Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2021-03-23 at 17:35 +0100, Ahmad Fatoum wrote:
> Hello Horia,
> 
> On 21.03.21 21:48, Horia Geantă wrote:
> > On 3/16/2021 7:02 PM, Ahmad Fatoum wrote:
> > [...]
> >> +struct trusted_key_ops caam_trusted_key_ops = {
> >> +	.migratable = 0, /* non-migratable */
> >> +	.init = trusted_caam_init,
> >> +	.seal = trusted_caam_seal,
> >> +	.unseal = trusted_caam_unseal,
> >> +	.exit = trusted_caam_exit,
> >> +};
> > caam has random number generation capabilities, so it's worth using that
> > by implementing .get_random.
> 
> If the CAAM HWRNG is already seeding the kernel RNG, why not use the kernel's?
> 
> Makes for less code duplication IMO.

Using kernel RNG, in general, for trusted keys has been discussed
before.   Please refer to Dave Safford's detailed explanation for not
using it [1].

thanks,

Mimi

[1] 
https://lore.kernel.org/linux-integrity/BCA04D5D9A3B764C9B7405BBA4D4A3C035F2A38B@xxxxxxxxxxxxxxxxxxxxxxxx/
 




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux