diff options
author | Iuliana Prodan <iuliana.prodan@nxp.com> | 2020-07-30 14:19:24 +0300 |
---|---|---|
committer | Iuliana Prodan <iuliana.prodan@nxp.com> | 2020-08-13 18:16:06 +0300 |
commit | 84287c5d3b804d50399fd2cb29be6133d13d5d32 (patch) | |
tree | 6979260eb7632eab2ecc9b71217f009e46b2b9a2 /Documentation/ioctl | |
parent | 04cab5a13d93d33a2e3a469235c9019eeaab5ad7 (diff) |
MLK-24420-2 crypto: caam - add support for black keys and blobs
CAAM's Black Key mechanism is intended for protection
of user keys against bus snooping. This automatically
encapsulates and decapsulates cryptographic keys ''on-the-fly''
in an encrypted data structure called a Black Key.
Before a value is copied from a Key Register to memory,
CAAM will automatically encrypt the key as a Black Key
(encrypted key) using the current value in the JDKEKR or
TDKEKR as the encryption key.
CAAM's built-in Blob Protocol provides a method for protecting
user-defined data across system power cycles. CAAM protects data
in a data structure called a Blob, which provides both confidentiality
and integrity protection. The data to be protected is encrypted so that
it can be safely placed into non-volatile storage before the SoC is
powered down.
This patch includes the support to generate a black key from random or
from a plaintext. Also one can encapsulate it into a blob or decapsulate
a black key from a blob.
The key and blob generation descriptors are exported into a separate file,
such that they could be shared with other interfaces (qi, qi2).
This feature has support only for black keys, encapsulated in
black blobs in General Memory.
In caamkeyblob_test.c file is a test that validates the above
operations: create a black key from plaintext or from random,
encapsulate and decapsulate a blob and compare the obtained black key.
This test is configured as a kernel module.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Diffstat (limited to 'Documentation/ioctl')
0 files changed, 0 insertions, 0 deletions