RE: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Sent: Tuesday, October 11, 2022 2:34 PM
> To: Jason A. Donenfeld <Jason@xxxxxxxxx>
> Cc: Pankaj Gupta <pankaj.gupta@xxxxxxx>; jarkko@xxxxxxxxxx;
> a.fatoum@xxxxxxxxxxxxxx; gilad@xxxxxxxxxxxxx; jejb@xxxxxxxxxxxxx;
> zohar@xxxxxxxxxxxxx; dhowells@xxxxxxxxxx; sumit.garg@xxxxxxxxxx;
> david@xxxxxxxxxxxxx; michael@xxxxxxxx; john.ernberg@xxxxxxxx;
> jmorris@xxxxxxxxx; serge@xxxxxxxxxx; davem@xxxxxxxxxxxxx;
> j.luebbe@xxxxxxxxxxxxxx; ebiggers@xxxxxxxxxx; richard@xxxxxx;
> keyrings@xxxxxxxxxxxxxxx; linux-crypto@xxxxxxxxxxxxxxx; linux-
> integrity@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; linux-security-
> module@xxxxxxxxxxxxxxx; Sahil Malhotra <sahil.malhotra@xxxxxxx>; Kshitiz
> Varshney <kshitiz.varshney@xxxxxxx>; Horia Geanta
> <horia.geanta@xxxxxxx>; Varun Sethi <V.Sethi@xxxxxxx>
> Subject: Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the
> tfm
> 
> Caution: EXT Email
> 
> On Mon, Oct 10, 2022 at 09:15:48AM -0600, Jason A. Donenfeld wrote:
> >
> > Do you mean to say that other drivers that use hardware-backed keys do
> > so by setting "cra_name" to something particular? Like instead of "aes"
> > it'd be "aes-but-special-for-this-driver"? If so, that would seem to
> > break the design of the crypto API. Which driver did you see that does
> > this? Or perhaps, more generally, what are the drivers that Herbert is
> > talking about when he mentions the "plenty of existing drivers" that
> > already do this?
> 
> Grep for paes for the existing drivers that support this.  I don't have anything
> against this feature per se, but the last thing we want is a proliferation of
> different ways of doing the same thing.

Our goal is to have a generic solution, which can be extended to any driver dealing with:
- Generating HBK and adding to trusted keyring.
- Using the trusted keyring's HBK for crypto operation.

With this framework in place, driver specific custom changes can be avoided, bridging the interface-gap of:
kernel-keyring <-> kernel-crypto-layer.

Thanks.
> 
> Cheers,
> --
> Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page:
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo
> r.apana.org.au%2F~herbert%2F&amp;data=05%7C01%7Cpankaj.gupta%40nx
> p.com%7C4ef27fc922d04350ca9f08daab67a1a3%7C686ea1d3bc2b4c6fa92cd9
> 9c5c301635%7C0%7C0%7C638010758832054902%7CUnknown%7CTWFpbGZs
> b3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn
> 0%3D%7C3000%7C%7C%7C&amp;sdata=SOguJ9LGhSCDmspbjDIEzkQLk9Bz%
> 2FsS0B%2BLNc4gzRo8%3D&amp;reserved=0
> PGP Key:
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo
> r.apana.org.au%2F~herbert%2Fpubkey.txt&amp;data=05%7C01%7Cpankaj.g
> upta%40nxp.com%7C4ef27fc922d04350ca9f08daab67a1a3%7C686ea1d3bc2b
> 4c6fa92cd99c5c301635%7C0%7C0%7C638010758832054902%7CUnknown%7C
> TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL
> CJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=hCzT2fPfJ%2BBNVqN6JR
> wMx9zNJkqvdRSLrR68ubhCvN4%3D&amp;reserved=0




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux