On Mon, Oct 11, 2021 at 12:02:37PM +0200, Ahmad Fatoum wrote: > The CAAM can be used to protect user-defined data across system reboot: > > - When the system is fused and boots into secure state, the master > key is a unique never-disclosed device-specific key > - random key is encrypted by key derived from master key > - data is encrypted using the random key > - encrypted data and its encrypted random key are stored alongside > - This blob can now be safely stored in non-volatile memory > > On next power-on: > - blob is loaded into CAAM > - CAAM writes decrypted data either into memory or key register > > Add functions to realize encrypting and decrypting into memory alongside > the CAAM driver. > > They will be used in a later commit as a source for the trusted key > seal/unseal mechanism. > > Reviewed-by: David Gstir <david@xxxxxxxxxxxxx> > Tested-By: Tim Harvey <tharvey@xxxxxxxxxxxxx> > Signed-off-by: Steffen Trumtrar <s.trumtrar@xxxxxxxxxxxxxx> > Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> What is CAAM? This is missing. /Jarkko
