Re: [PATCH v6 07/17] firmware: qcom: scm: add calls for creating, preparing and importing keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6.09.2024 8:07 PM, Bartosz Golaszewski wrote:
> From: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
> 
> Storage encryption has two IOCTLs for creating, importing and preparing
> keys for encryption. For wrapped keys, these IOCTLs need to interface
> with Qualcomm's Trustzone. Add the following keys:
> 
> generate_key:
>   This is used to generate and return a longterm wrapped key. Trustzone
>   achieves this by generating a key and then wrapping it using the
>   Hawrdware Key Manager (HWKM), returning a wrapped keyblob.
> 
> import_key:
>   The functionality is similar to generate, but here: a raw key is
>   imported into the HWKM and a longterm wrapped keyblob is returned.
> 
> prepare_key:
>   The longterm wrapped key from the import or generate calls is made
>   further secure by rewrapping it with a per-boot, ephemeral wrapped key
>   before installing it in the kernel for programming into ICE.
> 
> Tested-by: Neil Armstrong <neil.armstrong@xxxxxxxxxx>
> Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
> [Bartosz:
>   improve kerneldocs,
>   fix hex values coding style,
>   rewrite commit message]
> Co-developed-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
> ---

same question as patch 6, lgtm otherwise

Konrad




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux