Thread (71 messages) 71 messages, 13 authors, 2021-04-02

Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-03-23 18:09:03
Also in: keyrings, linux-crypto, linux-doc, linux-security-module, lkml 

On Tue, 2021-03-23 at 17:35 +0100, Ahmad Fatoum wrote:
Hello Horia,

On 21.03.21 21:48, Horia Geantă wrote:
quoted
On 3/16/2021 7:02 PM, Ahmad Fatoum wrote:
[...]
quoted
+struct trusted_key_ops caam_trusted_key_ops = {
+	.migratable = 0, /* non-migratable */
+	.init = trusted_caam_init,
+	.seal = trusted_caam_seal,
+	.unseal = trusted_caam_unseal,
+	.exit = trusted_caam_exit,
+};
caam has random number generation capabilities, so it's worth using that
by implementing .get_random.
If the CAAM HWRNG is already seeding the kernel RNG, why not use the kernel's?

Makes for less code duplication IMO.
Using kernel RNG, in general, for trusted keys has been discussed
before.   Please refer to Dave Safford's detailed explanation for not
using it [1].

thanks,

Mimi

[1] 
https://lore.kernel.org/linux-integrity/BCA04D5D9A3B764C9B7405BBA4D4A3C035F2A38B@ALPMBAPA12.e2k.ad.ge.com/ (local)
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help