Hello Matthias, On 13.12.21 12:00, Matthias Schiffer wrote: > On Mon, 2021-10-11 at 12:02 +0200, Ahmad Fatoum wrote: >> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP >> Reviewed-by: David Gstir <david@xxxxxxxxxxxxx> >> Tested-By: Tim Harvey <tharvey@xxxxxxxxxxxxx> >> Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> > > > Tested-by: Matthias Schiffer <matthias.schiffer@xxxxxxxxxxxxxxx> Thanks for testing! Should I add your Tested-by: to the whole series, or only this patch here? > It is unfortunate that this implementation is incompatible with the > "secure keys" feature found in linux-imx, as that would allow upgrading > from linux-imx to mainline kernels in the future without losing access > to keys. I did not follow the discussion of previous versions of this > patch series, but I assume there is some reason why this code is not > aligned with the linux-imx implementation? I don't use the vendor fork, so compatibility with it wasn't a criteria for me. The format used in this series is very straight-forward: Key modifier is kernel:trusted and blob is exactly what's returned by the CAAM. What would you change to make it linux-imx compatible? > Should the kernel emit some kind of warning if CAAM-based trusted keys > are used, but the SoC has not been "closed" (if there is a nice way to > detect that)? As the CAAM is using a common example key instead of the > fused master key when HAB/secure boot are disabled, the kernel would > basically be lying about the keys being trusted in this case. For now, this is pointed out in the documentation. If you have a suggestion on a specific condition we should check and issue a diagnostic on, I can incorporate it. An exhaustive if WARN_ON(!secure()) is impossible, but having some warning for unsuspecting users would indeed be nice. Cheers, Ahmad >> --- >> To: Jonathan Corbet <corbet@xxxxxxx> >> To: David Howells <dhowells@xxxxxxxxxx> >> To: Jarkko Sakkinen <jarkko@xxxxxxxxxx> >> To: James Bottomley <jejb@xxxxxxxxxxxxx> >> To: Mimi Zohar <zohar@xxxxxxxxxxxxx> >> Cc: James Morris <jmorris@xxxxxxxxx> >> Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> >> Cc: "Horia Geantă" <horia.geanta@xxxxxxx> >> Cc: Aymen Sghaier <aymen.sghaier@xxxxxxx> >> Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> >> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> >> Cc: Udit Agarwal <udit.agarwal@xxxxxxx> >> Cc: Eric Biggers <ebiggers@xxxxxxxxxx> >> Cc: Jan Luebbe <j.luebbe@xxxxxxxxxxxxxx> >> Cc: David Gstir <david@xxxxxxxxxxxxx> >> Cc: Richard Weinberger <richard@xxxxxx> >> Cc: Franck LENORMAND <franck.lenormand@xxxxxxx> >> Cc: Sumit Garg <sumit.garg@xxxxxxxxxx> >> Cc: keyrings@xxxxxxxxxxxxxxx >> Cc: linux-crypto@xxxxxxxxxxxxxxx >> Cc: linux-doc@xxxxxxxxxxxxxxx >> Cc: linux-integrity@xxxxxxxxxxxxxxx >> Cc: linux-kernel@xxxxxxxxxxxxxxx >> Cc: linux-security-module@xxxxxxxxxxxxxxx >> --- >> Documentation/admin-guide/kernel-parameters.txt | 1 +- >> Documentation/security/keys/trusted-encrypted.rst | 42 ++++++++- >> MAINTAINERS | 9 ++- >> include/keys/trusted_caam.h | 11 ++- >> security/keys/trusted-keys/Kconfig | 11 +- >> security/keys/trusted-keys/Makefile | 2 +- >> security/keys/trusted-keys/trusted_caam.c | 74 >> ++++++++++++++++- >> security/keys/trusted-keys/trusted_core.c | 6 +- >> 8 files changed, 152 insertions(+), 4 deletions(-) >> create mode 100644 include/keys/trusted_caam.h >> create mode 100644 security/keys/trusted-keys/trusted_caam.c >> >> diff --git a/Documentation/admin-guide/kernel-parameters.txt >> b/Documentation/admin-guide/kernel-parameters.txt >> index d5969452f063..0ed1165e0f55 100644 >> --- a/Documentation/admin-guide/kernel-parameters.txt >> +++ b/Documentation/admin-guide/kernel-parameters.txt >> @@ -5767,6 +5767,7 @@ >> sources: >> - "tpm" >> - "tee" >> + - "caam" >> If not specified then it defaults to iterating >> through >> the trust source list starting with TPM and >> assigns the >> first trust source as a backend which is >> initialized >> diff --git a/Documentation/security/keys/trusted-encrypted.rst >> b/Documentation/security/keys/trusted-encrypted.rst >> index 1d4b4b8f12f0..ad66573ca6fd 100644 >> --- a/Documentation/security/keys/trusted-encrypted.rst >> +++ b/Documentation/security/keys/trusted-encrypted.rst >> @@ -35,6 +35,13 @@ safe. >> Rooted to Hardware Unique Key (HUK) which is generally >> burnt in on-chip >> fuses and is accessible to TEE only. >> >> + (3) CAAM (Cryptographic Acceleration and Assurance Module: IP >> on NXP SoCs) >> + >> + When High Assurance Boot (HAB) is enabled and the CAAM is >> in secure >> + mode, trust is rooted to the OTPMK, a never-disclosed 256- >> bit key >> + randomly generated and fused into each SoC at manufacturing >> time. >> + Otherwise, a common fixed test key is used instead. >> + >> * Execution isolation >> >> (1) TPM >> @@ -46,6 +53,10 @@ safe. >> Customizable set of operations running in isolated >> execution >> environment verified via Secure/Trusted boot process. >> >> + (3) CAAM >> + >> + Fixed set of operations running in isolated execution >> environment. >> + >> * Optional binding to platform integrity state >> >> (1) TPM >> @@ -63,6 +74,11 @@ safe. >> Relies on Secure/Trusted boot process for platform >> integrity. It can >> be extended with TEE based measured boot process. >> >> + (3) CAAM >> + >> + Relies on the High Assurance Boot (HAB) mechanism of NXP >> SoCs >> + for platform integrity. >> + >> * Interfaces and APIs >> >> (1) TPM >> @@ -74,10 +90,13 @@ safe. >> TEEs have well-documented, standardized client interface >> and APIs. For >> more details refer to ``Documentation/staging/tee.rst``. >> >> + (3) CAAM >> + >> + Interface is specific to silicon vendor. >> >> * Threat model >> >> - The strength and appropriateness of a particular TPM or TEE for >> a given >> + The strength and appropriateness of a particular trust source >> for a given >> purpose must be assessed when using them to protect security- >> relevant data. >> >> >> @@ -104,8 +123,14 @@ selected trust source: >> from platform specific hardware RNG or a software based Fortuna >> CSPRNG >> which can be seeded via multiple entropy sources. >> >> + * CAAM: Kernel RNG >> + >> + The normal kernel random number generator is used. To seed it >> from the >> + CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure the >> device >> + can be probed. >> + >> Optionally, users may specify ``trusted.kernel_rng=1`` on the kernel >> -command-line to override the used RNG with the kernel's random >> number pool. >> +command-line to force use of the kernel's random number pool. >> >> Encrypted Keys >> -------------- >> @@ -192,6 +217,19 @@ Usage:: >> specific to TEE device implementation. The key length for new keys >> is always >> in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits). >> >> +Trusted Keys usage: CAAM >> +------------------------ >> + >> +Usage:: >> + >> + keyctl add trusted name "new keylen" ring >> + keyctl add trusted name "load hex_blob" ring >> + keyctl print keyid >> + >> +"keyctl print" returns an ASCII hex copy of the sealed key, which is >> in format >> +specific to CAAM device implementation. The key length for new keys >> is always >> +in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits). >> + >> Encrypted Keys usage >> -------------------- >> >> diff --git a/MAINTAINERS b/MAINTAINERS >> index a4a0c2baaf27..2c6514759222 100644 >> --- a/MAINTAINERS >> +++ b/MAINTAINERS >> @@ -10364,6 +10364,15 @@ S: Supported >> F: include/keys/trusted_tee.h >> F: security/keys/trusted-keys/trusted_tee.c >> >> +KEYS-TRUSTED-CAAM >> +M: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> >> +R: Pengutronix Kernel Team <kernel@xxxxxxxxxxxxxx> >> +L: linux-integrity@xxxxxxxxxxxxxxx >> +L: keyrings@xxxxxxxxxxxxxxx >> +S: Supported >> +F: include/keys/trusted_caam.h >> +F: security/keys/trusted-keys/trusted_caam.c >> + >> KEYS/KEYRINGS >> M: David Howells <dhowells@xxxxxxxxxx> >> M: Jarkko Sakkinen <jarkko@xxxxxxxxxx> >> diff --git a/include/keys/trusted_caam.h >> b/include/keys/trusted_caam.h >> new file mode 100644 >> index 000000000000..2fba0996b0b0 >> --- /dev/null >> +++ b/include/keys/trusted_caam.h >> @@ -0,0 +1,11 @@ >> +/* SPDX-License-Identifier: GPL-2.0-only */ >> +/* >> + * Copyright (C) 2021 Pengutronix, Ahmad Fatoum < >> kernel@xxxxxxxxxxxxxx> >> + */ >> + >> +#ifndef __CAAM_TRUSTED_KEY_H >> +#define __CAAM_TRUSTED_KEY_H >> + >> +extern struct trusted_key_ops caam_trusted_key_ops; >> + >> +#endif >> diff --git a/security/keys/trusted-keys/Kconfig >> b/security/keys/trusted-keys/Kconfig >> index fc4abd581abb..dbfdd8536468 100644 >> --- a/security/keys/trusted-keys/Kconfig >> +++ b/security/keys/trusted-keys/Kconfig >> @@ -24,6 +24,15 @@ config TRUSTED_KEYS_TEE >> Enable use of the Trusted Execution Environment (TEE) as >> trusted >> key backend. >> >> -if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE >> +config TRUSTED_KEYS_CAAM >> + bool "CAAM-based trusted keys" >> + depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS >> + select CRYPTO_DEV_FSL_CAAM_BLOB_GEN >> + default y >> + help >> + Enable use of NXP's Cryptographic Accelerator and Assurance >> Module >> + (CAAM) as trusted key backend. >> + >> +if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM >> comment "No trust source selected!" >> endif >> diff --git a/security/keys/trusted-keys/Makefile >> b/security/keys/trusted-keys/Makefile >> index 2e2371eae4d5..735aa0bc08ef 100644 >> --- a/security/keys/trusted-keys/Makefile >> +++ b/security/keys/trusted-keys/Makefile >> @@ -12,3 +12,5 @@ trusted-$(CONFIG_TRUSTED_KEYS_TPM) += >> trusted_tpm2.o >> trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o >> >> trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o >> + >> +trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o >> diff --git a/security/keys/trusted-keys/trusted_caam.c >> b/security/keys/trusted-keys/trusted_caam.c >> new file mode 100644 >> index 000000000000..01adfd18adda >> --- /dev/null >> +++ b/security/keys/trusted-keys/trusted_caam.c >> @@ -0,0 +1,74 @@ >> +// SPDX-License-Identifier: GPL-2.0-only >> +/* >> + * Copyright (C) 2021 Pengutronix, Ahmad Fatoum < >> kernel@xxxxxxxxxxxxxx> >> + */ >> + >> +#include <keys/trusted_caam.h> >> +#include <keys/trusted-type.h> >> +#include <linux/build_bug.h> >> +#include <linux/key-type.h> >> +#include <soc/fsl/caam-blob.h> >> + >> +static struct caam_blob_priv *blobifier; >> + >> +#define KEYMOD "kernel:trusted" >> + >> +static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= >> CAAM_BLOB_MAX_LEN); >> +static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN); >> + >> +static int trusted_caam_seal(struct trusted_key_payload *p, char >> *datablob) >> +{ >> + int length = p->key_len + CAAM_BLOB_OVERHEAD; >> + int ret; >> + >> + ret = caam_encap_blob(blobifier, KEYMOD, p->key, p->blob, >> length); >> + if (ret) >> + return ret; >> + >> + p->blob_len = length; >> + return 0; >> +} >> + >> +static int trusted_caam_unseal(struct trusted_key_payload *p, char >> *datablob) >> +{ >> + int length = p->blob_len; >> + int ret; >> + >> + ret = caam_decap_blob(blobifier, KEYMOD, p->blob, p->key, >> length); >> + if (ret) >> + return ret; >> + >> + p->key_len = length - CAAM_BLOB_OVERHEAD; >> + return 0; >> +} >> + >> +static int trusted_caam_init(void) >> +{ >> + int ret; >> + >> + blobifier = caam_blob_gen_init(); >> + if (IS_ERR(blobifier)) { >> + pr_err("Job Ring Device allocation for transform >> failed\n"); >> + return PTR_ERR(blobifier); >> + } >> + >> + ret = register_key_type(&key_type_trusted); >> + if (ret) >> + caam_blob_gen_exit(blobifier); >> + >> + return ret; >> +} >> + >> +static void trusted_caam_exit(void) >> +{ >> + unregister_key_type(&key_type_trusted); >> + caam_blob_gen_exit(blobifier); >> +} >> + >> +struct trusted_key_ops caam_trusted_key_ops = { >> + .migratable = 0, /* non-migratable */ >> + .init = trusted_caam_init, >> + .seal = trusted_caam_seal, >> + .unseal = trusted_caam_unseal, >> + .exit = trusted_caam_exit, >> +}; >> diff --git a/security/keys/trusted-keys/trusted_core.c >> b/security/keys/trusted-keys/trusted_core.c >> index d2b7626cde8b..305e44651180 100644 >> --- a/security/keys/trusted-keys/trusted_core.c >> +++ b/security/keys/trusted-keys/trusted_core.c >> @@ -9,6 +9,7 @@ >> #include <keys/user-type.h> >> #include <keys/trusted-type.h> >> #include <keys/trusted_tee.h> >> +#include <keys/trusted_caam.h> >> #include <keys/trusted_tpm.h> >> #include <linux/capability.h> >> #include <linux/err.h> >> @@ -29,7 +30,7 @@ MODULE_PARM_DESC(kernel_rng, "Generate key material >> from kernel RNG"); >> >> static char *trusted_key_source; >> module_param_named(source, trusted_key_source, charp, 0); >> -MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)"); >> +MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or >> caam)"); >> >> static const struct trusted_key_source trusted_key_sources[] = { >> #if defined(CONFIG_TRUSTED_KEYS_TPM) >> @@ -38,6 +39,9 @@ static const struct trusted_key_source >> trusted_key_sources[] = { >> #if defined(CONFIG_TRUSTED_KEYS_TEE) >> { "tee", &trusted_key_tee_ops }, >> #endif >> +#if defined(CONFIG_TRUSTED_KEYS_CAAM) >> + { "caam", &caam_trusted_key_ops }, >> +#endif >> }; >> >> DEFINE_STATIC_CALL_NULL(trusted_key_init, >> *trusted_key_sources[0].ops->init); > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |