diff options
author | David Gstir <david@sigma-star.at> | 2024-04-03 09:21:17 +0200 |
---|---|---|
committer | Jarkko Sakkinen <jarkko@kernel.org> | 2024-05-09 18:29:03 +0300 |
commit | 3d16af0b4cfac4b2c3b238e2ec37b38c2f316978 (patch) | |
tree | 3114f2d0e11c755eb212c62808649151ba4596bf /include/soc | |
parent | 45db3ab70092637967967bfd8e6144017638563c (diff) | |
download | lwn-3d16af0b4cfac4b2c3b238e2ec37b38c2f316978.tar.gz lwn-3d16af0b4cfac4b2c3b238e2ec37b38c2f316978.zip |
crypto: mxs-dcp: Add support for hardware-bound keys
DCP (Data Co-Processor) is able to derive private keys for a fused
random seed, which can be referenced by handle but not accessed by
the CPU. Similarly, DCP is able to store arbitrary keys in four
dedicated key slots located in its secure memory area (internal SRAM).
These keys can be used to perform AES encryption.
Expose these derived keys and key slots through the crypto API via their
handle. The main purpose is to add DCP-backed trusted keys. Other
use cases are possible too (see similar existing paes implementations),
but these should carefully be evaluated as e.g. enabling AF_ALG will
give userspace full access to use keys. In scenarios with untrustworthy
userspace, this will enable en-/decryption oracles.
Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'include/soc')
-rw-r--r-- | include/soc/fsl/dcp.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/include/soc/fsl/dcp.h b/include/soc/fsl/dcp.h new file mode 100644 index 000000000000..3ec335d8ca8b --- /dev/null +++ b/include/soc/fsl/dcp.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2021 sigma star gmbh + * + * Specifies paes key slot handles for NXP's DCP (Data Co-Processor) to be used + * with the crypto_skcipher_setkey(). + */ + +#ifndef MXS_DCP_H +#define MXS_DCP_H + +#define DCP_PAES_KEYSIZE 1 +#define DCP_PAES_KEY_SLOT0 0x00 +#define DCP_PAES_KEY_SLOT1 0x01 +#define DCP_PAES_KEY_SLOT2 0x02 +#define DCP_PAES_KEY_SLOT3 0x03 +#define DCP_PAES_KEY_UNIQUE 0xfe +#define DCP_PAES_KEY_OTP 0xff + +#endif /* MXS_DCP_H */ |