On Fri, May 10, 2024 at 01:31:58PM +0200, Marek Behún wrote: > On Fri, 10 May 2024 11:52:56 +0100 > Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > On Fri, May 10, 2024 at 12:18:17PM +0200, Marek Behún wrote: > > > Add support for digital message signing with private key stored in the > > > MCU. Boards with MKL MCUs have a NIST256p ECDSA private key created > > > when manufactured. The private key is not readable from the MCU, but > > > MCU allows for signing messages with it and retrieving the public key. > > > > > > As described in a similar commit 50524d787de3 ("firmware: > > > turris-mox-rwtm: support ECDSA signatures via debugfs"): > > > The optimal solution would be to register an akcipher provider via > > > kernel's crypto API, but crypto API does not yet support accessing > > > akcipher API from userspace (and probably won't for some time, see > > > https://www.spinics.net/lists/linux-crypto/msg38388.html). > > > > > > Therefore we add support for accessing this signature generation > > > mechanism via debugfs for now, so that userspace can access it. > > > > Having a "real" user/kernel api in debugfs feels wrong here, why would > > you not do this properly? On most, if not all, systems, debugfs is > > locked down so you do not have access to it, as it is only there for > > debugging. So how is a user supposed to use this feature if they can't > > get access to it? > > > > And debugfs files can be changed at any time, so how can you ensure that > > your new api will always be there? > > > > In other words, please solve this properly, do not just add a hack into > > debugfs that no one can use as that is not a good idea. > > Hi Greg, > > this is the same thing we discussed 5 years ago, I wanted to implement > it via crypto's akcipher, but was refused due to > https://www.spinics.net/lists/linux-crypto/msg38388.html > > I've then exposed this via debugfs in the turris-mox-rwtm driver 4 > years ago, and we have supported this in our utility scripts, with the > plan that to reimplement it in the kernel via the correct ABI once > akcipher (or other ABI) is available to userspace, but AFAIK after 5 > years this is still not the case :-( > > If not debugfs and not akcipher, another option is to expose this via > sysfs, but that also doesn't seem right, and if I recall correctly you > also disapproved of this 5 years ago. Yeah, sysfs is not ok for this either. > The last option would be to create another device, something like > /dev/turris-crypto for this. I wanted to avoid that and wait for > akcipher to be exposed do crypto since another /dev device must be > supported forever, while debugfs implementation can be removed once > this is supported via standardized ABI. > > Do you have any suggestions? Not really, I can't see the link above (no internet connection right now) but this should just be fixed properly at the crypto subsystem instead of these horrible debugfs hacks. thanks, greg k-h