise me where to put it in the kernel.

The functionality the Secure Processor (SP) firmware provides:
 - HW true random number generator
 - reading device serial number and other manufacturing information
 - signing messages with HW accelerated ECDSA with private key stored
   in the One-Time Programmable memory (OTP) of the SP, in rows
   that are readable only by the HW Crypto accelerator of the SP. The
   private key is generated at manufacturing time from entropy
   generated by the true random number generator

In the future the SP firmware could also provide other features, for
example:
 - signing and verifying ECDSA/RSA messages with keys given from
   userspace - akcipher api can be used to implement this in the
   future, and because of this I was thinking if I should provide the
   signing of messages with the OTP key via the akcipher API as well
   (if all-zeros key is given as private key, the OTP key would be
   used instead)
 - HW accelerated hashing (although this is also provided by the
   inside-secure crypto accelerator which is also on the SOC and is
   probably faster. Hashing by the SP accelerator could be used in
   u-boot, though (it is simpler to implement and the driver would be
   much smaller))
 - HW accelerated AES (also probably faster via the inside-secure
   accelerator)
 - reading/writing OTP rows reserved for end-users

My current implementation, which is very dirty and certainly not
upstreamable, can be viewed on our gitlab [1]. The driver implements
hw_random generator and reading serial number, public key and other
information from sysfs. Singing messages with the ECDSA private key is
done by writing the message to a sysfs file and then reading the
signature from the same file.

Please let me know if you have any tips for how to implement these
features properly.

Thank you.

Marek

[1]
https://gitlab.labs.nic.cz/turris/mox-kernel/blob/master/drivers/crypto/turris-mox-rwtm.c
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux