Re: [PATCH v5 0/6] DCP as trusted keys backend
On Fri, Dec 15, 2023 at 6:07 AM David Gstir wrote:
>
> This is a revival of the previous patch set submitted by Richard Weinberger:
> https://lore.kernel.org/linux-integrity/20210614201620.30451-1-rich...@nod.at/
>
> v4 is here:
> https://lore.kernel.org/keyrings/20231024162024.51260-1-da...@sigma-star.at/
>
> v4 -> v5:
> - Make Kconfig for trust source check scalable as suggested by Jarkko Sakkinen
> - Add Acked-By from Herbert Xu to patch #1 - thanks!
> v3 -> v4:
> - Split changes on MAINTAINERS and documentation into dedicated patches
> - Use more concise wording in commit messages as suggested by Jarkko Sakkinen
> v2 -> v3:
> - Addressed review comments from Jarkko Sakkinen
> v1 -> v2:
> - Revive and rebase to latest version
> - Include review comments from Ahmad Fatoum
>
> The Data CoProcessor (DCP) is an IP core built into many NXP SoCs such
> as i.mx6ull.
>
> Similar to the CAAM engine used in more powerful SoCs, DCP can AES-
> encrypt/decrypt user data using a unique, never-disclosed,
> device-specific key. Unlike CAAM though, it cannot directly wrap and
> unwrap blobs in hardware. As DCP offers only the bare minimum feature
> set and a blob mechanism needs aid from software. A blob in this case
> is a piece of sensitive data (e.g. a key) that is encrypted and
> authenticated using the device-specific key so that unwrapping can only
> be done on the hardware where the blob was wrapped.
>
> This patch series adds a DCP based, trusted-key backend and is similar
> in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM.
> It is of interest for similar use cases as the CAAM patch set, but for
> lower end devices, where CAAM is not available.
>
> Because constructing and parsing the blob has to happen in software,
> we needed to decide on a blob format and chose the following:
>
> struct dcp_blob_fmt {
> __u8 fmt_version;
> __u8 blob_key[AES_KEYSIZE_128];
> __u8 nonce[AES_KEYSIZE_128];
> __le32 payload_len;
> __u8 payload[];
> } __packed;
>
> The `fmt_version` is currently 1.
>
> The encrypted key is stored in the payload area. It is AES-128-GCM
> encrypted using `blob_key` and `nonce`, GCM auth tag is attached at
> the end of the payload (`payload_len` does not include the size of
> the auth tag).
>
> The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using
> the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated
> randomly, when sealing/exporting the DCP blob.
>
> This patchset was tested with dm-crypt on an i.MX6ULL board.
>
> [0]
> https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
>
> David Gstir (6):
> crypto: mxs-dcp: Add support for hardware-bound keys
> KEYS: trusted: improve scalability of trust source config
> KEYS: trusted: Introduce NXP DCP-backed trusted keys
> MAINTAINERS: add entry for DCP-based trusted keys
> docs: document DCP-backed trusted keys kernel params
> docs: trusted-encrypted: add DCP as new trust source
>
> .../admin-guide/kernel-parameters.txt | 13 +
> .../security/keys/trusted-encrypted.rst | 85 +
> MAINTAINERS | 9 +
> drivers/crypto/mxs-dcp.c | 104 +-
> include/keys/trusted_dcp.h| 11 +
> include/soc/fsl/dcp.h | 17 +
> security/keys/trusted-keys/Kconfig| 18 +-
> security/keys/trusted-keys/Makefile | 2 +
> security/keys/trusted-keys/trusted_core.c | 6 +-
> security/keys/trusted-keys/trusted_dcp.c | 311 ++
> 10 files changed, 562 insertions(+), 14 deletions(-)
> create mode 100644 include/keys/trusted_dcp.h
> create mode 100644 include/soc/fsl/dcp.h
> create mode 100644 security/keys/trusted-keys/trusted_dcp.c
Jarkko, Mimi, David - if this patchset isn't already in your review
queue, can you take a look at it from a security/keys perspective?
Thanks.
--
paul-moore.com
Re: [PATCH v5 0/6] DCP as trusted keys backend
Hi,
> On 15.12.2023, at 12:06, David Gstir wrote:
>
> This is a revival of the previous patch set submitted by Richard Weinberger:
> https://lore.kernel.org/linux-integrity/20210614201620.30451-1-rich...@nod.at/
>
> v4 is here:
> https://lore.kernel.org/keyrings/20231024162024.51260-1-da...@sigma-star.at/
>
> v4 -> v5:
> - Make Kconfig for trust source check scalable as suggested by Jarkko Sakkinen
> - Add Acked-By from Herbert Xu to patch #1 - thanks!
> v3 -> v4:
> - Split changes on MAINTAINERS and documentation into dedicated patches
> - Use more concise wording in commit messages as suggested by Jarkko Sakkinen
> v2 -> v3:
> - Addressed review comments from Jarkko Sakkinen
> v1 -> v2:
> - Revive and rebase to latest version
> - Include review comments from Ahmad Fatoum
>
> The Data CoProcessor (DCP) is an IP core built into many NXP SoCs such
> as i.mx6ull.
>
> Similar to the CAAM engine used in more powerful SoCs, DCP can AES-
> encrypt/decrypt user data using a unique, never-disclosed,
> device-specific key. Unlike CAAM though, it cannot directly wrap and
> unwrap blobs in hardware. As DCP offers only the bare minimum feature
> set and a blob mechanism needs aid from software. A blob in this case
> is a piece of sensitive data (e.g. a key) that is encrypted and
> authenticated using the device-specific key so that unwrapping can only
> be done on the hardware where the blob was wrapped.
>
> This patch series adds a DCP based, trusted-key backend and is similar
> in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM.
> It is of interest for similar use cases as the CAAM patch set, but for
> lower end devices, where CAAM is not available.
>
> Because constructing and parsing the blob has to happen in software,
> we needed to decide on a blob format and chose the following:
>
> struct dcp_blob_fmt {
> __u8 fmt_version;
> __u8 blob_key[AES_KEYSIZE_128];
> __u8 nonce[AES_KEYSIZE_128];
> __le32 payload_len;
> __u8 payload[];
> } __packed;
>
> The `fmt_version` is currently 1.
>
> The encrypted key is stored in the payload area. It is AES-128-GCM
> encrypted using `blob_key` and `nonce`, GCM auth tag is attached at
> the end of the payload (`payload_len` does not include the size of
> the auth tag).
>
> The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using
> the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated
> randomly, when sealing/exporting the DCP blob.
>
> This patchset was tested with dm-crypt on an i.MX6ULL board.
>
> [0]
> https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
>
> David Gstir (6):
> crypto: mxs-dcp: Add support for hardware-bound keys
> KEYS: trusted: improve scalability of trust source config
> KEYS: trusted: Introduce NXP DCP-backed trusted keys
> MAINTAINERS: add entry for DCP-based trusted keys
> docs: document DCP-backed trusted keys kernel params
> docs: trusted-encrypted: add DCP as new trust source
>
> .../admin-guide/kernel-parameters.txt | 13 +
> .../security/keys/trusted-encrypted.rst | 85 +
> MAINTAINERS | 9 +
> drivers/crypto/mxs-dcp.c | 104 +-
> include/keys/trusted_dcp.h| 11 +
> include/soc/fsl/dcp.h | 17 +
> security/keys/trusted-keys/Kconfig| 18 +-
> security/keys/trusted-keys/Makefile | 2 +
> security/keys/trusted-keys/trusted_core.c | 6 +-
> security/keys/trusted-keys/trusted_dcp.c | 311 ++
> 10 files changed, 562 insertions(+), 14 deletions(-)
> create mode 100644 include/keys/trusted_dcp.h
> create mode 100644 include/soc/fsl/dcp.h
> create mode 100644 security/keys/trusted-keys/trusted_dcp.c
Jarkko, Mimi, David do you need anything from my side for these patches to get
them merged?
Thanks,
- David
Re: [PATCH v5 0/6] DCP as trusted keys backend
Am Montag, 5. Februar 2024, 09:39:07 CET schrieb David Gstir:
> Hi,
>
> > On 15.12.2023, at 12:06, David Gstir wrote:
> >
> > This is a revival of the previous patch set submitted by Richard Weinberger:
> > https://lore.kernel.org/linux-integrity/20210614201620.30451-1-rich...@nod.at/
> >
> > v4 is here:
> > https://lore.kernel.org/keyrings/20231024162024.51260-1-da...@sigma-star.at/
> >
> > v4 -> v5:
> > - Make Kconfig for trust source check scalable as suggested by Jarkko
> > Sakkinen
> > - Add Acked-By from Herbert Xu to patch #1 - thanks!
> > v3 -> v4:
> > - Split changes on MAINTAINERS and documentation into dedicated patches
> > - Use more concise wording in commit messages as suggested by Jarkko
> > Sakkinen
> > v2 -> v3:
> > - Addressed review comments from Jarkko Sakkinen
> > v1 -> v2:
> > - Revive and rebase to latest version
> > - Include review comments from Ahmad Fatoum
> >
> > The Data CoProcessor (DCP) is an IP core built into many NXP SoCs such
> > as i.mx6ull.
> >
> > Similar to the CAAM engine used in more powerful SoCs, DCP can AES-
> > encrypt/decrypt user data using a unique, never-disclosed,
> > device-specific key. Unlike CAAM though, it cannot directly wrap and
> > unwrap blobs in hardware. As DCP offers only the bare minimum feature
> > set and a blob mechanism needs aid from software. A blob in this case
> > is a piece of sensitive data (e.g. a key) that is encrypted and
> > authenticated using the device-specific key so that unwrapping can only
> > be done on the hardware where the blob was wrapped.
> >
> > This patch series adds a DCP based, trusted-key backend and is similar
> > in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM.
> > It is of interest for similar use cases as the CAAM patch set, but for
> > lower end devices, where CAAM is not available.
> >
> > Because constructing and parsing the blob has to happen in software,
> > we needed to decide on a blob format and chose the following:
> >
> > struct dcp_blob_fmt {
> > __u8 fmt_version;
> > __u8 blob_key[AES_KEYSIZE_128];
> > __u8 nonce[AES_KEYSIZE_128];
> > __le32 payload_len;
> > __u8 payload[];
> > } __packed;
> >
> > The `fmt_version` is currently 1.
> >
> > The encrypted key is stored in the payload area. It is AES-128-GCM
> > encrypted using `blob_key` and `nonce`, GCM auth tag is attached at
> > the end of the payload (`payload_len` does not include the size of
> > the auth tag).
> >
> > The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using
> > the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated
> > randomly, when sealing/exporting the DCP blob.
> >
> > This patchset was tested with dm-crypt on an i.MX6ULL board.
> >
> > [0]
> > https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
> >
> > David Gstir (6):
> > crypto: mxs-dcp: Add support for hardware-bound keys
> > KEYS: trusted: improve scalability of trust source config
> > KEYS: trusted: Introduce NXP DCP-backed trusted keys
> > MAINTAINERS: add entry for DCP-based trusted keys
> > docs: document DCP-backed trusted keys kernel params
> > docs: trusted-encrypted: add DCP as new trust source
> >
> > .../admin-guide/kernel-parameters.txt | 13 +
> > .../security/keys/trusted-encrypted.rst | 85 +
> > MAINTAINERS | 9 +
> > drivers/crypto/mxs-dcp.c | 104 +-
> > include/keys/trusted_dcp.h| 11 +
> > include/soc/fsl/dcp.h | 17 +
> > security/keys/trusted-keys/Kconfig| 18 +-
> > security/keys/trusted-keys/Makefile | 2 +
> > security/keys/trusted-keys/trusted_core.c | 6 +-
> > security/keys/trusted-keys/trusted_dcp.c | 311 ++
> > 10 files changed, 562 insertions(+), 14 deletions(-)
> > create mode 100644 include/keys/trusted_dcp.h
> > create mode 100644 include/soc/fsl/dcp.h
> > create mode 100644 security/keys/trusted-keys/trusted_dcp.c
>
> Jarkko, Mimi, David do you need anything from my side for these patches to
> get them merged?
Friendly ping also from my side. :-)
Thanks,
//richard
--
sigma star gmbh | Eduard-Bodem-Gasse 6, 6020 Innsbruck, AUT
UID/VAT Nr: ATU 66964118 | FN: 374287y
Re: [PATCH v5 0/6] DCP as trusted keys backend
Mimi, James, Jarkko, David,
you remained silent for a whole release cycle.
Is there anything we can do to get this forward?
Thanks,
//richard
Am Dienstag, 13. Februar 2024, 10:59:56 CET schrieb Richard Weinberger:
> Am Montag, 5. Februar 2024, 09:39:07 CET schrieb David Gstir:
> > Hi,
> >
> > > On 15.12.2023, at 12:06, David Gstir wrote:
> > >
> > > This is a revival of the previous patch set submitted by Richard
> > > Weinberger:
> > > https://lore.kernel.org/linux-integrity/20210614201620.30451-1-rich...@nod.at/
> > >
> > > v4 is here:
> > > https://lore.kernel.org/keyrings/20231024162024.51260-1-da...@sigma-star.at/
> > >
> > > v4 -> v5:
> > > - Make Kconfig for trust source check scalable as suggested by Jarkko
> > > Sakkinen
> > > - Add Acked-By from Herbert Xu to patch #1 - thanks!
> > > v3 -> v4:
> > > - Split changes on MAINTAINERS and documentation into dedicated patches
> > > - Use more concise wording in commit messages as suggested by Jarkko
> > > Sakkinen
> > > v2 -> v3:
> > > - Addressed review comments from Jarkko Sakkinen
> > > v1 -> v2:
> > > - Revive and rebase to latest version
> > > - Include review comments from Ahmad Fatoum
> > >
> > > The Data CoProcessor (DCP) is an IP core built into many NXP SoCs such
> > > as i.mx6ull.
> > >
> > > Similar to the CAAM engine used in more powerful SoCs, DCP can AES-
> > > encrypt/decrypt user data using a unique, never-disclosed,
> > > device-specific key. Unlike CAAM though, it cannot directly wrap and
> > > unwrap blobs in hardware. As DCP offers only the bare minimum feature
> > > set and a blob mechanism needs aid from software. A blob in this case
> > > is a piece of sensitive data (e.g. a key) that is encrypted and
> > > authenticated using the device-specific key so that unwrapping can only
> > > be done on the hardware where the blob was wrapped.
> > >
> > > This patch series adds a DCP based, trusted-key backend and is similar
> > > in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM.
> > > It is of interest for similar use cases as the CAAM patch set, but for
> > > lower end devices, where CAAM is not available.
> > >
> > > Because constructing and parsing the blob has to happen in software,
> > > we needed to decide on a blob format and chose the following:
> > >
> > > struct dcp_blob_fmt {
> > > __u8 fmt_version;
> > > __u8 blob_key[AES_KEYSIZE_128];
> > > __u8 nonce[AES_KEYSIZE_128];
> > > __le32 payload_len;
> > > __u8 payload[];
> > > } __packed;
> > >
> > > The `fmt_version` is currently 1.
> > >
> > > The encrypted key is stored in the payload area. It is AES-128-GCM
> > > encrypted using `blob_key` and `nonce`, GCM auth tag is attached at
> > > the end of the payload (`payload_len` does not include the size of
> > > the auth tag).
> > >
> > > The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using
> > > the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated
> > > randomly, when sealing/exporting the DCP blob.
> > >
> > > This patchset was tested with dm-crypt on an i.MX6ULL board.
> > >
> > > [0]
> > > https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
> > >
> > > David Gstir (6):
> > > crypto: mxs-dcp: Add support for hardware-bound keys
> > > KEYS: trusted: improve scalability of trust source config
> > > KEYS: trusted: Introduce NXP DCP-backed trusted keys
> > > MAINTAINERS: add entry for DCP-based trusted keys
> > > docs: document DCP-backed trusted keys kernel params
> > > docs: trusted-encrypted: add DCP as new trust source
> > >
> > > .../admin-guide/kernel-parameters.txt | 13 +
> > > .../security/keys/trusted-encrypted.rst | 85 +
> > > MAINTAINERS | 9 +
> > > drivers/crypto/mxs-dcp.c | 104 +-
> > > include/keys/trusted_dcp.h| 11 +
> > > include/soc/fsl/dcp.h | 17 +
> > > security/keys/trusted-keys/Kconfig| 18 +-
> > > security/keys/trusted-keys/Makefile | 2 +
> > > security/keys/trusted-keys/trusted_core.c | 6 +-
> > > security/keys/trusted-keys/trusted_dcp.c | 311 ++
> > > 10 files changed, 562 insertions(+), 14 deletions(-)
> > > create mode 100644 include/keys/trusted_dcp.h
> > > create mode 100644 include/soc/fsl/dcp.h
> > > create mode 100644 security/keys/trusted-keys/trusted_dcp.c
> >
> > Jarkko, Mimi, David do you need anything from my side for these patches to
> > get them merged?
>
> Friendly ping also from my side. :-)
>
> Thanks,
> //richard
>
> --
> sigma star gmbh | Eduard-Bodem-Gasse 6, 6020 Innsbruck, AUT
> UID/VAT Nr: ATU 66964118 | FN: 374287y
>
--
sigma star gmbh | Eduard-Bodem-Gasse 6, 6020 Innsbruck, AUT
UID/VAT Nr: ATU 66964118 | FN: 374287y
Re: [PATCH v5 0/6] DCP as trusted keys backend
On Mon Feb 26, 2024 at 12:20 AM EET, Richard Weinberger wrote: > Mimi, James, Jarkko, David, > > you remained silent for a whole release cycle. > Is there anything we can do to get this forward? > > Thanks, > //richard Thanks for reminding. >From my side, I've had pretty busy month as I've adapted to a new work project: https://sochub.fi/ I exported the thread [1] and will look into it within this or next week in detail (thus the large'ish time window). [1] https://lore.kernel.org/linux-integrity/1733761.uacIGzncQW@somecomputer/t.mbox.gz BR, Jarkko
Re: [PATCH v5 0/6] DCP as trusted keys backend
On Tue Dec 19, 2023 at 2:45 AM EET, Paul Moore wrote:
> On Fri, Dec 15, 2023 at 6:07 AM David Gstir wrote:
> >
> > This is a revival of the previous patch set submitted by Richard Weinberger:
> > https://lore.kernel.org/linux-integrity/20210614201620.30451-1-rich...@nod.at/
> >
> > v4 is here:
> > https://lore.kernel.org/keyrings/20231024162024.51260-1-da...@sigma-star.at/
> >
> > v4 -> v5:
> > - Make Kconfig for trust source check scalable as suggested by Jarkko
> > Sakkinen
> > - Add Acked-By from Herbert Xu to patch #1 - thanks!
> > v3 -> v4:
> > - Split changes on MAINTAINERS and documentation into dedicated patches
> > - Use more concise wording in commit messages as suggested by Jarkko
> > Sakkinen
> > v2 -> v3:
> > - Addressed review comments from Jarkko Sakkinen
> > v1 -> v2:
> > - Revive and rebase to latest version
> > - Include review comments from Ahmad Fatoum
> >
> > The Data CoProcessor (DCP) is an IP core built into many NXP SoCs such
> > as i.mx6ull.
> >
> > Similar to the CAAM engine used in more powerful SoCs, DCP can AES-
> > encrypt/decrypt user data using a unique, never-disclosed,
> > device-specific key. Unlike CAAM though, it cannot directly wrap and
> > unwrap blobs in hardware. As DCP offers only the bare minimum feature
> > set and a blob mechanism needs aid from software. A blob in this case
> > is a piece of sensitive data (e.g. a key) that is encrypted and
> > authenticated using the device-specific key so that unwrapping can only
> > be done on the hardware where the blob was wrapped.
> >
> > This patch series adds a DCP based, trusted-key backend and is similar
> > in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM.
> > It is of interest for similar use cases as the CAAM patch set, but for
> > lower end devices, where CAAM is not available.
> >
> > Because constructing and parsing the blob has to happen in software,
> > we needed to decide on a blob format and chose the following:
> >
> > struct dcp_blob_fmt {
> > __u8 fmt_version;
> > __u8 blob_key[AES_KEYSIZE_128];
> > __u8 nonce[AES_KEYSIZE_128];
> > __le32 payload_len;
> > __u8 payload[];
> > } __packed;
> >
> > The `fmt_version` is currently 1.
> >
> > The encrypted key is stored in the payload area. It is AES-128-GCM
> > encrypted using `blob_key` and `nonce`, GCM auth tag is attached at
> > the end of the payload (`payload_len` does not include the size of
> > the auth tag).
> >
> > The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using
> > the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated
> > randomly, when sealing/exporting the DCP blob.
> >
> > This patchset was tested with dm-crypt on an i.MX6ULL board.
> >
> > [0]
> > https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fat...@pengutronix.de/
> >
> > David Gstir (6):
> > crypto: mxs-dcp: Add support for hardware-bound keys
> > KEYS: trusted: improve scalability of trust source config
> > KEYS: trusted: Introduce NXP DCP-backed trusted keys
> > MAINTAINERS: add entry for DCP-based trusted keys
> > docs: document DCP-backed trusted keys kernel params
> > docs: trusted-encrypted: add DCP as new trust source
> >
> > .../admin-guide/kernel-parameters.txt | 13 +
> > .../security/keys/trusted-encrypted.rst | 85 +
> > MAINTAINERS | 9 +
> > drivers/crypto/mxs-dcp.c | 104 +-
> > include/keys/trusted_dcp.h| 11 +
> > include/soc/fsl/dcp.h | 17 +
> > security/keys/trusted-keys/Kconfig| 18 +-
> > security/keys/trusted-keys/Makefile | 2 +
> > security/keys/trusted-keys/trusted_core.c | 6 +-
> > security/keys/trusted-keys/trusted_dcp.c | 311 ++
> > 10 files changed, 562 insertions(+), 14 deletions(-)
> > create mode 100644 include/keys/trusted_dcp.h
> > create mode 100644 include/soc/fsl/dcp.h
> > create mode 100644 security/keys/trusted-keys/trusted_dcp.c
>
> Jarkko, Mimi, David - if this patchset isn't already in your review
> queue, can you take a look at it from a security/keys perspective?
>
> Thanks.
I gave my 5 cents. I had no intention not to review it, somehow just
slipped. I try to do my best but sometimes this still does happen :-) So
please ping me if there is radio silence.
BR, Jarkko
