Re: [PATCH v6 07/17] firmware: qcom: scm: add calls for creating, preparing and importing keys
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: Bartosz Golaszewski <brgl@xxxxxxxx>, Jens Axboe <axboe@xxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Alasdair Kergon <agk@xxxxxxxxxx>, Mike Snitzer <snitzer@xxxxxxxxxx>, Mikulas Patocka <mpatocka@xxxxxxxxxx>, Adrian Hunter <adrian.hunter@xxxxxxxxx>, Asutosh Das <quic_asutoshd@xxxxxxxxxxx>, Ritesh Harjani <ritesh.list@xxxxxxxxx>, Ulf Hansson <ulf.hansson@xxxxxxxxxx>, Alim Akhtar <alim.akhtar@xxxxxxxxxxx>, Avri Altman <avri.altman@xxxxxxx>, Bart Van Assche <bvanassche@xxxxxxx>, "James E.J. Bottomley" <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>, Eric Biggers <ebiggers@xxxxxxxxxx>, "Theodore Y. Ts'o" <tytso@xxxxxxx>, Jaegeuk Kim <jaegeuk@xxxxxxxxxx>, Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>, Christian Brauner <brauner@xxxxxxxxxx>, Jan Kara <jack@xxxxxxx>, Bjorn Andersson <andersson@xxxxxxxxxx>, Konrad Dybcio <konradybcio@xxxxxxxxxx>, Manivannan Sadhasivam <manivannan.sadhasivam@xxxxxxxxxx>, Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx>, Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>, Neil Armstrong <neil.armstrong@xxxxxxxxxx>
- Subject: Re: [PATCH v6 07/17] firmware: qcom: scm: add calls for creating, preparing and importing keys
- From: Konrad Dybcio <konradybcio@xxxxxxxxxx>
- Date: Mon, 9 Sep 2024 13:24:15 +0200
- In-reply-to: <20240906-wrapped-keys-v6-7-d59e61bc0cb4@linaro.org>
- References: <20240906-wrapped-keys-v6-0-d59e61bc0cb4@linaro.org> <20240906-wrapped-keys-v6-7-d59e61bc0cb4@linaro.org>
- User-agent: Mozilla Thunderbird
On 6.09.2024 8:07 PM, Bartosz Golaszewski wrote:
> From: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
>
> Storage encryption has two IOCTLs for creating, importing and preparing
> keys for encryption. For wrapped keys, these IOCTLs need to interface
> with Qualcomm's Trustzone. Add the following keys:
>
> generate_key:
> This is used to generate and return a longterm wrapped key. Trustzone
> achieves this by generating a key and then wrapping it using the
> Hawrdware Key Manager (HWKM), returning a wrapped keyblob.
>
> import_key:
> The functionality is similar to generate, but here: a raw key is
> imported into the HWKM and a longterm wrapped keyblob is returned.
>
> prepare_key:
> The longterm wrapped key from the import or generate calls is made
> further secure by rewrapping it with a per-boot, ephemeral wrapped key
> before installing it in the kernel for programming into ICE.
>
> Tested-by: Neil Armstrong <neil.armstrong@xxxxxxxxxx>
> Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
> [Bartosz:
> improve kerneldocs,
> fix hex values coding style,
> rewrite commit message]
> Co-developed-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
> ---
same question as patch 6, lgtm otherwise
Konrad
[Index of Archives]
[linux Cryptography]
[Asterisk App Development]
[PJ SIP]
[Gnu Gatekeeper]
[IETF Sipping]
[Info Cyrus]
[ALSA User]
[Fedora Linux Users]
[Linux SCTP]
[DCCP]
[Gimp]
[Yosemite News]
[Deep Creek Hot Springs]
[Yosemite Campsites]
[ISDN Cause Codes]
