From patchwork Wed Apr 3 07:21:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gstir X-Patchwork-Id: 1919057 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=sigma-star.at header.i=@sigma-star.at header.a=rsa-sha256 header.s=google header.b=UapH1Lr/; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=patchwork.ozlabs.org) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V8bmJ3yhdz23tf for ; Wed, 3 Apr 2024 18:22:07 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=sigma-star.at header.i=@sigma-star.at header.a=rsa-sha256 header.s=google header.b=UapH1Lr/; dkim-atps=neutral Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4V8bmC1qTbz3dVj for ; Wed, 3 Apr 2024 18:22:03 +1100 (AEDT) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=sigma-star.at header.i=@sigma-star.at header.a=rsa-sha256 header.s=google header.b=UapH1Lr/; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sigma-star.at (client-ip=2a00:1450:4864:20::334; helo=mail-wm1-x334.google.com; envelope-from=david@sigma-star.at; receiver=lists.ozlabs.org) Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4V8bls2tHhz30N8 for ; Wed, 3 Apr 2024 18:21:42 +1100 (AEDT) Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-41624fd9af6so240645e9.2 for ; Wed, 03 Apr 2024 00:21:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; t=1712128898; x=1712733698; darn=lists.ozlabs.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=s6o/FOMMgtA6Efh2lZOLXQIlSvJPNil2JE+ZCOQOQcY=; b=UapH1Lr/1orDhVIU9ZJC2n6Nff/JCsxuKVr07lVHLPmDk8bYZp+X06cD/j0too4pQD iC7u3JTrB3kmbICTCOZDww1BY+8JOUYgY8BcnF/IvyP/mKYFB1oBtyWQM9qXcnTTN+z5 KI/i/2KAOP2EBhgIZlhtzwfH3DwyMoCbJ+Ufced1+yKGpSRBW/nAAzBWKYgyCddSuKGI 8UaLUPGfIGmPbz0jp3vOjvfUpC8S/M7KyIPxebFMC0ZiiGB8VjcaqBwbFC4tNGEEczet adhHKVdUQe6vvY+/NUlYOmxFU4sTn0x8HPtcYFWNsn1kppBo0VpMWiD1ECr4oNSNgVJL bKfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712128898; x=1712733698; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=s6o/FOMMgtA6Efh2lZOLXQIlSvJPNil2JE+ZCOQOQcY=; b=GhL/NGe5ER2P+Mtad6dbMDSiHbNWl0TGbjEBTotJoDGMlH5FVTUgxe3n+SgixFqs4t yfWVtWDfbV7oLnUZi7yoSoWM58bAz+hzSbIT+qVwjv82TY3L67WA+8MapkN9N223VPVd EygpFWj0oGJwAz8N++7exhMHpO6b2xbrLXjcxnVGWtth8YPp42JfqdnnbEtuuJwLq03a lOVAc6p8x8Cu/iXYoQYec2ODwa1alYgBZ4AxM80HA2RiddHlHy5J8XecZ3WvOFtIHwj8 05OsTvt9cC0JPqf52OfLQ9UPSh6J7yLOXyPpk0UaFVHJFHctxDXU5ZJIaT5Sg5EG4eJd C5Zg== X-Forwarded-Encrypted: i=1; AJvYcCXF4cfPqJos4I0w0xZU7KPh+j72RunuZ/GaTfUESDrQm8OJp76fjOrjC0lUclHbs9Ni91+xlw05BtW81yLYQWwvLXcT2o6BxX92rX2Vkg== X-Gm-Message-State: AOJu0Yz3ftRe/rpHH3Nh7lPu411koVw/NJf/bvFNL/jprIr1y/LQ4pi4 J6f+N/ZG5MaDRs5nqWA/JiY+04ZNfQ6iWr0fuLF29Ff31PIwt22eBeU3J0OQNB8= X-Google-Smtp-Source: AGHT+IE/9Err26oBHnEgT5MkWJu1wDbsY5yCN4Hvc9o++TppeTxaNTSGe+M4pKLLv7eHhFdjLQngyw== X-Received: by 2002:a05:600c:35c5:b0:414:22b5:c33a with SMTP id r5-20020a05600c35c500b0041422b5c33amr10417809wmq.1.1712128898557; Wed, 03 Apr 2024 00:21:38 -0700 (PDT) Received: from localhost ([82.150.214.1]) by smtp.gmail.com with UTF8SMTPSA id r5-20020a056000014500b00341dc343e21sm16328599wrx.65.2024.04.03.00.21.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 03 Apr 2024 00:21:38 -0700 (PDT) From: David Gstir To: Mimi Zohar , James Bottomley , Jarkko Sakkinen , Herbert Xu , "David S. Miller" Subject: [PATCH v8 0/6] DCP as trusted keys backend Date: Wed, 3 Apr 2024 09:21:16 +0200 Message-ID: <20240403072131.54935-1-david@sigma-star.at> X-Mailer: git-send-email 2.44.0 MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: David Gstir , linux-doc@vger.kernel.org, Catalin Marinas , David Howells , keyrings@vger.kernel.org, Fabio Estevam , Ahmad Fatoum , Paul Moore , Jonathan Corbet , "Rafael J. Wysocki" , James Morris , NXP Linux Team , "Serge E. Hallyn" , "Paul E. McKenney" , Sascha Hauer , sigma star Kernel Team , "Steven Rostedt \(Google\)" , linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, Randy Dunlap , linux-kernel@vger.kernel.org, Li Yang , linux-security-module@vger.kernel.org, linux-crypto@vger.kernel.org, Pengutronix Kernel Team , Tejun Heo , linux-integrity@vger.kernel. org, Shawn