<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="/rss.xsl.xml"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
    <title>Changes in Makefile</title>
    <description></description>
    <language>en</language>
    <copyright>Copyright 2015</copyright>
    <generator>Java</generator><item>
        <title>2e8a0f40 - KEYS: trusted: Introduce NXP DCP-backed trusted keys</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/keys/trusted-keys/Makefile#2e8a0f40</link>
        <description>KEYS: trusted: Introduce NXP DCP-backed trusted keysDCP (Data Co-Processor) is the little brother of NXP&apos;s CAAM IP.Beside of accelerated crypto operations, it also offers support forhardware-bound keys. Using this feature it is possible to implement a blobmechanism similar to what CAAM offers. Unlike on CAAM, constructing andparsing the blob has to happen in software (i.e. the kernel).The software-based blob format used by DCP trusted keys encryptsthe payload using AES-128-GCM with a freshly generated random key and nonce.The random key itself is AES-128-ECB encrypted using the DCP uniqueor OTP key.The DCP trusted key blob format is:/* * struct dcp_blob_fmt - DCP BLOB format. * * @fmt_version: Format version, currently being %1 * @blob_key: Random AES 128 key which is used to encrypt @payload, *            @blob_key itself is encrypted with OTP or UNIQUE device key in *            AES-128-ECB mode by DCP. * @nonce: Random nonce used for @payload encryption. * @payload_len: Length of the plain text @payload. * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key, *           GCM auth tag of size AES_BLOCK_SIZE is attached at the end of it. * * The total size of a DCP BLOB is sizeof(struct dcp_blob_fmt) + @payload_len + * AES_BLOCK_SIZE. */struct dcp_blob_fmt {	__u8 fmt_version;	__u8 blob_key[AES_KEYSIZE_128];	__u8 nonce[AES_KEYSIZE_128];	__le32 payload_len;	__u8 payload[];} __packed;By default the unique key is used. It is also possible to use theOTP key. While the unique key should be unique it is not documented howthis key is derived. Therefore selection the OTP key is supported aswell via the use_otp_key module parameter.Co-developed-by: Richard Weinberger &lt;richard@nod.at&gt;Signed-off-by: Richard Weinberger &lt;richard@nod.at&gt;Co-developed-by: David Oberhollenzer &lt;david.oberhollenzer@sigma-star.at&gt;Signed-off-by: David Oberhollenzer &lt;david.oberhollenzer@sigma-star.at&gt;Signed-off-by: David Gstir &lt;david@sigma-star.at&gt;Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;

            List of files:
            /linux-6.15/security/keys/trusted-keys/Makefile</description>
        <pubDate>Wed, 03 Apr 2024 07:21:19 +0000</pubDate>
        <dc:creator>David Gstir &lt;david@sigma-star.at&gt;</dc:creator>
    </item>
<item>
        <title>e9c5048c - KEYS: trusted: Introduce support for NXP CAAM-based trusted keys</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/keys/trusted-keys/Makefile#e9c5048c</link>
        <description>KEYS: trusted: Introduce support for NXP CAAM-based trusted keysThe Cryptographic Acceleration and Assurance Module (CAAM) is an IP corebuilt into many newer i.MX and QorIQ SoCs by NXP.The CAAM does crypto acceleration, hardware number generation andhas a blob mechanism for encapsulation/decapsulation of sensitive material.This blob mechanism depends on a device specific random 256-bit One TimeProgrammable Master Key that is fused in each SoC at manufacturingtime. This key is unreadable and can only be used by the CAAM for AESencryption/decryption of user data.This makes it a suitable backend (source) for kernel trusted keys.Previous commits generalized trusted keys to support multiple backendsand added an API to access the CAAM blob mechanism. Based on these,provide the necessary glue to use the CAAM for trusted keys.Reviewed-by: David Gstir &lt;david@sigma-star.at&gt;Reviewed-by: Pankaj Gupta &lt;pankaj.gupta@nxp.com&gt;Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;Tested-by: Tim Harvey &lt;tharvey@gateworks.com&gt;Tested-by: Matthias Schiffer &lt;matthias.schiffer@ew.tq-group.com&gt;Tested-by: Pankaj Gupta &lt;pankaj.gupta@nxp.com&gt;Tested-by: Michael Walle &lt;michael@walle.cc&gt; # on ls1028a (non-E and E)Tested-by: John Ernberg &lt;john.ernberg@actia.se&gt; # iMX8QXPSigned-off-by: Ahmad Fatoum &lt;a.fatoum@pengutronix.de&gt;Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;

            List of files:
            /linux-6.15/security/keys/trusted-keys/Makefile</description>
        <pubDate>Fri, 13 May 2022 14:57:03 +0000</pubDate>
        <dc:creator>Ahmad Fatoum &lt;a.fatoum@pengutronix.de&gt;</dc:creator>
    </item>
<item>
        <title>be07858f - KEYS: trusted: allow use of TEE as backend without TCG_TPM support</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/keys/trusted-keys/Makefile#be07858f</link>
        <description>KEYS: trusted: allow use of TEE as backend without TCG_TPM supportWith recent rework, trusted keys are no longer limited to TPM as trustsource. The Kconfig symbol is unchanged however leading to a few issues:  - TCG_TPM is required, even if only TEE is to be used  - Enabling TCG_TPM, but excluding it from available trusted sources    is not possible  - TEE=m &amp;&amp; TRUSTED_KEYS=y will lead to TEE support being silently    dropped, which is not the best user experienceRemedy these issues by introducing two new boolean Kconfig symbols:TRUSTED_KEYS_TPM and TRUSTED_KEYS_TEE with the appropriatedependencies.Any new code depending on the TPM trusted key backend in particularor symbols exported by it will now need to explicitly state that it  depends on TRUSTED_KEYS &amp;&amp; TRUSTED_KEYS_TPMThe latter to ensure the dependency is built and the former to ensureit&apos;s reachable for module builds. There are no such users yet.Reviewed-by: Sumit Garg &lt;sumit.garg@linaro.org&gt;Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;Reviewed-by: Pankaj Gupta &lt;pankaj.gupta@nxp.com&gt;Tested-by: Pankaj Gupta &lt;pankaj.gupta@nxp.com&gt;Tested-by: Andreas Rammhold &lt;andreas@rammhold.de&gt;Tested-by: Tim Harvey &lt;tharvey@gateworks.com&gt;Tested-by: Michael Walle &lt;michael@walle.cc&gt; # on ls1028a (non-E and E)Tested-by: John Ernberg &lt;john.ernberg@actia.se&gt; # iMX8QXPSigned-off-by: Ahmad Fatoum &lt;a.fatoum@pengutronix.de&gt;Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;

            List of files:
            /linux-6.15/security/keys/trusted-keys/Makefile</description>
        <pubDate>Fri, 13 May 2022 14:56:59 +0000</pubDate>
        <dc:creator>Ahmad Fatoum &lt;a.fatoum@pengutronix.de&gt;</dc:creator>
    </item>
<item>
        <title>0a95ebc9 - KEYS: trusted: Introduce TEE based Trusted Keys</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/keys/trusted-keys/Makefile#0a95ebc9</link>
        <description>KEYS: trusted: Introduce TEE based Trusted KeysAdd support for TEE based trusted keys where TEE provides the functionalityto seal and unseal trusted keys using hardware unique key.Refer to Documentation/staging/tee.rst for detailed information about TEE.Signed-off-by: Sumit Garg &lt;sumit.garg@linaro.org&gt;Tested-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;

            List of files:
            /linux-6.15/security/keys/trusted-keys/Makefile</description>
        <pubDate>Mon, 01 Mar 2021 13:11:25 +0000</pubDate>
        <dc:creator>Sumit Garg &lt;sumit.garg@linaro.org&gt;</dc:creator>
    </item>
<item>
        <title>5d0682be - KEYS: trusted: Add generic trusted keys framework</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/keys/trusted-keys/Makefile#5d0682be</link>
        <description>KEYS: trusted: Add generic trusted keys frameworkCurrent trusted keys framework is tightly coupled to use TPM device asan underlying implementation which makes it difficult for implementationslike Trusted Execution Environment (TEE) etc. to provide trusted keyssupport in case platform doesn&apos;t posses a TPM device.Add a generic trusted keys framework where underlying implementationscan be easily plugged in. Create struct trusted_key_ops to achieve this,which contains necessary functions of a backend.Also, define a module parameter in order to select a particular trustsource in case a platform support multiple trust sources. In case itsnot specified then implementation itetrates through trust sources liststarting with TPM and assign the first trust source as a backend whichhas initiazed successfully during iteration.Note that current implementation only supports a single trust source atruntime which is either selectable at compile time or during boot viaaforementioned module parameter.Suggested-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;Signed-off-by: Sumit Garg &lt;sumit.garg@linaro.org&gt;Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;

            List of files:
            /linux-6.15/security/keys/trusted-keys/Makefile</description>
        <pubDate>Mon, 01 Mar 2021 13:11:24 +0000</pubDate>
        <dc:creator>Sumit Garg &lt;sumit.garg@linaro.org&gt;</dc:creator>
    </item>
<item>
        <title>f2219745 - security: keys: trusted: use ASN.1 TPM2 key format for the blobs</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/keys/trusted-keys/Makefile#f2219745</link>
        <description>security: keys: trusted: use ASN.1 TPM2 key format for the blobsModify the TPM2 key format blob output to export and import in theASN.1 form for TPM2 sealed object keys.  For compatibility with priortrusted keys, the importer will also accept two TPM2B quantitiesrepresenting the public and private parts of the key.  However, theexport via keyctl pipe will only output the ASN.1 format.The benefit of the ASN.1 format is that it&apos;s a standard and thus theexported key can be used by userspace tools (openssl_tpm2_engine,openconnect and tpm2-tss-engine).  The format includes policyspecifications, thus it gets us out of having to construct policyhandles in userspace and the format includes the parent meaning youdon&apos;t have to keep passing it in each time.This patch only implements basic handling for the ASN.1 format, sokeys with passwords but no policy.Signed-off-by: James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;Tested-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;

            List of files:
            /linux-6.15/security/keys/trusted-keys/Makefile</description>
        <pubDate>Wed, 27 Jan 2021 19:06:16 +0000</pubDate>
        <dc:creator>James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;</dc:creator>
    </item>
<item>
        <title>2e19e101 - KEYS: trusted: Move TPM2 trusted keys code</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/keys/trusted-keys/Makefile#2e19e101</link>
        <description>KEYS: trusted: Move TPM2 trusted keys codeMove TPM2 trusted keys code to trusted keys subsystem. The reasonbeing it&apos;s better to consolidate all the trusted keys code to a singlelocation so that it can be maintained sanely.Also, utilize existing tpm_send() exported API which wraps the internaltpm_transmit_cmd() API.Suggested-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;Signed-off-by: Sumit Garg &lt;sumit.garg@linaro.org&gt;Reviewed-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;Tested-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;Signed-off-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;

            List of files:
            /linux-6.15/security/keys/trusted-keys/Makefile</description>
        <pubDate>Wed, 16 Oct 2019 05:14:55 +0000</pubDate>
        <dc:creator>Sumit Garg &lt;sumit.garg@linaro.org&gt;</dc:creator>
    </item>
<item>
        <title>47f9c279 - KEYS: trusted: Create trusted keys subsystem</title>
        <link>http://172.16.0.5:8080/history/linux-6.15/security/keys/trusted-keys/Makefile#47f9c279</link>
        <description>KEYS: trusted: Create trusted keys subsystemMove existing code to trusted keys subsystem. Also, rename files with&quot;tpm&quot; as suffix which provides the underlying implementation.Suggested-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;Signed-off-by: Sumit Garg &lt;sumit.garg@linaro.org&gt;Reviewed-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;Tested-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;Signed-off-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;

            List of files:
            /linux-6.15/security/keys/trusted-keys/Makefile</description>
        <pubDate>Wed, 16 Oct 2019 05:14:54 +0000</pubDate>
        <dc:creator>Sumit Garg &lt;sumit.garg@linaro.org&gt;</dc:creator>
    </item>
</channel>
</rss>
