Re: [PATCH v0 6/8] KEYS: trusted: caam based black key

[PATCH v0 0/8] Hardware Bound key added to Trusted Key-Ring · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
[PATCH v0 1/8] hw-bound-key: introducing the generic structure · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 1/8] hw-bound-key: introducing the generic structure · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
Re: [PATCH v0 1/8] hw-bound-key: introducing the generic structure · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
[PATCH v0 2/8] keys-trusted: new cmd line option added · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 2/8] keys-trusted: new cmd line option added · Ben Boeckel <hidden> · 2022-10-06
[PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Herbert Xu <herbert@gondor.apana.org.au> · 2022-10-07
RE: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-10
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · "Jason A. Donenfeld" <Jason@zx2c4.com> · 2022-10-10
Re: [EXT] [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · David Gstir <david@sigma-star.at> · 2022-10-10
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Herbert Xu <herbert@gondor.apana.org.au> · 2022-10-11
RE: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-11
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · "Jason A. Donenfeld" <Jason@zx2c4.com> · 2022-10-11
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Herbert Xu <herbert@gondor.apana.org.au> · 2022-10-12
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Jason Gunthorpe <jgg@ziepe.ca> · 2022-10-14
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Eric Biggers <ebiggers@kernel.org> · 2022-10-20
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Jason Gunthorpe <jgg@ziepe.ca> · 2022-10-20
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Eric Biggers <ebiggers@kernel.org> · 2022-10-20
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Jason Gunthorpe <jgg@ziepe.ca> · 2022-10-20
RE: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-11
Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
[PATCH v0 4/8] sk_cipher: checking for hw bound operation · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 4/8] sk_cipher: checking for hw bound operation · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
[PATCH v0 5/8] keys-trusted: re-factored caam based trusted key · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
[PATCH v0 6/8] KEYS: trusted: caam based black key · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 6/8] KEYS: trusted: caam based black key · Ben Boeckel <hidden> · 2022-10-06
Re: [PATCH v0 6/8] KEYS: trusted: caam based black key · James Bottomley <hidden> · 2022-10-06
[PATCH v0 7/8] caam alg: symmetric key ciphers are updated · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 7/8] caam alg: symmetric key ciphers are updated · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
[PATCH v0 8/8] dm-crypt: consumer-app setting the flag-is_hbk · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06

From: Ben Boeckel <hidden>
Date: 2022-10-06 12:41:55
Also in: keyrings, linux-crypto, linux-integrity, lkml

On Thu, Oct 06, 2022 at 18:38:35 +0530, Pankaj Gupta wrote:

- CAAM supports two types of black keys:
  -- Plain key encrypted with ECB
  -- Plain key encrypted with CCM

What is a "black key"? Is this described in the documentation or local
comments at all? (I know I'm unfamiliar with CAAM, but maybe this should
be mentioned somewhere?).

  Note: Due to robustness, default encytption used for black key is CCM.

                                     ^^^^^^^^^^ encryption

What "robustness"? Surely there's some more technical details involved
here?

- A black key blob is generated, and added to trusted key payload.
  This is done as part of sealing operation, that was triggered as a result of:
  -- new key generation
  -- load key,

It seems that "black keys" are what the uapi calls "hw". I think this
should be mentioned in the commit message (and CAAM docs).

What do other keytypes do if `hw` is requested and it's not possible
(say, `big_key`)?

Thanks,

--Ben

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help