[EXT] [PATCH v8 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys

Kshitiz Varshney kshitiz.varshney at nxp.com
Wed Apr 10 17:13:35 AEST 2024


Hi Ahmad,

> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum at pengutronix.de>
> Sent: Tuesday, April 9, 2024 10:58 PM
> To: Kshitiz Varshney <kshitiz.varshney at nxp.com>; David Gstir
> <david at sigma-star.at>; Mimi Zohar <zohar at linux.ibm.com>; James
> Bottomley <jejb at linux.ibm.com>; Jarkko Sakkinen <jarkko at kernel.org>;
> Herbert Xu <herbert at gondor.apana.org.au>; David S. Miller
> <davem at davemloft.net>
> Cc: linux-doc at vger.kernel.org; Gaurav Jain <gaurav.jain at nxp.com>; Catalin
> Marinas <catalin.marinas at arm.com>; David Howells
> <dhowells at redhat.com>; keyrings at vger.kernel.org; Fabio Estevam
> <festevam at gmail.com>; Paul Moore <paul at paul-moore.com>; Jonathan
> Corbet <corbet at lwn.net>; Richard Weinberger <richard at nod.at>; Rafael J.
> Wysocki <rafael.j.wysocki at intel.com>; James Morris <jmorris at namei.org>;
> dl-linux-imx <linux-imx at nxp.com>; Serge E. Hallyn <serge at hallyn.com>;
> Paul E. McKenney <paulmck at kernel.org>; Sascha Hauer
> <s.hauer at pengutronix.de>; Pankaj Gupta <pankaj.gupta at nxp.com>; sigma
> star Kernel Team <upstream+dcp at sigma-star.at>; Steven Rostedt (Google)
> <rostedt at goodmis.org>; David Oberhollenzer <david.oberhollenzer at sigma-
> star.at>; linux-arm-kernel at lists.infradead.org; linuxppc-dev at lists.ozlabs.org;
> Randy Dunlap <rdunlap at infradead.org>; linux-kernel at vger.kernel.org; Li
> Yang <leoyang.li at nxp.com>; linux-security-module at vger.kernel.org; linux-
> crypto at vger.kernel.org; Pengutronix Kernel Team <kernel at pengutronix.de>;
> Tejun Heo <tj at kernel.org>; linux-integrity at vger.kernel.org; Shawn Guo
> <shawnguo at kernel.org>; Varun Sethi <V.Sethi at nxp.com>
> Subject: Re: [EXT] [PATCH v8 3/6] KEYS: trusted: Introduce NXP DCP-backed
> trusted keys
> 
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
> 
> 
> Hello Kshitiz,
> 
> On 09.04.24 12:54, Kshitiz Varshney wrote:
> > Hi David,
> >> +       b->fmt_version = DCP_BLOB_VERSION;
> >> +       get_random_bytes(b->nonce, AES_KEYSIZE_128);
> >> +       get_random_bytes(b->blob_key, AES_KEYSIZE_128);
> >
> > We can use HWRNG instead of using kernel RNG. Please refer
> > drivers/char/hw_random/imx-rngc.c
> 
> imx-rngc can be enabled and used to seed the kernel entropy pool. Adding
> direct calls into imx-rngc here only introduces duplicated code at no extra
> benefit.
> 
> Cheers,
> Ahmad
> 
> --
> Pengutronix e.K.                           |                             |
> Steuerwalder Str. 21                       |
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.
> pengutronix.de%2F&data=05%7C02%7Ckshitiz.varshney%40nxp.com%7Ce9
> 97f259d34548ad1a9808dc58ba63a8%7C686ea1d3bc2b4c6fa92cd99c5c30
> 1635%7C0%7C0%7C638482804763047266%7CUnknown%7CTWFpbGZsb3
> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
> %3D%7C0%7C%7C%7C&sdata=UZgE9MXqAqCwqVnWty67YLh8QnIwpuq%2
> F7%2BQeDLQhF8I%3D&reserved=0  |
> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Understood.

Regards,
Kshitiz


More information about the Linuxppc-dev mailing list