Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



James,

----- Ursprüngliche Mail -----
> Von: "James Bottomley" <jejb@xxxxxxxxxxxxx>
> Well, yes.  For the TPM, there's a defined ASN.1 format for the keys:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/tree/tpm2-asn.h
> 
> and part of the design of the file is that it's distinguishable either
> in DER or PEM (by the guards) format so any crypto application can know
> it's dealing with a TPM key simply by inspecting the file.  I think you
> need the same thing for CAAM and any other format.
> 
> We're encouraging new ASN.1 formats to be of the form
> 
> SEQUENCE {
>    type   OBJECT IDENTIFIER
>    ... key specific fields ...
> }
> 
> Where you choose a defined OID to represent the key and that means
> every key even in DER form begins with a unique binary signature.

I like this idea.
Ahmad, what do you think?

That way we could also get rid off the kernel parameter and all the fall back logic,
given that we find a way to reliable detect TEE blobs too...

Thanks,
//richard



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux