Hello Jarkko, On 16.03.21 20:22, Jarkko Sakkinen wrote: > On Tue, Mar 16, 2021 at 06:01:18PM +0100, Ahmad Fatoum wrote: >> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP core >> built into many newer i.MX and QorIQ SoCs by NXP. >> >> The CAAM does crypto acceleration, hardware number generation and >> has a blob mechanism for encapsulation/decapsulation of sensitive material. >> >> This blob mechanism depends on a device specific random 256-bit One Time >> Programmable Master Key that is fused in each SoC at manufacturing >> time. This key is unreadable and can only be used by the CAAM for AES >> encryption/decryption of user data. >> >> This makes it a suitable backend (source) for kernel trusted keys. >> >> Previous commits generalized trusted keys to support multiple backends >> and added an API to access the CAAM blob mechanism. Based on these, >> provide the necessary glue to use the CAAM for trusted keys. >> >> Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> > Too early to ack, as I've not included the TEE thing to any PR yet. No problem. I'd be happy to incorporate the feedback I receive in the meantime. Cheers, Ahmad -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
