RE: [EXT] Re: [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to the tfm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Sent: Wednesday, September 7, 2022 12:56 PM
> To: Pankaj Gupta <pankaj.gupta@xxxxxxx>
> Cc: jarkko@xxxxxxxxxx; a.fatoum@xxxxxxxxxxxxxx; Jason@xxxxxxxxx;
> jejb@xxxxxxxxxxxxx; zohar@xxxxxxxxxxxxx; dhowells@xxxxxxxxxx;
> sumit.garg@xxxxxxxxxx; david@xxxxxxxxxxxxx; michael@xxxxxxxx;
> john.ernberg@xxxxxxxx; jmorris@xxxxxxxxx; serge@xxxxxxxxxx;
> davem@xxxxxxxxxxxxx; j.luebbe@xxxxxxxxxxxxxx; ebiggers@xxxxxxxxxx;
> richard@xxxxxx; keyrings@xxxxxxxxxxxxxxx; linux-crypto@xxxxxxxxxxxxxxx;
> linux-integrity@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; linux-
> security-module@xxxxxxxxxxxxxxx; Sahil Malhotra
> <sahil.malhotra@xxxxxxx>; Kshitiz Varshney <kshitiz.varshney@xxxxxxx>;
> Horia Geanta <horia.geanta@xxxxxxx>; Varun Sethi <V.Sethi@xxxxxxx>
> Subject: Re: [EXT] Re: [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk
> added to the tfm
> 
> Caution: EXT Email
> 
> On Wed, Sep 07, 2022 at 07:22:42AM +0000, Pankaj Gupta wrote:
> >
> > Current support, does not permit the hardware to support both types of
> keys: HBK & Plain Key, at the same time.
> >
> > This change is generic and permit any driver that supports both- HBK and
> plain-key, to differentiate and use the keys accordingly.
> 
> Existing drivers simply register hardware keys under a different algorithm
> name, there is no reason why they can't coexist with a plain key.
> 

Thanks for the comments.

Intention is to only secure the key buffer, at run-time.
Not to change the working of the crypto algorithm. Algorithm would be working exactly same for plain and HBK.

There are 3rd party IP(s), which uses kernel for crypto-algorithm's operations.
Modifying the algorithm name in these IP(s), is not always allowed or easy to maintain.

While, this patch-set allows to use the same algorithm name, 
and hence prevents any changes required to the user(3rd Party IPs) of kernel crypto layer.

Regards,

> Cheers,
> --
> Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page:
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo
> r.apana.org.au%2F~herbert%2F&amp;data=05%7C01%7Cpankaj.gupta%40nx
> p.com%7C9bc412605fa243702f3a08da90a2602c%7C686ea1d3bc2b4c6fa92cd9
> 9c5c301635%7C0%7C0%7C637981324324251974%7CUnknown%7CTWFpbGZs
> b3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn
> 0%3D%7C3000%7C%7C%7C&amp;sdata=b1ImbcEMa9jticFU7yrpwHXuuQEog
> KLrjuiE%2FFpcYyA%3D&amp;reserved=0
> PGP Key:
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo
> r.apana.org.au%2F~herbert%2Fpubkey.txt&amp;data=05%7C01%7Cpankaj.g
> upta%40nxp.com%7C9bc412605fa243702f3a08da90a2602c%7C686ea1d3bc2b
> 4c6fa92cd99c5c301635%7C0%7C0%7C637981324324251974%7CUnknown%7C
> TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL
> CJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=cP4js5Q0QPBJfvlrYDi0j6R
> IGFpqHtJOSa9C7YC2IXM%3D&amp;reserved=0




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux