MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-01-27 12:35:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

keys-trusted: new cmd line option added

Browse Source 
Changes done:
- new cmd line option "hw" needs to be suffix, to generate the
  hw bound key.
  for ex:
   $:> keyctl add trusted <KEYNAME> 'new 32 hw' @s
   $:> keyctl add trusted <KEYNAME> 'load $(cat <KEY_BLOB_FILE_NAME>) hw' @s
- Key-payload, is added with two more information element specific to HBK
  -- flag 'is_hw_bound'
  -- structure 'struct hw_bound_key_info hbk_info'

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed by: Kshitiz Varshney <Kshitiz.varshney@nxp.com>
This commit is contained in:
Pankaj Gupta 2022-06-21 15:13:24 +05:30 committed by Dong Aisheng
parent 7f24e0c8de
commit d8c5de8074
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/keys/trusted-type.h
View File

@ -7,6 +7,7 @@
#ifndef _KEYS_TRUSTED_TYPE_H
#define _KEYS_TRUSTED_TYPE_H
#include <linux/hw_bound_key.h>
#include <linux/key.h>
#include <linux/rcupdate.h>
#include <linux/tpm.h>
@ -22,6 +23,7 @@
#define MAX_BLOB_SIZE 512
#define MAX_PCRINFO_SIZE 64
#define MAX_DIGEST_SIZE 64
#define HW_BOUND_KEY 1
struct trusted_key_payload {
struct rcu_head rcu;
@ -29,6 +31,8 @@ struct trusted_key_payload {
unsigned int blob_len;
unsigned char migratable;
unsigned char old_format;
unsigned char is_hw_bound;
struct hw_bound_key_info hbk_info;
unsigned char key[MAX_KEY_SIZE + 1];
unsigned char blob[MAX_BLOB_SIZE];
};

16
security/keys/trusted-keys/trusted_core.c
View File

@ -78,6 +78,8 @@ static int datablob_parse(char **datablob, struct trusted_key_payload *p)
int key_cmd;
char *c;
p->is_hw_bound = !HW_BOUND_KEY;
/* main command */
c = strsep(datablob, " \t");
if (!c)
@ -93,6 +95,13 @@ static int datablob_parse(char **datablob, struct trusted_key_payload *p)
if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE)
return -EINVAL;
p->key_len = keylen;
do {
/* Second argument onwards,
* determine if tied to HW */
c = strsep(datablob, " \t");
if ((c != NULL) && (strcmp(c, "hw") == 0))
p->is_hw_bound = HW_BOUND_KEY;
} while (c != NULL);
ret = Opt_new;
break;
case Opt_load:
@ -106,6 +115,13 @@ static int datablob_parse(char **datablob, struct trusted_key_payload *p)
ret = hex2bin(p->blob, c, p->blob_len);
if (ret < 0)
return -EINVAL;
do {
/* Second argument onwards,
* determine if tied to HW */
c = strsep(datablob, " \t");
if ((c != NULL) && (strcmp(c, "hw") == 0))
p->is_hw_bound = HW_BOUND_KEY;
} while (c != NULL);
ret = Opt_load;
break;
case Opt_update: