RE: [EXT] [PATCH v8 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ahmad,

> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
> Sent: Tuesday, April 9, 2024 10:58 PM
> To: Kshitiz Varshney <kshitiz.varshney@xxxxxxx>; David Gstir
> <david@xxxxxxxxxxxxx>; Mimi Zohar <zohar@xxxxxxxxxxxxx>; James
> Bottomley <jejb@xxxxxxxxxxxxx>; Jarkko Sakkinen <jarkko@xxxxxxxxxx>;
> Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>; David S. Miller
> <davem@xxxxxxxxxxxxx>
> Cc: linux-doc@xxxxxxxxxxxxxxx; Gaurav Jain <gaurav.jain@xxxxxxx>; Catalin
> Marinas <catalin.marinas@xxxxxxx>; David Howells
> <dhowells@xxxxxxxxxx>; keyrings@xxxxxxxxxxxxxxx; Fabio Estevam
> <festevam@xxxxxxxxx>; Paul Moore <paul@xxxxxxxxxxxxxx>; Jonathan
> Corbet <corbet@xxxxxxx>; Richard Weinberger <richard@xxxxxx>; Rafael J.
> Wysocki <rafael.j.wysocki@xxxxxxxxx>; James Morris <jmorris@xxxxxxxxx>;
> dl-linux-imx <linux-imx@xxxxxxx>; Serge E. Hallyn <serge@xxxxxxxxxx>;
> Paul E. McKenney <paulmck@xxxxxxxxxx>; Sascha Hauer
> <s.hauer@xxxxxxxxxxxxxx>; Pankaj Gupta <pankaj.gupta@xxxxxxx>; sigma
> star Kernel Team <upstream+dcp@xxxxxxxxxxxxx>; Steven Rostedt (Google)
> <rostedt@xxxxxxxxxxx>; David Oberhollenzer <david.oberhollenzer@sigma-
> star.at>; linux-arm-kernel@xxxxxxxxxxxxxxxxxxx; linuxppc-dev@xxxxxxxxxxxxxxxx;
> Randy Dunlap <rdunlap@xxxxxxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx; Li
> Yang <leoyang.li@xxxxxxx>; linux-security-module@xxxxxxxxxxxxxxx; linux-
> crypto@xxxxxxxxxxxxxxx; Pengutronix Kernel Team <kernel@xxxxxxxxxxxxxx>;
> Tejun Heo <tj@xxxxxxxxxx>; linux-integrity@xxxxxxxxxxxxxxx; Shawn Guo
> <shawnguo@xxxxxxxxxx>; Varun Sethi <V.Sethi@xxxxxxx>
> Subject: Re: [EXT] [PATCH v8 3/6] KEYS: trusted: Introduce NXP DCP-backed
> trusted keys
> 
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
> 
> 
> Hello Kshitiz,
> 
> On 09.04.24 12:54, Kshitiz Varshney wrote:
> > Hi David,
> >> +       b->fmt_version = DCP_BLOB_VERSION;
> >> +       get_random_bytes(b->nonce, AES_KEYSIZE_128);
> >> +       get_random_bytes(b->blob_key, AES_KEYSIZE_128);
> >
> > We can use HWRNG instead of using kernel RNG. Please refer
> > drivers/char/hw_random/imx-rngc.c
> 
> imx-rngc can be enabled and used to seed the kernel entropy pool. Adding
> direct calls into imx-rngc here only introduces duplicated code at no extra
> benefit.
> 
> Cheers,
> Ahmad
> 
> --
> Pengutronix e.K.                           |                             |
> Steuerwalder Str. 21                       |
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.
> pengutronix.de%2F&data=05%7C02%7Ckshitiz.varshney%40nxp.com%7Ce9
> 97f259d34548ad1a9808dc58ba63a8%7C686ea1d3bc2b4c6fa92cd99c5c30
> 1635%7C0%7C0%7C638482804763047266%7CUnknown%7CTWFpbGZsb3
> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
> %3D%7C0%7C%7C%7C&sdata=UZgE9MXqAqCwqVnWty67YLh8QnIwpuq%2
> F7%2BQeDLQhF8I%3D&reserved=0  |
> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Understood.

Regards,
Kshitiz





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux