Hardware Bound key(HBK), is never acessible as plain key outside of the hardware boundary. Thus, it is un-usable, even if somehow fetched from kernel memory. It ensures run-time security. This patchset adds generic support for classing the Hardware Bound Key, based on: - Newly added flag-'is_hbk', added to the tfm. Consumer of the kernel crypto api, after allocating the transformation, sets this flag based on the basis of the type of key consumer has. - This helps to influence the core processing logic for the encapsulated algorithm. - This flag is set by the consumer after allocating the tfm and before calling the function crypto_xxx_setkey(). First implementation is based on CAAM. NXP built CAAM IP is the Cryptographic Acceleration and Assurance Module. This is contain by the i.MX and QorIQ SoCs by NXP. CAAM is a suitable backend (source) for kernel trusted keys. This backend source can be used for run-time security as well by generating the hardware bound key. Along with plain key, the CAAM generates black key. A black key is an encrypted key, which can only be decrypted inside CAAM. Hence, CAAM's black key can only be used by CAAM. Thus it is declared as a hardware bound key. Pankaj Gupta (8): keys-trusted: new cmd line option added hw-bound-key: flag-is_hbk added to the tfm sk_cipher: checking for hw bound operation keys-trusted: re-factored caam based trusted key caam blob-gen: moving blob_priv to caam_drv_private KEYS: trusted: caam based black key caam alg: symmetric key ciphers are updated dm-crypt: consumer-app setting the flag-is_hbk crypto/skcipher.c | 3 +- drivers/crypto/caam/blob_gen.c | 242 ++++++++++++++++++++-- drivers/crypto/caam/caamalg.c | 37 +++- drivers/crypto/caam/caamalg_desc.c | 8 +- drivers/crypto/caam/desc.h | 8 +- drivers/crypto/caam/desc_constr.h | 6 +- drivers/crypto/caam/intern.h | 6 +- drivers/md/dm-crypt.c | 6 +- include/keys/trusted-type.h | 2 + include/linux/crypto.h | 2 + include/soc/fsl/caam-blob.h | 44 ++-- security/keys/trusted-keys/trusted_caam.c | 6 + security/keys/trusted-keys/trusted_core.c | 14 ++ 13 files changed, 333 insertions(+), 51 deletions(-) -- 2.17.1