Guo Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" This is a revival of the previous patch set submitted by Richard Weinberger: https://lore.kernel.org/linux-integrity/20210614201620.30451-1-richard@nod.at/ After having been thoroughly reviewed by Jarkko, it would be great if this could go into 6.10. :-) v7 is here: https://lore.kernel.org/keyrings/20240327082454.13729-1-david@sigma-star.at/ v7 -> v8: - Add Reviewed-by from Jarkko Sakkinen for patches #2 and #5 - Use kernel-doc for DCP blob format documentation instead of copy-pasting as suggested by Jarkko Sakkinen - Fix wording in docs for trusted.dcp_skip_zk_test kernel param v6 -> v7: - Add Reviewed-by from Jarkko Sakkinen for patches #1 and #3 - Improved commit messages - Changed log level for non-trusted/secure mode check from error to warning v5 -> v6: - Cleaned up coding style and commit messages to make the whole series more coherent as suggested by Jarkko Sakkinen - Added Acked-By from Jarkko Sakkinen to patch #4 - thanks! - Rebased against next-20240307 v4 -> v5: - Make Kconfig for trust source check scalable as suggested by Jarkko Sakkinen - Add Acked-By from Herbert Xu to patch #1 - thanks! v3 -> v4: - Split changes on MAINTAINERS and documentation into dedicated patches - Use more concise wording in commit messages as suggested by Jarkko Sakkinen v2 -> v3: - Addressed review comments from Jarkko Sakkinen v1 -> v2: - Revive and rebase to latest version - Include review comments from Ahmad Fatoum The Data Co-Processor (DCP) is an IP core built into many NXP SoCs such as i.mx6ull. Similar to the CAAM engine used in more powerful SoCs, DCP can AES- encrypt/decrypt user data using a unique, never-disclosed, device-specific key. Unlike CAAM though, it cannot directly wrap and unwrap blobs in hardware. As DCP offers only the bare minimum feature set and a blob mechanism needs aid from software. A blob in this case is a piece of sensitive data (e.g. a key) that is encrypted and authenticated using the device-specific key so that unwrapping can only be done on the hardware where the blob was wrapped. This patch series adds a DCP based, trusted-key backend and is similar in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM. It is of interest for similar use cases as the CAAM patch set, but for lower end devices, where CAAM is not available. Because constructing and parsing the blob has to happen in software, we needed to decide on a blob format and chose the following: struct dcp_blob_fmt { __u8 fmt_version; __u8 blob_key[AES_KEYSIZE_128]; __u8 nonce[AES_KEYSIZE_128]; __le32 payload_len; __u8 payload[]; } __packed; The `fmt_version` is currently 1. The encrypted key is stored in the payload area. It is AES-128-GCM encrypted using `blob_key` and `nonce`, GCM auth tag is attached at the end of the payload (`payload_len` does not include the size of the auth tag). The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated randomly, when sealing/exporting the DCP blob. This patchset was tested with dm-crypt on an i.MX6ULL board. [0] https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fatoum@pengutronix.de/ David Gstir (6): crypto: mxs-dcp: Add support for hardware-bound keys KEYS: trusted: improve scalability of trust source config KEYS: trusted: Introduce NXP DCP-backed trusted keys MAINTAINERS: add entry for DCP-based trusted keys docs: document DCP-backed trusted keys kernel params docs: trusted-encrypted: add DCP as new trust source .../admin-guide/kernel-parameters.txt | 13 + .../security/keys/trusted-encrypted.rst | 53 +++ MAINTAINERS | 9 + drivers/crypto/mxs-dcp.c | 104 +++++- include/keys/trusted_dcp.h | 11 + include/soc/fsl/dcp.h | 20 ++ security/keys/trusted-keys/Kconfig | 18 +- security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_core.c | 6 +- security/keys/trusted-keys/trusted_dcp.c | 332 ++++++++++++++++++ 10 files changed, 554 insertions(+), 14 deletions(-) create mode 100644 include/keys/trusted_dcp.h create mode 100644 include/soc/fsl/dcp.h create mode 100644 security/keys/trusted-keys/trusted_dcp.c