From patchwork Tue Oct 24 16:20:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gstir X-Patchwork-Id: 13435101 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BB43C25B48 for ; Tue, 24 Oct 2023 16:20:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234719AbjJXQUi (ORCPT ); Tue, 24 Oct 2023 12:20:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234699AbjJXQUh (ORCPT ); Tue, 24 Oct 2023 12:20:37 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 735E612B for ; Tue, 24 Oct 2023 09:20:34 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-9a58dbd5daeso703092766b.2 for ; Tue, 24 Oct 2023 09:20:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; t=1698164433; x=1698769233; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=TRO+xCDaQbDKnIXJCwBi3Y2yF65udPG/2rEKc0aYwBQ=; b=HPZbp6wV4cnVc9Z93xaS5+8Nvr3Fr52HYuvzwmmozvKm81NPDNF5a2is9H/tmS/F3A J91pxK26nNjWyUgCHvrHOINISafexowDu/Gex1AvyOp0hsJJLfuO1Ooma4XPP8ki9MC3 ALCj3tvW6Y9uoGfuNGwrRvBEwMbsXmNHXdyeS5J4dUFgB1vsU5CGp4ks8gC0izwsbhWz h5Xsbv2M4WTKAcCEEYvCmSj76WGY1N6YeylKRMhyHFYioTU41B3HdlFQXhVE5NNzLUBF ZSJvzsz1lFt9jTFDrTDqTf+PSR3tH8Ln5M3vR/oFqUrok+zR93EDN3YZ03yQz+otJLZv cZ3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698164433; x=1698769233; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TRO+xCDaQbDKnIXJCwBi3Y2yF65udPG/2rEKc0aYwBQ=; b=r/UfLPiE671E3/016JciiWzVdcPp0JqVEhbuEWIqZm+dq2cYOVnYba4KMftlc3WqbH El3llcBv6tHCIGSyxRythYu5GhhY3PTyrBXtPb7qozUepHPQILHUSpd2Nkt0M7vIeQxS HTEn5BzUhrIBQ7j5OiBJs8ceiE4o3DnrpXUCd57xQlmwr73Lj726fdQmVm7yqmnaAxHK C7ufnWOfCUeN16Qo24EcboCvMHxFVhE2bsOmikUpf3KfhR5Slc9/sdIYHk+n5imzt1HJ 0oa1ThTmMi5zQ6CXD/55YLnzG0FB8ameOu91R9mK9UfS5GsWU/ubJTi/CSKSs5j48Qu9 cpmw== X-Gm-Message-State: AOJu0YwZUHE7L21Z7ePuQL6+eKk/IIvf2yNUIiR34HdDG1TtDZFyksnI 5gm3ioPcMJ1Gcycc391ksBMi5A== X-Google-Smtp-Source: AGHT+IEIk3iJ6GCsHRYMeMdo8uw1QNTL6gntpg/5SaGUAZHqkqQekLyT81Tgpt8fo9diZdiabupYpQ== X-Received: by 2002:a17:907:c0d:b0:9be:8693:66bb with SMTP id ga13-20020a1709070c0d00b009be869366bbmr9625930ejc.59.1698164431055; Tue, 24 Oct 2023 09:20:31 -0700 (PDT) Received: from localhost (clnet-p106-198.ikbnet.co.at. [83.175.106.198]) by smtp.gmail.com with UTF8SMTPSA id cw11-20020a170906c78b00b009add084a00csm8489556ejb.36.2023.10.24.09.20.29 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 24 Oct 2023 09:20:30 -0700 (PDT) From: David Gstir To: Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Cc: David Gstir , Shawn Guo , Jonathan Corbet , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Ahmad Fatoum , sigma star Kernel Team , David Howells , Li Yang , Paul Moore , James Morris , "Serge E. Hallyn" , "Paul E. McKenney" , Randy Dunlap , Catalin Marinas , "Rafael J. Wysocki" , Tejun Heo , "Steven Rostedt (Google)" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-security-module@vger.kernel.org Subject: [PATCH v4 0/5] DCP as trusted keys backend Date: Tue, 24 Oct 2023 18:20:14 +0200 Message-ID: <20231024162024.51260-1-david@sigma-star.at> X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org This is a revival of the previous patch set submitted by Richard Weinberger: https://lore.kernel.org/linux-integrity/20210614201620.30451-1-richard@nod.at/ v3 is here: https://lore.kernel.org/keyrings/20230918141826.8139-1-david@sigma-star.at/ v3 -> v4: - Split changes on MAINTAINERS and documentation into dedicated patches - Use more concise wording in commit messages as suggested by Jarkko Sakkinen v2 -> v3: - Addressed review comments from Jarkko Sakkinen v1 -> v2: - Revive and rebase to latest version - Include review comments from Ahmad Fatoum The Data CoProcessor (DCP) is an IP core built into many NXP SoCs such as i.mx6ull. Similar to the CAAM engine used in more powerful SoCs, DCP can AES- encrypt/decrypt user data using a unique, never-disclosed, device-specific key. Unlike CAAM though, it cannot directly wrap and unwrap blobs in hardware. As DCP offers only the bare minimum feature set and a blob mechanism needs aid from software. A blob in this case is a piece of sensitive data (e.g. a key) that is encrypted and authenticated using the device-specific key so that unwrapping can only be done on the hardware where the blob was wrapped. This patch series adds a DCP based, trusted-key backend and is similar in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM. It is of interest for similar use cases as the CAAM patch set, but for lower end devices, where CAAM is not available. Because constructing and parsing the blob has to happen in software, we needed to decide on a blob format and chose the following: struct dcp_blob_fmt { __u8 fmt_version; __u8 blob_key[AES_KEYSIZE_128]; __u8 nonce[AES_KEYSIZE_128]; __le32 payload_len; __u8 payload[]; } __packed; The `fmt_version` is currently 1. The encrypted key is stored in the payload area. It is AES-128-GCM encrypted using `blob_key` and `nonce`, GCM auth tag is attached at the end of the payload (`payload_len` does not include the size of the auth tag). The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated randomly, when sealing/exporting the DCP blob. This patchset was tested with dm-crypt on an i.MX6ULL board. [0] https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fatoum@pengutronix.de/ David Gstir (5): crypto: mxs-dcp: Add support for hardware-bound keys KEYS: trusted: Introduce NXP DCP-backed trusted keys MAINTAINERS: add entry for DCP-based trusted keys docs: document DCP-backed trusted keys kernel params docs: trusted-encrypted: add DCP as new trust source .../admin-guide/kernel-parameters.txt | 13 + .../security/keys/trusted-encrypted.rst | 85 +++++ MAINTAINERS | 9 + drivers/crypto/mxs-dcp.c | 104 +++++- include/keys/trusted_dcp.h | 11 + include/soc/fsl/dcp.h | 17 + security/keys/trusted-keys/Kconfig | 9 +- security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_core.c | 6 +- security/keys/trusted-keys/trusted_dcp.c | 311 ++++++++++++++++++ 10 files changed, 554 insertions(+), 13 deletions(-) create mode 100644 include/keys/trusted_dcp.h create mode 100644 include/soc/fsl/dcp.h create mode 100644 security/keys/trusted-keys/trusted_dcp.c