On Fri, Sep 13, 2024 at 12:58:21PM +0200, Tomas Paukrt wrote: > Add an option to enable user-space access to cbc(paes) and ecb(paes) > cipher algorithms via AF_ALG. > > Signed-off-by: Tomas Paukrt <tomaspaukrt@xxxxxxxx> > --- > drivers/crypto/Kconfig | 13 +++++++++++++ > drivers/crypto/mxs-dcp.c | 8 ++++++++ > 2 files changed, 21 insertions(+) > > diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig > index 94f23c6..4637c6f 100644 > --- a/drivers/crypto/Kconfig > +++ b/drivers/crypto/Kconfig > @@ -460,6 +460,19 @@ config CRYPTO_DEV_MXS_DCP > To compile this driver as a module, choose M here: the module > will be called mxs-dcp. > > +config CRYPTO_DEV_MXS_DCP_USER_PAES > + bool "Enable user-space access to AES with hardware-bound keys" > + depends on CRYPTO_DEV_MXS_DCP && CRYPTO_USER_API_SKCIPHER > + default n > + help > + Say Y to enable user-space access to cbc(paes) and ecb(paes) > + cipher algorithms via AF_ALG. > + > + In scenarios with untrustworthy users-pace, this may enable > + decryption of sensitive information. > + > + If unsure, say N. > + Why not just expose it uncondtionally? Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
