On Fri, Jul 21, 2023 at 09:11:13PM -0700, Eric Biggers wrote: > On Fri, Jul 21, 2023 at 08:40:32PM -0700, Bjorn Andersson wrote: > > On Wed, Jul 19, 2023 at 10:04:21AM -0700, Gaurav Kashyap wrote: > > > Storage encryption has two IOCTLs for creating, importing > > > and preparing keys for encryption. For wrapped keys, these > > > IOCTLs need to interface with the secure environment, which > > > require these SCM calls. > > > > > > generate_key: This is used to generate and return a longterm > > > wrapped key. Trustzone achieves this by generating > > > a key and then wrapping it using hwkm, returning > > > a wrapped keyblob. > > > import_key: The functionality is similar to generate, but here, > > > a raw key is imported into hwkm and a longterm wrapped > > > keyblob is returned. > > > prepare_key: The longterm wrapped key from import or generate > > > is made further secure by rewrapping it with a per-boot > > > ephemeral wrapped key before installing it to the linux > > > kernel for programming to ICE. > > > > > > Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx> > > > --- > > > drivers/firmware/qcom_scm.c | 222 +++++++++++++++++++++++++ > > > drivers/firmware/qcom_scm.h | 3 + > > > include/linux/firmware/qcom/qcom_scm.h | 10 ++ > > > 3 files changed, 235 insertions(+) > > > > > > diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c > > > index 51062d5c7f7b..44dd1857747b 100644 > > > --- a/drivers/firmware/qcom_scm.c > > > +++ b/drivers/firmware/qcom_scm.c > > > @@ -1210,6 +1210,228 @@ int qcom_scm_derive_sw_secret(const u8 *wrapped_key, u32 wrapped_key_size, > > > } > > > EXPORT_SYMBOL(qcom_scm_derive_sw_secret); > > > > > > +/** > > > + * qcom_scm_generate_ice_key() - Generate a wrapped key for encryption. > > > + * @longterm_wrapped_key: the wrapped key returned after key generation > > > > "longterm" was long enough that you didn't feel it made sense in the > > description ;) > > > > Jokes aside, please follow the convention described in: > > https://www.kernel.org/doc/html/v4.10/process/coding-style.html#naming > > > > "key" or "wrapped_key" sounds sufficient to me. > > The naming I use in my most recent patchset that adds support for > hardware-wrapped inline encryption keys to the block layer and fscrypt > (https://lore.kernel.org/linux-block/20221216203636.81491-1-ebiggers@xxxxxxxxxx/), > which this patchset is based on, is 'lt_key' for a longterm wrapped key and > 'eph_key' for an ephemerally-wrapped key. > Excellent, using familiar names is good! Regards, Bjorn
