On Fri, May 10, 2024 at 12:18:17PM +0200, Marek Behún wrote:
> Add support for digital message signing with private key stored in the
> MCU. Boards with MKL MCUs have a NIST256p ECDSA private key created
> when manufactured. The private key is not readable from the MCU, but
> MCU allows for signing messages with it and retrieving the public key.
>
> As described in a similar commit 50524d787de3 ("firmware:
> turris-mox-rwtm: support ECDSA signatures via debugfs"):
> The optimal solution would be to register an akcipher provider via
> kernel's crypto API, but crypto API does not yet support accessing
> akcipher API from userspace (and probably won't for some time, see
> https://www.spinics.net/lists/linux-crypto/msg38388.html).
>
> Therefore we add support for accessing this signature generation
> mechanism via debugfs for now, so that userspace can access it.
Having a "real" user/kernel api in debugfs feels wrong here, why would
you not do this properly? On most, if not all, systems, debugfs is
locked down so you do not have access to it, as it is only there for
debugging. So how is a user supposed to use this feature if they can't
get access to it?
And debugfs files can be changed at any time, so how can you ensure that
your new api will always be there?
In other words, please solve this properly, do not just add a hack into
debugfs that no one can use as that is not a good idea.
thanks,
greg k-h
