Re: [PATCH v0 6/8] KEYS: trusted: caam based black key

[PATCH v0 0/8] Hardware Bound key added to Trusted Key-Ring · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
[PATCH v0 1/8] hw-bound-key: introducing the generic structure · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 1/8] hw-bound-key: introducing the generic structure · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
Re: [PATCH v0 1/8] hw-bound-key: introducing the generic structure · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
[PATCH v0 2/8] keys-trusted: new cmd line option added · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 2/8] keys-trusted: new cmd line option added · Ben Boeckel <hidden> · 2022-10-06
[PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Herbert Xu <herbert@gondor.apana.org.au> · 2022-10-07
RE: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-10
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · "Jason A. Donenfeld" <Jason@zx2c4.com> · 2022-10-10
Re: [EXT] [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · David Gstir <david@sigma-star.at> · 2022-10-10
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Herbert Xu <herbert@gondor.apana.org.au> · 2022-10-11
RE: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-11
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · "Jason A. Donenfeld" <Jason@zx2c4.com> · 2022-10-11
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Herbert Xu <herbert@gondor.apana.org.au> · 2022-10-12
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Jason Gunthorpe <jgg@ziepe.ca> · 2022-10-14
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Eric Biggers <ebiggers@kernel.org> · 2022-10-20
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Jason Gunthorpe <jgg@ziepe.ca> · 2022-10-20
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Eric Biggers <ebiggers@kernel.org> · 2022-10-20
Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Jason Gunthorpe <jgg@ziepe.ca> · 2022-10-20
RE: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-11
Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
[PATCH v0 4/8] sk_cipher: checking for hw bound operation · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 4/8] sk_cipher: checking for hw bound operation · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
[PATCH v0 5/8] keys-trusted: re-factored caam based trusted key · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
[PATCH v0 6/8] KEYS: trusted: caam based black key · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 6/8] KEYS: trusted: caam based black key · Ben Boeckel <hidden> · 2022-10-06
Re: [PATCH v0 6/8] KEYS: trusted: caam based black key · James Bottomley <hidden> · 2022-10-06
[PATCH v0 7/8] caam alg: symmetric key ciphers are updated · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06
Re: [PATCH v0 7/8] caam alg: symmetric key ciphers are updated · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
[PATCH v0 8/8] dm-crypt: consumer-app setting the flag-is_hbk · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-10-06

From: James Bottomley <hidden>
Date: 2022-10-06 12:55:05
Also in: keyrings, linux-crypto, linux-integrity, lkml

On Thu, 2022-10-06 at 08:42 -0400, Ben Boeckel wrote:

On Thu, Oct 06, 2022 at 18:38:35 +0530, Pankaj Gupta wrote:

quoted

- CAAM supports two types of black keys:
  -- Plain key encrypted with ECB
  -- Plain key encrypted with CCM

What is a "black key"? Is this described in the documentation or
local comments at all? (I know I'm unfamiliar with CAAM, but maybe
this should be mentioned somewhere?).

quoted

  Note: Due to robustness, default encytption used for black key is
CCM.

                                     ^^^^^^^^^^ encryption

What "robustness"? Surely there's some more technical details
involved here?

The crypto advice for the past decade or more has been never use ECB
it's insecure, so anything could be regarded as robust compared to it
... however that does beg the question of why ECB is even offered in a
modern system?  Surely it's nothing more than a user trap (choose this
secure option only if you don't want security).

James

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help