diff options
| author | Yael Tzur <yaelt@google.com> | 2022-02-15 15:19:53 +0100 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2022-02-22 01:47:45 +0100 |
| commit | cd3bc044af483422cc81a93f23c78c20c978b17c (patch) | |
| tree | 62b081ee07f758e6395d04416c874cd4c5fd9fab /drivers/i3c | |
| parent | ima: define ima_max_digest_data struct without a flexible array variable (diff) | |
| download | linux-cd3bc044af483422cc81a93f23c78c20c978b17c.tar.xz linux-cd3bc044af483422cc81a93f23c78c20c978b17c.zip | |
KEYS: encrypted: Instantiate key with user-provided decrypted data
For availability and performance reasons master keys often need to be
released outside of a Key Management Service (KMS) to clients. It
would be beneficial to provide a mechanism where the
wrapping/unwrapping of data encryption keys (DEKs) is not dependent
on a remote call at runtime yet security is not (or only minimally)
compromised. Master keys could be securely stored in the Kernel and
be used to wrap/unwrap keys from Userspace.
The encrypted.c class supports instantiation of encrypted keys with
either an already-encrypted key material, or by generating new key
material based on random numbers. This patch defines a new datablob
format: [<format>] <master-key name> <decrypted data length>
<decrypted data> that allows to inject and encrypt user-provided
decrypted data. The decrypted data must be hex-ascii encoded.
Signed-off-by: Yael Tzur <yaelt@google.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'drivers/i3c')
0 files changed, 0 insertions, 0 deletions