diff options
| author | David Gstir <david@sigma-star.at> | 2024-04-03 09:21:17 +0200 |
|---|---|---|
| committer | Jarkko Sakkinen <jarkko@kernel.org> | 2024-05-09 18:29:03 +0300 |
| commit | 3d16af0b4cfac4b2c3b238e2ec37b38c2f316978 (patch) | |
| tree | 3114f2d0e11c755eb212c62808649151ba4596bf /security | |
| parent | 45db3ab70092637967967bfd8e6144017638563c (diff) | |
crypto: mxs-dcp: Add support for hardware-bound keys
DCP (Data Co-Processor) is able to derive private keys for a fused
random seed, which can be referenced by handle but not accessed by
the CPU. Similarly, DCP is able to store arbitrary keys in four
dedicated key slots located in its secure memory area (internal SRAM).
These keys can be used to perform AES encryption.
Expose these derived keys and key slots through the crypto API via their
handle. The main purpose is to add DCP-backed trusted keys. Other
use cases are possible too (see similar existing paes implementations),
but these should carefully be evaluated as e.g. enabling AF_ALG will
give userspace full access to use keys. In scenarios with untrustworthy
userspace, this will enable en-/decryption oracles.
Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions