diff options
| author | Ahmad Fatoum <[email protected]> | 2022-05-13 16:57:02 +0200 |
|---|---|---|
| committer | Jarkko Sakkinen <[email protected]> | 2022-05-23 18:47:50 +0300 |
| commit | 007c3ff11f38d83cc95b0f402e432cbf484e3c31 (patch) | |
| tree | 3da2d7cbca86e9595d43b917211dfd7675d67864 /tools/perf/scripts/python/failed-syscalls-by-pid.py | |
| parent | 7a0e7d5265f58eab5983f6560817d4fe9943743b (diff) | |
crypto: caam - add in-kernel interface for blob generator
The NXP Cryptographic Acceleration and Assurance Module (CAAM)
can be used to protect user-defined data across system reboot:
- When the system is fused and boots into secure state, the master
key is a unique never-disclosed device-specific key
- random key is encrypted by key derived from master key
- data is encrypted using the random key
- encrypted data and its encrypted random key are stored alongside
- This blob can now be safely stored in non-volatile memory
On next power-on:
- blob is loaded into CAAM
- CAAM writes decrypted data either into memory or key register
Add functions to realize encrypting and decrypting into memory alongside
the CAAM driver.
They will be used in a later commit as a source for the trusted key
seal/unseal mechanism.
Reviewed-by: David Gstir <[email protected]>
Reviewed-by: Pankaj Gupta <[email protected]>
Tested-by: Tim Harvey <[email protected]>
Tested-by: Matthias Schiffer <[email protected]>
Tested-by: Pankaj Gupta <[email protected]>
Tested-by: Michael Walle <[email protected]> # on ls1028a (non-E and E)
Tested-by: John Ernberg <[email protected]> # iMX8QXP
Signed-off-by: Steffen Trumtrar <[email protected]>
Signed-off-by: Ahmad Fatoum <[email protected]>
Signed-off-by: Jarkko Sakkinen <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/failed-syscalls-by-pid.py')
0 files changed, 0 insertions, 0 deletions