Re: [PATCH v6 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys

Hi Jarkko, > On 07.03.2024, at 20:30, Jarkko Sakkinen wrote: [...] >> + >> +static int trusted_dcp_init(void) >> +{ >> + int ret; >> + >> + if (use_otp_key) >> + pr_info("Using DCP OTP key\n"); >> + >> + ret = test_for_zero_key(); >> + if (ret) { >> + pr_err("Test for zero'ed keys failed: %i\n"

Re: [PATCH v6 5/6] docs: document DCP-backed trusted keys kernel params

On Thu Mar 7, 2024 at 5:38 PM EET, David Gstir wrote: > Document the kernel parameters trusted.dcp_use_otp_key > and trusted.dcp_skip_zk_test for DCP-backed trusted keys. > > Co-developed-by: Richard Weinberger > Signed-off-by: Richard Weinberger > Co-developed-by: David Oberhollenzer > Signed-o

Re: [PATCH v6 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys

On Thu Mar 7, 2024 at 5:38 PM EET, David Gstir wrote: > DCP (Data Co-Processor) is the little brother of NXP's CAAM IP. > Beside of accelerated crypto operations, it also offers support for > hardware-bound keys. Using this feature it is possible to implement a blob > mechanism similar to what CAAM

Re: [PATCH v6 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys

On Thu Mar 7, 2024 at 5:38 PM EET, David Gstir wrote:> DCP (Data Co-Processor) is the little brother of NXP's CAAM IP. > Beside of accelerated crypto operations, it also offers support for > hardware-bound keys. Using this feature it is possible to implement a blob > mechanism similar to what CAAM

Re: [PATCH v6 2/6] KEYS: trusted: improve scalability of trust source config

On Thu Mar 7, 2024 at 5:38 PM EET, David Gstir wrote: > Enabling trusted keys requires at least one trust source implementation > (currently TPM, TEE or CAAM) to be enabled. Currently, this is > done by checking each trust source's config option individually. > This does not scale when more trust s

Re: [PATCH v6 1/6] crypto: mxs-dcp: Add support for hardware-bound keys

On Thu Mar 7, 2024 at 5:38 PM EET, David Gstir wrote: > DCP (Data Co-Processor) is able to derive private keys for a fused > random seed, which can be referenced by handle but not accessed by > the CPU. Similarly, DCP is able to store arbitrary keys in four > dedicated key slots located in its secu

[PATCH v6 6/6] docs: trusted-encrypted: add DCP as new trust source

Update the documentation for trusted and encrypted KEYS with DCP as new trust source: - Describe security properties of DCP trust source - Describe key usage - Document blob format Co-developed-by: Richard Weinberger Signed-off-by: Richard Weinberger Co-developed-by: David Oberhollenzer Signed

[PATCH v6 5/6] docs: document DCP-backed trusted keys kernel params

Document the kernel parameters trusted.dcp_use_otp_key and trusted.dcp_skip_zk_test for DCP-backed trusted keys. Co-developed-by: Richard Weinberger Signed-off-by: Richard Weinberger Co-developed-by: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: David Gstir --- Docume

[PATCH v6 4/6] MAINTAINERS: add entry for DCP-based trusted keys

This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip found in smaller i.MX SoCs. Signed-off-by: David Gstir Acked-by: Jarkko Sakkinen --- MAINTAINERS | 9 + 1 file changed, 9 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 976a5cea1577..ca7f42ca9338 100644 -

[PATCH v6 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys

DCP (Data Co-Processor) is the little brother of NXP's CAAM IP. Beside of accelerated crypto operations, it also offers support for hardware-bound keys. Using this feature it is possible to implement a blob mechanism similar to what CAAM offers. Unlike on CAAM, constructing and parsing the blob has

[PATCH v6 2/6] KEYS: trusted: improve scalability of trust source config

Enabling trusted keys requires at least one trust source implementation (currently TPM, TEE or CAAM) to be enabled. Currently, this is done by checking each trust source's config option individually. This does not scale when more trust sources like the one for DCP are added. Add config HAVE_TRUSTE

[PATCH v6 1/6] crypto: mxs-dcp: Add support for hardware-bound keys

DCP (Data Co-Processor) is able to derive private keys for a fused random seed, which can be referenced by handle but not accessed by the CPU. Similarly, DCP is able to store arbitrary keys in four dedicated key slots located in its secure memory area (internal SRAM). These keys can be used to perf

[PATCH v5 0/6] DCP as trusted keys backend

mit messages to make the whole series more coherent as suggested by Jarkko Sakkinen - Added Acked-By from Jarkko Sakkinen to patch #4 - thanks! - Rebased against next-20240307 v4 -> v5: - Make Kconfig for trust source check scalable as suggested by Jarkko Sakkinen - Add Acked-By from Herbert Xu to

Re: [PATCH v5 4/6] MAINTAINERS: add entry for DCP-based trusted keys

Jarkko, > On 04.03.2024, at 23:48, Jarkko Sakkinen wrote: > > On Fri Dec 15, 2023 at 1:06 PM EET, David Gstir wrote: >> This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip >> found in smaller i.MX SoCs. >> >> Signed-off-by: David Gstir >> --- >> MAINTAINERS | 9 + >> 1